]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
core: split out selinux label retrieval logic into a function of its own
[thirdparty/systemd.git] / src / core / socket.c
1 /***
2 This file is part of systemd.
3
4 Copyright 2010 Lennart Poettering
5
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
10
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
15
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
18 ***/
19
20 #include <arpa/inet.h>
21 #include <errno.h>
22 #include <fcntl.h>
23 #include <mqueue.h>
24 #include <netinet/tcp.h>
25 #include <signal.h>
26 #include <sys/epoll.h>
27 #include <sys/stat.h>
28 #include <unistd.h>
29 #include <linux/sctp.h>
30
31 #include "sd-event.h"
32 #include "alloc-util.h"
33 #include "bus-error.h"
34 #include "bus-util.h"
35 #include "copy.h"
36 #include "dbus-socket.h"
37 #include "def.h"
38 #include "exit-status.h"
39 #include "fd-util.h"
40 #include "formats-util.h"
41 #include "label.h"
42 #include "log.h"
43 #include "missing.h"
44 #include "mkdir.h"
45 #include "parse-util.h"
46 #include "path-util.h"
47 #include "process-util.h"
48 #include "selinux-util.h"
49 #include "signal-util.h"
50 #include "smack-util.h"
51 #include "socket.h"
52 #include "special.h"
53 #include "string-table.h"
54 #include "string-util.h"
55 #include "strv.h"
56 #include "unit-name.h"
57 #include "unit-printf.h"
58 #include "unit.h"
59 #include "user-util.h"
60
61 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
62 [SOCKET_DEAD] = UNIT_INACTIVE,
63 [SOCKET_START_PRE] = UNIT_ACTIVATING,
64 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
65 [SOCKET_START_POST] = UNIT_ACTIVATING,
66 [SOCKET_LISTENING] = UNIT_ACTIVE,
67 [SOCKET_RUNNING] = UNIT_ACTIVE,
68 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
69 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
70 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
71 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
72 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
73 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
74 [SOCKET_FAILED] = UNIT_FAILED
75 };
76
77 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
78 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
79
80 static void socket_init(Unit *u) {
81 Socket *s = SOCKET(u);
82
83 assert(u);
84 assert(u->load_state == UNIT_STUB);
85
86 s->backlog = SOMAXCONN;
87 s->timeout_usec = u->manager->default_timeout_start_usec;
88 s->directory_mode = 0755;
89 s->socket_mode = 0666;
90
91 s->max_connections = 64;
92
93 s->priority = -1;
94 s->ip_tos = -1;
95 s->ip_ttl = -1;
96 s->mark = -1;
97
98 s->exec_context.std_output = u->manager->default_std_output;
99 s->exec_context.std_error = u->manager->default_std_error;
100
101 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
102
103 s->trigger_limit.interval = USEC_INFINITY;
104 s->trigger_limit.burst = (unsigned) -1;
105 }
106
107 static void socket_unwatch_control_pid(Socket *s) {
108 assert(s);
109
110 if (s->control_pid <= 0)
111 return;
112
113 unit_unwatch_pid(UNIT(s), s->control_pid);
114 s->control_pid = 0;
115 }
116
117 static void socket_cleanup_fd_list(SocketPort *p) {
118 assert(p);
119
120 close_many(p->auxiliary_fds, p->n_auxiliary_fds);
121 p->auxiliary_fds = mfree(p->auxiliary_fds);
122 p->n_auxiliary_fds = 0;
123 }
124
125 void socket_free_ports(Socket *s) {
126 SocketPort *p;
127
128 assert(s);
129
130 while ((p = s->ports)) {
131 LIST_REMOVE(port, s->ports, p);
132
133 sd_event_source_unref(p->event_source);
134
135 socket_cleanup_fd_list(p);
136 safe_close(p->fd);
137 free(p->path);
138 free(p);
139 }
140 }
141
142 static void socket_done(Unit *u) {
143 Socket *s = SOCKET(u);
144
145 assert(s);
146
147 socket_free_ports(s);
148
149 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
150 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
151 s->control_command = NULL;
152
153 socket_unwatch_control_pid(s);
154
155 unit_ref_unset(&s->service);
156
157 s->tcp_congestion = mfree(s->tcp_congestion);
158 s->bind_to_device = mfree(s->bind_to_device);
159
160 s->smack = mfree(s->smack);
161 s->smack_ip_in = mfree(s->smack_ip_in);
162 s->smack_ip_out = mfree(s->smack_ip_out);
163
164 strv_free(s->symlinks);
165
166 s->user = mfree(s->user);
167 s->group = mfree(s->group);
168
169 s->fdname = mfree(s->fdname);
170
171 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
172 }
173
174 static int socket_arm_timer(Socket *s, usec_t usec) {
175 int r;
176
177 assert(s);
178
179 if (s->timer_event_source) {
180 r = sd_event_source_set_time(s->timer_event_source, usec);
181 if (r < 0)
182 return r;
183
184 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
185 }
186
187 if (usec == USEC_INFINITY)
188 return 0;
189
190 r = sd_event_add_time(
191 UNIT(s)->manager->event,
192 &s->timer_event_source,
193 CLOCK_MONOTONIC,
194 usec, 0,
195 socket_dispatch_timer, s);
196 if (r < 0)
197 return r;
198
199 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
200
201 return 0;
202 }
203
204 int socket_instantiate_service(Socket *s) {
205 _cleanup_free_ char *prefix = NULL, *name = NULL;
206 int r;
207 Unit *u;
208
209 assert(s);
210
211 /* This fills in s->service if it isn't filled in yet. For
212 * Accept=yes sockets we create the next connection service
213 * here. For Accept=no this is mostly a NOP since the service
214 * is figured out at load time anyway. */
215
216 if (UNIT_DEREF(s->service))
217 return 0;
218
219 if (!s->accept)
220 return 0;
221
222 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
223 if (r < 0)
224 return r;
225
226 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
227 return -ENOMEM;
228
229 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
230 if (r < 0)
231 return r;
232
233 unit_ref_set(&s->service, u);
234
235 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
236 }
237
238 static bool have_non_accept_socket(Socket *s) {
239 SocketPort *p;
240
241 assert(s);
242
243 if (!s->accept)
244 return true;
245
246 LIST_FOREACH(port, p, s->ports) {
247
248 if (p->type != SOCKET_SOCKET)
249 return true;
250
251 if (!socket_address_can_accept(&p->address))
252 return true;
253 }
254
255 return false;
256 }
257
258 static int socket_add_mount_links(Socket *s) {
259 SocketPort *p;
260 int r;
261
262 assert(s);
263
264 LIST_FOREACH(port, p, s->ports) {
265 const char *path = NULL;
266
267 if (p->type == SOCKET_SOCKET)
268 path = socket_address_get_path(&p->address);
269 else if (IN_SET(p->type, SOCKET_FIFO, SOCKET_SPECIAL, SOCKET_USB_FUNCTION))
270 path = p->path;
271
272 if (!path)
273 continue;
274
275 r = unit_require_mounts_for(UNIT(s), path);
276 if (r < 0)
277 return r;
278 }
279
280 return 0;
281 }
282
283 static int socket_add_device_link(Socket *s) {
284 char *t;
285
286 assert(s);
287
288 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
289 return 0;
290
291 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
292 return unit_add_node_link(UNIT(s), t, false, UNIT_BINDS_TO);
293 }
294
295 static int socket_add_default_dependencies(Socket *s) {
296 int r;
297 assert(s);
298
299 if (!UNIT(s)->default_dependencies)
300 return 0;
301
302 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
303 if (r < 0)
304 return r;
305
306 if (MANAGER_IS_SYSTEM(UNIT(s)->manager)) {
307 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
308 if (r < 0)
309 return r;
310 }
311
312 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
313 }
314
315 _pure_ static bool socket_has_exec(Socket *s) {
316 unsigned i;
317 assert(s);
318
319 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
320 if (s->exec_command[i])
321 return true;
322
323 return false;
324 }
325
326 static int socket_add_extras(Socket *s) {
327 Unit *u = UNIT(s);
328 int r;
329
330 assert(s);
331
332 /* Pick defaults for the trigger limit, if nothing was explicitly configured. We pick a relatively high limit
333 * in Accept=yes mode, and a lower limit for Accept=no. Reason: in Accept=yes mode we are invoking accept()
334 * ourselves before the trigger limit can hit, thus incoming connections are taken off the socket queue quickly
335 * and reliably. This is different for Accept=no, where the spawned service has to take the incoming traffic
336 * off the queues, which it might not necessarily do. Moreover, while Accept=no services are supposed to
337 * process whatever is queued in one go, and thus should normally never have to be started frequently. This is
338 * different for Accept=yes where each connection is processed by a new service instance, and thus frequent
339 * service starts are typical. */
340
341 if (s->trigger_limit.interval == USEC_INFINITY)
342 s->trigger_limit.interval = 2 * USEC_PER_SEC;
343
344 if (s->trigger_limit.burst == (unsigned) -1) {
345 if (s->accept)
346 s->trigger_limit.burst = 200;
347 else
348 s->trigger_limit.burst = 20;
349 }
350
351 if (have_non_accept_socket(s)) {
352
353 if (!UNIT_DEREF(s->service)) {
354 Unit *x;
355
356 r = unit_load_related_unit(u, ".service", &x);
357 if (r < 0)
358 return r;
359
360 unit_ref_set(&s->service, x);
361 }
362
363 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
364 if (r < 0)
365 return r;
366 }
367
368 r = socket_add_mount_links(s);
369 if (r < 0)
370 return r;
371
372 r = socket_add_device_link(s);
373 if (r < 0)
374 return r;
375
376 r = unit_patch_contexts(u);
377 if (r < 0)
378 return r;
379
380 if (socket_has_exec(s)) {
381 r = unit_add_exec_dependencies(u, &s->exec_context);
382 if (r < 0)
383 return r;
384
385 r = unit_set_default_slice(u);
386 if (r < 0)
387 return r;
388 }
389
390 r = socket_add_default_dependencies(s);
391 if (r < 0)
392 return r;
393
394 return 0;
395 }
396
397 static const char *socket_find_symlink_target(Socket *s) {
398 const char *found = NULL;
399 SocketPort *p;
400
401 LIST_FOREACH(port, p, s->ports) {
402 const char *f = NULL;
403
404 switch (p->type) {
405
406 case SOCKET_FIFO:
407 f = p->path;
408 break;
409
410 case SOCKET_SOCKET:
411 if (p->address.sockaddr.un.sun_path[0] != 0)
412 f = p->address.sockaddr.un.sun_path;
413 break;
414
415 default:
416 break;
417 }
418
419 if (f) {
420 if (found)
421 return NULL;
422
423 found = f;
424 }
425 }
426
427 return found;
428 }
429
430 static int socket_verify(Socket *s) {
431 assert(s);
432
433 if (UNIT(s)->load_state != UNIT_LOADED)
434 return 0;
435
436 if (!s->ports) {
437 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
438 return -EINVAL;
439 }
440
441 if (s->accept && have_non_accept_socket(s)) {
442 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
443 return -EINVAL;
444 }
445
446 if (s->accept && s->max_connections <= 0) {
447 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
448 return -EINVAL;
449 }
450
451 if (s->accept && UNIT_DEREF(s->service)) {
452 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
453 return -EINVAL;
454 }
455
456 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
457 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
458 return -EINVAL;
459 }
460
461 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
462 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
463 return -EINVAL;
464 }
465
466 return 0;
467 }
468
469 static int socket_load(Unit *u) {
470 Socket *s = SOCKET(u);
471 int r;
472
473 assert(u);
474 assert(u->load_state == UNIT_STUB);
475
476 r = unit_load_fragment_and_dropin(u);
477 if (r < 0)
478 return r;
479
480 if (u->load_state == UNIT_LOADED) {
481 /* This is a new unit? Then let's add in some extras */
482 r = socket_add_extras(s);
483 if (r < 0)
484 return r;
485 }
486
487 return socket_verify(s);
488 }
489
490 _const_ static const char* listen_lookup(int family, int type) {
491
492 if (family == AF_NETLINK)
493 return "ListenNetlink";
494
495 if (type == SOCK_STREAM)
496 return "ListenStream";
497 else if (type == SOCK_DGRAM)
498 return "ListenDatagram";
499 else if (type == SOCK_SEQPACKET)
500 return "ListenSequentialPacket";
501
502 assert_not_reached("Unknown socket type");
503 return NULL;
504 }
505
506 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
507 char time_string[FORMAT_TIMESPAN_MAX];
508 SocketExecCommand c;
509 Socket *s = SOCKET(u);
510 SocketPort *p;
511 const char *prefix2;
512
513 assert(s);
514 assert(f);
515
516 prefix = strempty(prefix);
517 prefix2 = strjoina(prefix, "\t");
518
519 fprintf(f,
520 "%sSocket State: %s\n"
521 "%sResult: %s\n"
522 "%sBindIPv6Only: %s\n"
523 "%sBacklog: %u\n"
524 "%sSocketMode: %04o\n"
525 "%sDirectoryMode: %04o\n"
526 "%sKeepAlive: %s\n"
527 "%sNoDelay: %s\n"
528 "%sFreeBind: %s\n"
529 "%sTransparent: %s\n"
530 "%sBroadcast: %s\n"
531 "%sPassCredentials: %s\n"
532 "%sPassSecurity: %s\n"
533 "%sTCPCongestion: %s\n"
534 "%sRemoveOnStop: %s\n"
535 "%sWritable: %s\n"
536 "%sFDName: %s\n"
537 "%sSELinuxContextFromNet: %s\n",
538 prefix, socket_state_to_string(s->state),
539 prefix, socket_result_to_string(s->result),
540 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
541 prefix, s->backlog,
542 prefix, s->socket_mode,
543 prefix, s->directory_mode,
544 prefix, yes_no(s->keep_alive),
545 prefix, yes_no(s->no_delay),
546 prefix, yes_no(s->free_bind),
547 prefix, yes_no(s->transparent),
548 prefix, yes_no(s->broadcast),
549 prefix, yes_no(s->pass_cred),
550 prefix, yes_no(s->pass_sec),
551 prefix, strna(s->tcp_congestion),
552 prefix, yes_no(s->remove_on_stop),
553 prefix, yes_no(s->writable),
554 prefix, socket_fdname(s),
555 prefix, yes_no(s->selinux_context_from_net));
556
557 if (s->control_pid > 0)
558 fprintf(f,
559 "%sControl PID: "PID_FMT"\n",
560 prefix, s->control_pid);
561
562 if (s->bind_to_device)
563 fprintf(f,
564 "%sBindToDevice: %s\n",
565 prefix, s->bind_to_device);
566
567 if (s->accept)
568 fprintf(f,
569 "%sAccepted: %u\n"
570 "%sNConnections: %u\n"
571 "%sMaxConnections: %u\n",
572 prefix, s->n_accepted,
573 prefix, s->n_connections,
574 prefix, s->max_connections);
575
576 if (s->priority >= 0)
577 fprintf(f,
578 "%sPriority: %i\n",
579 prefix, s->priority);
580
581 if (s->receive_buffer > 0)
582 fprintf(f,
583 "%sReceiveBuffer: %zu\n",
584 prefix, s->receive_buffer);
585
586 if (s->send_buffer > 0)
587 fprintf(f,
588 "%sSendBuffer: %zu\n",
589 prefix, s->send_buffer);
590
591 if (s->ip_tos >= 0)
592 fprintf(f,
593 "%sIPTOS: %i\n",
594 prefix, s->ip_tos);
595
596 if (s->ip_ttl >= 0)
597 fprintf(f,
598 "%sIPTTL: %i\n",
599 prefix, s->ip_ttl);
600
601 if (s->pipe_size > 0)
602 fprintf(f,
603 "%sPipeSize: %zu\n",
604 prefix, s->pipe_size);
605
606 if (s->mark >= 0)
607 fprintf(f,
608 "%sMark: %i\n",
609 prefix, s->mark);
610
611 if (s->mq_maxmsg > 0)
612 fprintf(f,
613 "%sMessageQueueMaxMessages: %li\n",
614 prefix, s->mq_maxmsg);
615
616 if (s->mq_msgsize > 0)
617 fprintf(f,
618 "%sMessageQueueMessageSize: %li\n",
619 prefix, s->mq_msgsize);
620
621 if (s->reuse_port)
622 fprintf(f,
623 "%sReusePort: %s\n",
624 prefix, yes_no(s->reuse_port));
625
626 if (s->smack)
627 fprintf(f,
628 "%sSmackLabel: %s\n",
629 prefix, s->smack);
630
631 if (s->smack_ip_in)
632 fprintf(f,
633 "%sSmackLabelIPIn: %s\n",
634 prefix, s->smack_ip_in);
635
636 if (s->smack_ip_out)
637 fprintf(f,
638 "%sSmackLabelIPOut: %s\n",
639 prefix, s->smack_ip_out);
640
641 if (!isempty(s->user) || !isempty(s->group))
642 fprintf(f,
643 "%sSocketUser: %s\n"
644 "%sSocketGroup: %s\n",
645 prefix, strna(s->user),
646 prefix, strna(s->group));
647
648 if (s->keep_alive_time > 0)
649 fprintf(f,
650 "%sKeepAliveTimeSec: %s\n",
651 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
652
653 if (s->keep_alive_interval)
654 fprintf(f,
655 "%sKeepAliveIntervalSec: %s\n",
656 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
657
658 if (s->keep_alive_cnt)
659 fprintf(f,
660 "%sKeepAliveProbes: %u\n",
661 prefix, s->keep_alive_cnt);
662
663 if (s->defer_accept)
664 fprintf(f,
665 "%sDeferAcceptSec: %s\n",
666 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
667
668 LIST_FOREACH(port, p, s->ports) {
669
670 if (p->type == SOCKET_SOCKET) {
671 const char *t;
672 int r;
673 char *k = NULL;
674
675 r = socket_address_print(&p->address, &k);
676 if (r < 0)
677 t = strerror(-r);
678 else
679 t = k;
680
681 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
682 free(k);
683 } else if (p->type == SOCKET_SPECIAL)
684 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
685 else if (p->type == SOCKET_USB_FUNCTION)
686 fprintf(f, "%sListenUSBFunction: %s\n", prefix, p->path);
687 else if (p->type == SOCKET_MQUEUE)
688 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
689 else
690 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
691 }
692
693 exec_context_dump(&s->exec_context, f, prefix);
694 kill_context_dump(&s->kill_context, f, prefix);
695
696 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
697 if (!s->exec_command[c])
698 continue;
699
700 fprintf(f, "%s-> %s:\n",
701 prefix, socket_exec_command_to_string(c));
702
703 exec_command_dump_list(s->exec_command[c], f, prefix2);
704 }
705 }
706
707 static int instance_from_socket(int fd, unsigned nr, char **instance) {
708 socklen_t l;
709 char *r;
710 union sockaddr_union local, remote;
711
712 assert(fd >= 0);
713 assert(instance);
714
715 l = sizeof(local);
716 if (getsockname(fd, &local.sa, &l) < 0)
717 return -errno;
718
719 l = sizeof(remote);
720 if (getpeername(fd, &remote.sa, &l) < 0)
721 return -errno;
722
723 switch (local.sa.sa_family) {
724
725 case AF_INET: {
726 uint32_t
727 a = ntohl(local.in.sin_addr.s_addr),
728 b = ntohl(remote.in.sin_addr.s_addr);
729
730 if (asprintf(&r,
731 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
732 nr,
733 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
734 ntohs(local.in.sin_port),
735 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
736 ntohs(remote.in.sin_port)) < 0)
737 return -ENOMEM;
738
739 break;
740 }
741
742 case AF_INET6: {
743 static const unsigned char ipv4_prefix[] = {
744 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
745 };
746
747 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
748 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
749 const uint8_t
750 *a = local.in6.sin6_addr.s6_addr+12,
751 *b = remote.in6.sin6_addr.s6_addr+12;
752
753 if (asprintf(&r,
754 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
755 nr,
756 a[0], a[1], a[2], a[3],
757 ntohs(local.in6.sin6_port),
758 b[0], b[1], b[2], b[3],
759 ntohs(remote.in6.sin6_port)) < 0)
760 return -ENOMEM;
761 } else {
762 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
763
764 if (asprintf(&r,
765 "%u-%s:%u-%s:%u",
766 nr,
767 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
768 ntohs(local.in6.sin6_port),
769 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
770 ntohs(remote.in6.sin6_port)) < 0)
771 return -ENOMEM;
772 }
773
774 break;
775 }
776
777 case AF_UNIX: {
778 struct ucred ucred;
779 int k;
780
781 k = getpeercred(fd, &ucred);
782 if (k >= 0) {
783 if (asprintf(&r,
784 "%u-"PID_FMT"-"UID_FMT,
785 nr, ucred.pid, ucred.uid) < 0)
786 return -ENOMEM;
787 } else if (k == -ENODATA) {
788 /* This handles the case where somebody is
789 * connecting from another pid/uid namespace
790 * (e.g. from outside of our container). */
791 if (asprintf(&r,
792 "%u-unknown",
793 nr) < 0)
794 return -ENOMEM;
795 } else
796 return k;
797
798 break;
799 }
800
801 default:
802 assert_not_reached("Unhandled socket type.");
803 }
804
805 *instance = r;
806 return 0;
807 }
808
809 static void socket_close_fds(Socket *s) {
810 SocketPort *p;
811 char **i;
812
813 assert(s);
814
815 LIST_FOREACH(port, p, s->ports) {
816 bool was_open;
817
818 was_open = p->fd >= 0;
819
820 p->event_source = sd_event_source_unref(p->event_source);
821 p->fd = safe_close(p->fd);
822 socket_cleanup_fd_list(p);
823
824 /* One little note: we should normally not delete any sockets in the file system here! After all some
825 * other process we spawned might still have a reference of this fd and wants to continue to use
826 * it. Therefore we normally delete sockets in the file system before we create a new one, not after we
827 * stopped using one! That all said, if the user explicitly requested this, we'll delete them here
828 * anyway, but only then. */
829
830 if (!was_open || !s->remove_on_stop)
831 continue;
832
833 switch (p->type) {
834
835 case SOCKET_FIFO:
836 (void) unlink(p->path);
837 break;
838
839 case SOCKET_MQUEUE:
840 (void) mq_unlink(p->path);
841 break;
842
843 case SOCKET_SOCKET:
844 (void) socket_address_unlink(&p->address);
845 break;
846
847 default:
848 break;
849 }
850 }
851
852 if (s->remove_on_stop)
853 STRV_FOREACH(i, s->symlinks)
854 (void) unlink(*i);
855 }
856
857 static void socket_apply_socket_options(Socket *s, int fd) {
858 int r;
859
860 assert(s);
861 assert(fd >= 0);
862
863 if (s->keep_alive) {
864 int b = s->keep_alive;
865 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
866 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
867 }
868
869 if (s->keep_alive_time) {
870 int value = s->keep_alive_time / USEC_PER_SEC;
871 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
872 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
873 }
874
875 if (s->keep_alive_interval) {
876 int value = s->keep_alive_interval / USEC_PER_SEC;
877 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
878 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
879 }
880
881 if (s->keep_alive_cnt) {
882 int value = s->keep_alive_cnt;
883 if (setsockopt(fd, SOL_TCP, TCP_KEEPCNT, &value, sizeof(value)) < 0)
884 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
885 }
886
887 if (s->defer_accept) {
888 int value = s->defer_accept / USEC_PER_SEC;
889 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
890 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
891 }
892
893 if (s->no_delay) {
894 int b = s->no_delay;
895
896 if (s->socket_protocol == IPPROTO_SCTP) {
897 if (setsockopt(fd, SOL_SCTP, SCTP_NODELAY, &b, sizeof(b)) < 0)
898 log_unit_warning_errno(UNIT(s), errno, "SCTP_NODELAY failed: %m");
899 } else {
900 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
901 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
902 }
903 }
904
905 if (s->broadcast) {
906 int one = 1;
907 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
908 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
909 }
910
911 if (s->pass_cred) {
912 int one = 1;
913 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
914 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
915 }
916
917 if (s->pass_sec) {
918 int one = 1;
919 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
920 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
921 }
922
923 if (s->priority >= 0)
924 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
925 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
926
927 if (s->receive_buffer > 0) {
928 int value = (int) s->receive_buffer;
929
930 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
931
932 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
933 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
934 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
935 }
936
937 if (s->send_buffer > 0) {
938 int value = (int) s->send_buffer;
939 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
940 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
941 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
942 }
943
944 if (s->mark >= 0)
945 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
946 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
947
948 if (s->ip_tos >= 0)
949 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
950 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
951
952 if (s->ip_ttl >= 0) {
953 int x;
954
955 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
956
957 if (socket_ipv6_is_supported())
958 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
959 else {
960 x = -1;
961 errno = EAFNOSUPPORT;
962 }
963
964 if (r < 0 && x < 0)
965 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
966 }
967
968 if (s->tcp_congestion)
969 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
970 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
971
972 if (s->smack_ip_in) {
973 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
974 if (r < 0)
975 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
976 }
977
978 if (s->smack_ip_out) {
979 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
980 if (r < 0)
981 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
982 }
983 }
984
985 static void socket_apply_fifo_options(Socket *s, int fd) {
986 int r;
987
988 assert(s);
989 assert(fd >= 0);
990
991 if (s->pipe_size > 0)
992 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
993 log_unit_warning_errno(UNIT(s), errno, "Setting pipe size failed, ignoring: %m");
994
995 if (s->smack) {
996 r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
997 if (r < 0)
998 log_unit_error_errno(UNIT(s), r, "SMACK relabelling failed, ignoring: %m");
999 }
1000 }
1001
1002 static int fifo_address_create(
1003 const char *path,
1004 mode_t directory_mode,
1005 mode_t socket_mode) {
1006
1007 _cleanup_close_ int fd = -1;
1008 mode_t old_mask;
1009 struct stat st;
1010 int r;
1011
1012 assert(path);
1013
1014 mkdir_parents_label(path, directory_mode);
1015
1016 r = mac_selinux_create_file_prepare(path, S_IFIFO);
1017 if (r < 0)
1018 return r;
1019
1020 /* Enforce the right access mode for the fifo */
1021 old_mask = umask(~ socket_mode);
1022
1023 /* Include the original umask in our mask */
1024 (void) umask(~socket_mode | old_mask);
1025
1026 r = mkfifo(path, socket_mode);
1027 (void) umask(old_mask);
1028
1029 if (r < 0 && errno != EEXIST) {
1030 r = -errno;
1031 goto fail;
1032 }
1033
1034 fd = open(path, O_RDWR | O_CLOEXEC | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
1035 if (fd < 0) {
1036 r = -errno;
1037 goto fail;
1038 }
1039
1040 mac_selinux_create_file_clear();
1041
1042 if (fstat(fd, &st) < 0) {
1043 r = -errno;
1044 goto fail;
1045 }
1046
1047 if (!S_ISFIFO(st.st_mode) ||
1048 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1049 st.st_uid != getuid() ||
1050 st.st_gid != getgid()) {
1051 r = -EEXIST;
1052 goto fail;
1053 }
1054
1055 r = fd;
1056 fd = -1;
1057
1058 return r;
1059
1060 fail:
1061 mac_selinux_create_file_clear();
1062 return r;
1063 }
1064
1065 static int special_address_create(const char *path, bool writable) {
1066 _cleanup_close_ int fd = -1;
1067 struct stat st;
1068 int r;
1069
1070 assert(path);
1071
1072 fd = open(path, (writable ? O_RDWR : O_RDONLY)|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1073 if (fd < 0)
1074 return -errno;
1075
1076 if (fstat(fd, &st) < 0)
1077 return -errno;
1078
1079 /* Check whether this is a /proc, /sys or /dev file or char device */
1080 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode))
1081 return -EEXIST;
1082
1083 r = fd;
1084 fd = -1;
1085
1086 return r;
1087 }
1088
1089 static int usbffs_address_create(const char *path) {
1090 _cleanup_close_ int fd = -1;
1091 struct stat st;
1092 int r;
1093
1094 assert(path);
1095
1096 fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1097 if (fd < 0)
1098 return -errno;
1099
1100 if (fstat(fd, &st) < 0)
1101 return -errno;
1102
1103 /* Check whether this is a regular file (ffs endpoint)*/
1104 if (!S_ISREG(st.st_mode))
1105 return -EEXIST;
1106
1107 r = fd;
1108 fd = -1;
1109
1110 return r;
1111 }
1112
1113 static int mq_address_create(
1114 const char *path,
1115 mode_t mq_mode,
1116 long maxmsg,
1117 long msgsize) {
1118
1119 _cleanup_close_ int fd = -1;
1120 struct stat st;
1121 mode_t old_mask;
1122 struct mq_attr _attr, *attr = NULL;
1123 int r;
1124
1125 assert(path);
1126
1127 if (maxmsg > 0 && msgsize > 0) {
1128 _attr = (struct mq_attr) {
1129 .mq_flags = O_NONBLOCK,
1130 .mq_maxmsg = maxmsg,
1131 .mq_msgsize = msgsize,
1132 };
1133 attr = &_attr;
1134 }
1135
1136 /* Enforce the right access mode for the mq */
1137 old_mask = umask(~ mq_mode);
1138
1139 /* Include the original umask in our mask */
1140 (void) umask(~mq_mode | old_mask);
1141 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1142 (void) umask(old_mask);
1143
1144 if (fd < 0)
1145 return -errno;
1146
1147 if (fstat(fd, &st) < 0)
1148 return -errno;
1149
1150 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1151 st.st_uid != getuid() ||
1152 st.st_gid != getgid())
1153 return -EEXIST;
1154
1155 r = fd;
1156 fd = -1;
1157
1158 return r;
1159 }
1160
1161 static int socket_symlink(Socket *s) {
1162 const char *p;
1163 char **i;
1164
1165 assert(s);
1166
1167 p = socket_find_symlink_target(s);
1168 if (!p)
1169 return 0;
1170
1171 STRV_FOREACH(i, s->symlinks)
1172 symlink_label(p, *i);
1173
1174 return 0;
1175 }
1176
1177 static int usbffs_write_descs(int fd, Service *s) {
1178 int r;
1179
1180 if (!s->usb_function_descriptors || !s->usb_function_strings)
1181 return -EINVAL;
1182
1183 r = copy_file_fd(s->usb_function_descriptors, fd, false);
1184 if (r < 0)
1185 return r;
1186
1187 return copy_file_fd(s->usb_function_strings, fd, false);
1188 }
1189
1190 static int usbffs_select_ep(const struct dirent *d) {
1191 return d->d_name[0] != '.' && !streq(d->d_name, "ep0");
1192 }
1193
1194 static int usbffs_dispatch_eps(SocketPort *p) {
1195 _cleanup_free_ struct dirent **ent = NULL;
1196 _cleanup_free_ char *path = NULL;
1197 int r, i, n, k;
1198
1199 path = dirname_malloc(p->path);
1200 if (!path)
1201 return -ENOMEM;
1202
1203 r = scandir(path, &ent, usbffs_select_ep, alphasort);
1204 if (r < 0)
1205 return -errno;
1206
1207 n = r;
1208 p->auxiliary_fds = new(int, n);
1209 if (!p->auxiliary_fds)
1210 return -ENOMEM;
1211
1212 p->n_auxiliary_fds = n;
1213
1214 k = 0;
1215 for (i = 0; i < n; ++i) {
1216 _cleanup_free_ char *ep = NULL;
1217
1218 ep = path_make_absolute(ent[i]->d_name, path);
1219 if (!ep)
1220 return -ENOMEM;
1221
1222 path_kill_slashes(ep);
1223
1224 r = usbffs_address_create(ep);
1225 if (r < 0)
1226 goto fail;
1227
1228 p->auxiliary_fds[k] = r;
1229
1230 ++k;
1231 free(ent[i]);
1232 }
1233
1234 return r;
1235
1236 fail:
1237 close_many(p->auxiliary_fds, k);
1238 p->auxiliary_fds = mfree(p->auxiliary_fds);
1239 p->n_auxiliary_fds = 0;
1240
1241 return r;
1242 }
1243
1244 static int socket_determine_selinux_label(Socket *s, char **ret) {
1245 ExecCommand *c;
1246 int r;
1247
1248 assert(s);
1249 assert(ret);
1250
1251 if (s->selinux_context_from_net) {
1252 /* If this is requested, get label from the network label */
1253
1254 r = mac_selinux_get_our_label(ret);
1255 if (r == -EOPNOTSUPP)
1256 goto no_label;
1257
1258 } else {
1259 /* Otherwise, get it from the executable we are about to start */
1260 r = socket_instantiate_service(s);
1261 if (r < 0)
1262 return r;
1263
1264 if (!UNIT_ISSET(s->service))
1265 goto no_label;
1266
1267 c = SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START];
1268 if (!c)
1269 goto no_label;
1270
1271 r = mac_selinux_get_create_label_from_exe(c->path, ret);
1272 if (r == -EPERM || r == -EOPNOTSUPP)
1273 goto no_label;
1274 }
1275
1276 return r;
1277
1278 no_label:
1279 *ret = NULL;
1280 return 0;
1281 }
1282
1283 static int socket_open_fds(Socket *s) {
1284 _cleanup_(mac_selinux_freep) char *label = NULL;
1285 bool know_label = false;
1286 SocketPort *p;
1287 int r;
1288
1289 assert(s);
1290
1291 LIST_FOREACH(port, p, s->ports) {
1292
1293 if (p->fd >= 0)
1294 continue;
1295
1296 switch (p->type) {
1297
1298 case SOCKET_SOCKET:
1299
1300 if (!know_label) {
1301 /* Figure out label, if we don't it know yet. We do it once, for the first socket where
1302 * we need this and remember it for the rest. */
1303
1304 r = socket_determine_selinux_label(s, &label);
1305 if (r < 0)
1306 goto rollback;
1307
1308 know_label = true;
1309 }
1310
1311 /* Apply the socket protocol */
1312 switch (p->address.type) {
1313
1314 case SOCK_STREAM:
1315 case SOCK_SEQPACKET:
1316 if (s->socket_protocol == IPPROTO_SCTP)
1317 p->address.protocol = s->socket_protocol;
1318 break;
1319
1320 case SOCK_DGRAM:
1321 if (s->socket_protocol == IPPROTO_UDPLITE)
1322 p->address.protocol = s->socket_protocol;
1323 break;
1324 }
1325
1326 r = socket_address_listen(
1327 &p->address,
1328 SOCK_CLOEXEC|SOCK_NONBLOCK,
1329 s->backlog,
1330 s->bind_ipv6_only,
1331 s->bind_to_device,
1332 s->reuse_port,
1333 s->free_bind,
1334 s->transparent,
1335 s->directory_mode,
1336 s->socket_mode,
1337 label);
1338 if (r < 0)
1339 goto rollback;
1340
1341 p->fd = r;
1342 socket_apply_socket_options(s, p->fd);
1343 socket_symlink(s);
1344 break;
1345
1346 case SOCKET_SPECIAL:
1347
1348 p->fd = special_address_create(p->path, s->writable);
1349 if (p->fd < 0) {
1350 r = p->fd;
1351 goto rollback;
1352 }
1353 break;
1354
1355 case SOCKET_FIFO:
1356
1357 p->fd = fifo_address_create(
1358 p->path,
1359 s->directory_mode,
1360 s->socket_mode);
1361 if (p->fd < 0) {
1362 r = p->fd;
1363 goto rollback;
1364 }
1365
1366 socket_apply_fifo_options(s, p->fd);
1367 socket_symlink(s);
1368 break;
1369
1370 case SOCKET_MQUEUE:
1371
1372 p->fd = mq_address_create(
1373 p->path,
1374 s->socket_mode,
1375 s->mq_maxmsg,
1376 s->mq_msgsize);
1377 if (p->fd < 0) {
1378 r = p->fd;
1379 goto rollback;
1380 }
1381 break;
1382
1383 case SOCKET_USB_FUNCTION: {
1384 _cleanup_free_ char *ep = NULL;
1385
1386 ep = path_make_absolute("ep0", p->path);
1387
1388 p->fd = usbffs_address_create(ep);
1389 if (p->fd < 0) {
1390 r = p->fd;
1391 goto rollback;
1392 }
1393
1394 r = usbffs_write_descs(p->fd, SERVICE(UNIT_DEREF(s->service)));
1395 if (r < 0)
1396 goto rollback;
1397
1398 r = usbffs_dispatch_eps(p);
1399 if (r < 0)
1400 goto rollback;
1401
1402 break;
1403 }
1404 default:
1405 assert_not_reached("Unknown port type");
1406 }
1407 }
1408
1409 return 0;
1410
1411 rollback:
1412 socket_close_fds(s);
1413 return r;
1414 }
1415
1416 static void socket_unwatch_fds(Socket *s) {
1417 SocketPort *p;
1418 int r;
1419
1420 assert(s);
1421
1422 LIST_FOREACH(port, p, s->ports) {
1423 if (p->fd < 0)
1424 continue;
1425
1426 if (!p->event_source)
1427 continue;
1428
1429 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1430 if (r < 0)
1431 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
1432 }
1433 }
1434
1435 static int socket_watch_fds(Socket *s) {
1436 SocketPort *p;
1437 int r;
1438
1439 assert(s);
1440
1441 LIST_FOREACH(port, p, s->ports) {
1442 if (p->fd < 0)
1443 continue;
1444
1445 if (p->event_source) {
1446 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1447 if (r < 0)
1448 goto fail;
1449 } else {
1450 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1451 if (r < 0)
1452 goto fail;
1453
1454 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
1455 }
1456 }
1457
1458 return 0;
1459
1460 fail:
1461 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
1462 socket_unwatch_fds(s);
1463 return r;
1464 }
1465
1466 static void socket_set_state(Socket *s, SocketState state) {
1467 SocketState old_state;
1468 assert(s);
1469
1470 old_state = s->state;
1471 s->state = state;
1472
1473 if (!IN_SET(state,
1474 SOCKET_START_PRE,
1475 SOCKET_START_CHOWN,
1476 SOCKET_START_POST,
1477 SOCKET_STOP_PRE,
1478 SOCKET_STOP_PRE_SIGTERM,
1479 SOCKET_STOP_PRE_SIGKILL,
1480 SOCKET_STOP_POST,
1481 SOCKET_FINAL_SIGTERM,
1482 SOCKET_FINAL_SIGKILL)) {
1483
1484 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1485 socket_unwatch_control_pid(s);
1486 s->control_command = NULL;
1487 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1488 }
1489
1490 if (state != SOCKET_LISTENING)
1491 socket_unwatch_fds(s);
1492
1493 if (!IN_SET(state,
1494 SOCKET_START_CHOWN,
1495 SOCKET_START_POST,
1496 SOCKET_LISTENING,
1497 SOCKET_RUNNING,
1498 SOCKET_STOP_PRE,
1499 SOCKET_STOP_PRE_SIGTERM,
1500 SOCKET_STOP_PRE_SIGKILL))
1501 socket_close_fds(s);
1502
1503 if (state != old_state)
1504 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
1505
1506 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1507 }
1508
1509 static int socket_coldplug(Unit *u) {
1510 Socket *s = SOCKET(u);
1511 int r;
1512
1513 assert(s);
1514 assert(s->state == SOCKET_DEAD);
1515
1516 if (s->deserialized_state == s->state)
1517 return 0;
1518
1519 if (s->control_pid > 0 &&
1520 pid_is_unwaited(s->control_pid) &&
1521 IN_SET(s->deserialized_state,
1522 SOCKET_START_PRE,
1523 SOCKET_START_CHOWN,
1524 SOCKET_START_POST,
1525 SOCKET_STOP_PRE,
1526 SOCKET_STOP_PRE_SIGTERM,
1527 SOCKET_STOP_PRE_SIGKILL,
1528 SOCKET_STOP_POST,
1529 SOCKET_FINAL_SIGTERM,
1530 SOCKET_FINAL_SIGKILL)) {
1531
1532 r = unit_watch_pid(UNIT(s), s->control_pid);
1533 if (r < 0)
1534 return r;
1535
1536 r = socket_arm_timer(s, usec_add(u->state_change_timestamp.monotonic, s->timeout_usec));
1537 if (r < 0)
1538 return r;
1539 }
1540
1541 if (IN_SET(s->deserialized_state,
1542 SOCKET_START_CHOWN,
1543 SOCKET_START_POST,
1544 SOCKET_LISTENING,
1545 SOCKET_RUNNING,
1546 SOCKET_STOP_PRE,
1547 SOCKET_STOP_PRE_SIGTERM,
1548 SOCKET_STOP_PRE_SIGKILL)) {
1549
1550 r = socket_open_fds(s);
1551 if (r < 0)
1552 return r;
1553 }
1554
1555 if (s->deserialized_state == SOCKET_LISTENING) {
1556 r = socket_watch_fds(s);
1557 if (r < 0)
1558 return r;
1559 }
1560
1561 socket_set_state(s, s->deserialized_state);
1562 return 0;
1563 }
1564
1565 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1566 _cleanup_free_ char **argv = NULL;
1567 pid_t pid;
1568 int r;
1569 ExecParameters exec_params = {
1570 .apply_permissions = true,
1571 .apply_chroot = true,
1572 .apply_tty_stdin = true,
1573 .stdin_fd = -1,
1574 .stdout_fd = -1,
1575 .stderr_fd = -1,
1576 };
1577
1578 assert(s);
1579 assert(c);
1580 assert(_pid);
1581
1582 (void) unit_realize_cgroup(UNIT(s));
1583 if (s->reset_cpu_usage) {
1584 (void) unit_reset_cpu_usage(UNIT(s));
1585 s->reset_cpu_usage = false;
1586 }
1587
1588 r = unit_setup_exec_runtime(UNIT(s));
1589 if (r < 0)
1590 return r;
1591
1592 r = socket_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->timeout_usec));
1593 if (r < 0)
1594 return r;
1595
1596 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1597 if (r < 0)
1598 return r;
1599
1600 exec_params.argv = argv;
1601 exec_params.environment = UNIT(s)->manager->environment;
1602 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1603 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1604 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1605 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1606 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1607
1608 r = exec_spawn(UNIT(s),
1609 c,
1610 &s->exec_context,
1611 &exec_params,
1612 s->exec_runtime,
1613 &pid);
1614 if (r < 0)
1615 return r;
1616
1617 r = unit_watch_pid(UNIT(s), pid);
1618 if (r < 0)
1619 /* FIXME: we need to do something here */
1620 return r;
1621
1622 *_pid = pid;
1623 return 0;
1624 }
1625
1626 static int socket_chown(Socket *s, pid_t *_pid) {
1627 pid_t pid;
1628 int r;
1629
1630 r = socket_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->timeout_usec));
1631 if (r < 0)
1632 goto fail;
1633
1634 /* We have to resolve the user names out-of-process, hence
1635 * let's fork here. It's messy, but well, what can we do? */
1636
1637 pid = fork();
1638 if (pid < 0)
1639 return -errno;
1640
1641 if (pid == 0) {
1642 SocketPort *p;
1643 uid_t uid = UID_INVALID;
1644 gid_t gid = GID_INVALID;
1645 int ret;
1646
1647 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1648 (void) ignore_signals(SIGPIPE, -1);
1649 log_forget_fds();
1650
1651 if (!isempty(s->user)) {
1652 const char *user = s->user;
1653
1654 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1655 if (r < 0) {
1656 ret = EXIT_USER;
1657 goto fail_child;
1658 }
1659 }
1660
1661 if (!isempty(s->group)) {
1662 const char *group = s->group;
1663
1664 r = get_group_creds(&group, &gid);
1665 if (r < 0) {
1666 ret = EXIT_GROUP;
1667 goto fail_child;
1668 }
1669 }
1670
1671 LIST_FOREACH(port, p, s->ports) {
1672 const char *path = NULL;
1673
1674 if (p->type == SOCKET_SOCKET)
1675 path = socket_address_get_path(&p->address);
1676 else if (p->type == SOCKET_FIFO)
1677 path = p->path;
1678
1679 if (!path)
1680 continue;
1681
1682 if (chown(path, uid, gid) < 0) {
1683 r = -errno;
1684 ret = EXIT_CHOWN;
1685 goto fail_child;
1686 }
1687 }
1688
1689 _exit(0);
1690
1691 fail_child:
1692 log_open();
1693 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1694
1695 _exit(ret);
1696 }
1697
1698 r = unit_watch_pid(UNIT(s), pid);
1699 if (r < 0)
1700 goto fail;
1701
1702 *_pid = pid;
1703 return 0;
1704
1705 fail:
1706 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1707 return r;
1708 }
1709
1710 static void socket_enter_dead(Socket *s, SocketResult f) {
1711 assert(s);
1712
1713 if (f != SOCKET_SUCCESS)
1714 s->result = f;
1715
1716 exec_runtime_destroy(s->exec_runtime);
1717 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1718
1719 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1720
1721 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1722 }
1723
1724 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1725
1726 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1727 int r;
1728 assert(s);
1729
1730 if (f != SOCKET_SUCCESS)
1731 s->result = f;
1732
1733 socket_unwatch_control_pid(s);
1734 s->control_command_id = SOCKET_EXEC_STOP_POST;
1735 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1736
1737 if (s->control_command) {
1738 r = socket_spawn(s, s->control_command, &s->control_pid);
1739 if (r < 0)
1740 goto fail;
1741
1742 socket_set_state(s, SOCKET_STOP_POST);
1743 } else
1744 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1745
1746 return;
1747
1748 fail:
1749 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
1750 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1751 }
1752
1753 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1754 int r;
1755
1756 assert(s);
1757
1758 if (f != SOCKET_SUCCESS)
1759 s->result = f;
1760
1761 r = unit_kill_context(
1762 UNIT(s),
1763 &s->kill_context,
1764 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1765 KILL_KILL : KILL_TERMINATE,
1766 -1,
1767 s->control_pid,
1768 false);
1769 if (r < 0)
1770 goto fail;
1771
1772 if (r > 0) {
1773 r = socket_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->timeout_usec));
1774 if (r < 0)
1775 goto fail;
1776
1777 socket_set_state(s, state);
1778 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1779 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1780 else if (state == SOCKET_STOP_PRE_SIGKILL)
1781 socket_enter_stop_post(s, SOCKET_SUCCESS);
1782 else if (state == SOCKET_FINAL_SIGTERM)
1783 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1784 else
1785 socket_enter_dead(s, SOCKET_SUCCESS);
1786
1787 return;
1788
1789 fail:
1790 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
1791
1792 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1793 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1794 else
1795 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1796 }
1797
1798 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1799 int r;
1800 assert(s);
1801
1802 if (f != SOCKET_SUCCESS)
1803 s->result = f;
1804
1805 socket_unwatch_control_pid(s);
1806 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1807 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1808
1809 if (s->control_command) {
1810 r = socket_spawn(s, s->control_command, &s->control_pid);
1811 if (r < 0)
1812 goto fail;
1813
1814 socket_set_state(s, SOCKET_STOP_PRE);
1815 } else
1816 socket_enter_stop_post(s, SOCKET_SUCCESS);
1817
1818 return;
1819
1820 fail:
1821 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
1822 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1823 }
1824
1825 static void socket_enter_listening(Socket *s) {
1826 int r;
1827 assert(s);
1828
1829 r = socket_watch_fds(s);
1830 if (r < 0) {
1831 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1832 goto fail;
1833 }
1834
1835 socket_set_state(s, SOCKET_LISTENING);
1836 return;
1837
1838 fail:
1839 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1840 }
1841
1842 static void socket_enter_start_post(Socket *s) {
1843 int r;
1844 assert(s);
1845
1846 socket_unwatch_control_pid(s);
1847 s->control_command_id = SOCKET_EXEC_START_POST;
1848 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1849
1850 if (s->control_command) {
1851 r = socket_spawn(s, s->control_command, &s->control_pid);
1852 if (r < 0) {
1853 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
1854 goto fail;
1855 }
1856
1857 socket_set_state(s, SOCKET_START_POST);
1858 } else
1859 socket_enter_listening(s);
1860
1861 return;
1862
1863 fail:
1864 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1865 }
1866
1867 static void socket_enter_start_chown(Socket *s) {
1868 int r;
1869
1870 assert(s);
1871
1872 r = socket_open_fds(s);
1873 if (r < 0) {
1874 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1875 goto fail;
1876 }
1877
1878 if (!isempty(s->user) || !isempty(s->group)) {
1879
1880 socket_unwatch_control_pid(s);
1881 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1882 s->control_command = NULL;
1883
1884 r = socket_chown(s, &s->control_pid);
1885 if (r < 0) {
1886 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
1887 goto fail;
1888 }
1889
1890 socket_set_state(s, SOCKET_START_CHOWN);
1891 } else
1892 socket_enter_start_post(s);
1893
1894 return;
1895
1896 fail:
1897 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1898 }
1899
1900 static void socket_enter_start_pre(Socket *s) {
1901 int r;
1902 assert(s);
1903
1904 socket_unwatch_control_pid(s);
1905 s->control_command_id = SOCKET_EXEC_START_PRE;
1906 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1907
1908 if (s->control_command) {
1909 r = socket_spawn(s, s->control_command, &s->control_pid);
1910 if (r < 0) {
1911 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
1912 goto fail;
1913 }
1914
1915 socket_set_state(s, SOCKET_START_PRE);
1916 } else
1917 socket_enter_start_chown(s);
1918
1919 return;
1920
1921 fail:
1922 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1923 }
1924
1925 static void socket_enter_running(Socket *s, int cfd) {
1926 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
1927 int r;
1928
1929 /* Note that this call takes possession of the connection fd passed. It either has to assign it somewhere or
1930 * close it. */
1931
1932 assert(s);
1933
1934 /* We don't take connections anymore if we are supposed to
1935 * shut down anyway */
1936 if (unit_stop_pending(UNIT(s))) {
1937
1938 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
1939
1940 if (cfd >= 0)
1941 cfd = safe_close(cfd);
1942 else {
1943 /* Flush all sockets by closing and reopening them */
1944 socket_close_fds(s);
1945
1946 r = socket_open_fds(s);
1947 if (r < 0) {
1948 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1949 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1950 return;
1951 }
1952
1953 r = socket_watch_fds(s);
1954 if (r < 0) {
1955 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1956 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1957 }
1958 }
1959
1960 return;
1961 }
1962
1963 if (!ratelimit_test(&s->trigger_limit)) {
1964 safe_close(cfd);
1965 log_unit_warning(UNIT(s), "Trigger limit hit, refusing further activation.");
1966 socket_enter_stop_pre(s, SOCKET_FAILURE_TRIGGER_LIMIT_HIT);
1967 return;
1968 }
1969
1970 if (cfd < 0) {
1971 Iterator i;
1972 Unit *other;
1973 bool pending = false;
1974
1975 /* If there's already a start pending don't bother to
1976 * do anything */
1977 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1978 if (unit_active_or_pending(other)) {
1979 pending = true;
1980 break;
1981 }
1982
1983 if (!pending) {
1984 if (!UNIT_ISSET(s->service)) {
1985 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
1986 r = -ENOENT;
1987 goto fail;
1988 }
1989
1990 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, &error, NULL);
1991 if (r < 0)
1992 goto fail;
1993 }
1994
1995 socket_set_state(s, SOCKET_RUNNING);
1996 } else {
1997 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1998 Service *service;
1999
2000 if (s->n_connections >= s->max_connections) {
2001 log_unit_warning(UNIT(s), "Too many incoming connections (%u), refusing connection attempt.", s->n_connections);
2002 safe_close(cfd);
2003 return;
2004 }
2005
2006 r = socket_instantiate_service(s);
2007 if (r < 0)
2008 goto fail;
2009
2010 r = instance_from_socket(cfd, s->n_accepted, &instance);
2011 if (r < 0) {
2012 if (r != -ENOTCONN)
2013 goto fail;
2014
2015 /* ENOTCONN is legitimate if TCP RST was received.
2016 * This connection is over, but the socket unit lives on. */
2017 log_unit_debug(UNIT(s), "Got ENOTCONN on incoming socket, assuming aborted connection attempt, ignoring.");
2018 safe_close(cfd);
2019 return;
2020 }
2021
2022 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
2023 if (r < 0)
2024 goto fail;
2025
2026 r = unit_name_build(prefix, instance, ".service", &name);
2027 if (r < 0)
2028 goto fail;
2029
2030 r = unit_add_name(UNIT_DEREF(s->service), name);
2031 if (r < 0)
2032 goto fail;
2033
2034 service = SERVICE(UNIT_DEREF(s->service));
2035 unit_ref_unset(&s->service);
2036
2037 s->n_accepted++;
2038 unit_choose_id(UNIT(service), name);
2039
2040 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
2041 if (r < 0)
2042 goto fail;
2043
2044 cfd = -1; /* We passed ownership of the fd to the service now. Forget it here. */
2045 s->n_connections++;
2046
2047 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, &error, NULL);
2048 if (r < 0) {
2049 /* We failed to activate the new service, but it still exists. Let's make sure the service
2050 * closes and forgets the connection fd again, immediately. */
2051 service_close_socket_fd(service);
2052 goto fail;
2053 }
2054
2055 /* Notify clients about changed counters */
2056 unit_add_to_dbus_queue(UNIT(s));
2057 }
2058
2059 return;
2060
2061 fail:
2062 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
2063 cfd >= 0 ? "template" : "non-template",
2064 bus_error_message(&error, r));
2065
2066 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2067 safe_close(cfd);
2068 }
2069
2070 static void socket_run_next(Socket *s) {
2071 int r;
2072
2073 assert(s);
2074 assert(s->control_command);
2075 assert(s->control_command->command_next);
2076
2077 socket_unwatch_control_pid(s);
2078
2079 s->control_command = s->control_command->command_next;
2080
2081 r = socket_spawn(s, s->control_command, &s->control_pid);
2082 if (r < 0)
2083 goto fail;
2084
2085 return;
2086
2087 fail:
2088 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
2089
2090 if (s->state == SOCKET_START_POST)
2091 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2092 else if (s->state == SOCKET_STOP_POST)
2093 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
2094 else
2095 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
2096 }
2097
2098 static int socket_start(Unit *u) {
2099 Socket *s = SOCKET(u);
2100 int r;
2101
2102 assert(s);
2103
2104 /* We cannot fulfill this request right now, try again later
2105 * please! */
2106 if (IN_SET(s->state,
2107 SOCKET_STOP_PRE,
2108 SOCKET_STOP_PRE_SIGKILL,
2109 SOCKET_STOP_PRE_SIGTERM,
2110 SOCKET_STOP_POST,
2111 SOCKET_FINAL_SIGTERM,
2112 SOCKET_FINAL_SIGKILL))
2113 return -EAGAIN;
2114
2115 /* Already on it! */
2116 if (IN_SET(s->state,
2117 SOCKET_START_PRE,
2118 SOCKET_START_CHOWN,
2119 SOCKET_START_POST))
2120 return 0;
2121
2122 /* Cannot run this without the service being around */
2123 if (UNIT_ISSET(s->service)) {
2124 Service *service;
2125
2126 service = SERVICE(UNIT_DEREF(s->service));
2127
2128 if (UNIT(service)->load_state != UNIT_LOADED) {
2129 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
2130 return -ENOENT;
2131 }
2132
2133 /* If the service is already active we cannot start the
2134 * socket */
2135 if (service->state != SERVICE_DEAD &&
2136 service->state != SERVICE_FAILED &&
2137 service->state != SERVICE_AUTO_RESTART) {
2138 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
2139 return -EBUSY;
2140 }
2141 }
2142
2143 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
2144
2145 r = unit_start_limit_test(u);
2146 if (r < 0) {
2147 socket_enter_dead(s, SOCKET_FAILURE_START_LIMIT_HIT);
2148 return r;
2149 }
2150
2151 s->result = SOCKET_SUCCESS;
2152 s->reset_cpu_usage = true;
2153
2154 socket_enter_start_pre(s);
2155
2156 return 1;
2157 }
2158
2159 static int socket_stop(Unit *u) {
2160 Socket *s = SOCKET(u);
2161
2162 assert(s);
2163
2164 /* Already on it */
2165 if (IN_SET(s->state,
2166 SOCKET_STOP_PRE,
2167 SOCKET_STOP_PRE_SIGTERM,
2168 SOCKET_STOP_PRE_SIGKILL,
2169 SOCKET_STOP_POST,
2170 SOCKET_FINAL_SIGTERM,
2171 SOCKET_FINAL_SIGKILL))
2172 return 0;
2173
2174 /* If there's already something running we go directly into
2175 * kill mode. */
2176 if (IN_SET(s->state,
2177 SOCKET_START_PRE,
2178 SOCKET_START_CHOWN,
2179 SOCKET_START_POST)) {
2180 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
2181 return -EAGAIN;
2182 }
2183
2184 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
2185
2186 socket_enter_stop_pre(s, SOCKET_SUCCESS);
2187 return 1;
2188 }
2189
2190 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2191 Socket *s = SOCKET(u);
2192 SocketPort *p;
2193 int r;
2194
2195 assert(u);
2196 assert(f);
2197 assert(fds);
2198
2199 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2200 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2201 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2202
2203 if (s->control_pid > 0)
2204 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2205
2206 if (s->control_command_id >= 0)
2207 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2208
2209 LIST_FOREACH(port, p, s->ports) {
2210 int copy;
2211
2212 if (p->fd < 0)
2213 continue;
2214
2215 copy = fdset_put_dup(fds, p->fd);
2216 if (copy < 0)
2217 return copy;
2218
2219 if (p->type == SOCKET_SOCKET) {
2220 _cleanup_free_ char *t = NULL;
2221
2222 r = socket_address_print(&p->address, &t);
2223 if (r < 0)
2224 return r;
2225
2226 if (socket_address_family(&p->address) == AF_NETLINK)
2227 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2228 else
2229 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2230
2231 } else if (p->type == SOCKET_SPECIAL)
2232 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2233 else if (p->type == SOCKET_MQUEUE)
2234 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2235 else if (p->type == SOCKET_USB_FUNCTION)
2236 unit_serialize_item_format(u, f, "ffs", "%i %s", copy, p->path);
2237 else {
2238 assert(p->type == SOCKET_FIFO);
2239 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2240 }
2241 }
2242
2243 return 0;
2244 }
2245
2246 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2247 Socket *s = SOCKET(u);
2248
2249 assert(u);
2250 assert(key);
2251 assert(value);
2252
2253 if (streq(key, "state")) {
2254 SocketState state;
2255
2256 state = socket_state_from_string(value);
2257 if (state < 0)
2258 log_unit_debug(u, "Failed to parse state value: %s", value);
2259 else
2260 s->deserialized_state = state;
2261 } else if (streq(key, "result")) {
2262 SocketResult f;
2263
2264 f = socket_result_from_string(value);
2265 if (f < 0)
2266 log_unit_debug(u, "Failed to parse result value: %s", value);
2267 else if (f != SOCKET_SUCCESS)
2268 s->result = f;
2269
2270 } else if (streq(key, "n-accepted")) {
2271 unsigned k;
2272
2273 if (safe_atou(value, &k) < 0)
2274 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
2275 else
2276 s->n_accepted += k;
2277 } else if (streq(key, "control-pid")) {
2278 pid_t pid;
2279
2280 if (parse_pid(value, &pid) < 0)
2281 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
2282 else
2283 s->control_pid = pid;
2284 } else if (streq(key, "control-command")) {
2285 SocketExecCommand id;
2286
2287 id = socket_exec_command_from_string(value);
2288 if (id < 0)
2289 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
2290 else {
2291 s->control_command_id = id;
2292 s->control_command = s->exec_command[id];
2293 }
2294 } else if (streq(key, "fifo")) {
2295 int fd, skip = 0;
2296 SocketPort *p;
2297
2298 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2299 log_unit_debug(u, "Failed to parse fifo value: %s", value);
2300 else {
2301
2302 LIST_FOREACH(port, p, s->ports)
2303 if (p->type == SOCKET_FIFO &&
2304 path_equal_or_files_same(p->path, value+skip))
2305 break;
2306
2307 if (p) {
2308 safe_close(p->fd);
2309 p->fd = fdset_remove(fds, fd);
2310 }
2311 }
2312
2313 } else if (streq(key, "special")) {
2314 int fd, skip = 0;
2315 SocketPort *p;
2316
2317 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2318 log_unit_debug(u, "Failed to parse special value: %s", value);
2319 else {
2320
2321 LIST_FOREACH(port, p, s->ports)
2322 if (p->type == SOCKET_SPECIAL &&
2323 path_equal_or_files_same(p->path, value+skip))
2324 break;
2325
2326 if (p) {
2327 safe_close(p->fd);
2328 p->fd = fdset_remove(fds, fd);
2329 }
2330 }
2331
2332 } else if (streq(key, "mqueue")) {
2333 int fd, skip = 0;
2334 SocketPort *p;
2335
2336 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2337 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
2338 else {
2339
2340 LIST_FOREACH(port, p, s->ports)
2341 if (p->type == SOCKET_MQUEUE &&
2342 streq(p->path, value+skip))
2343 break;
2344
2345 if (p) {
2346 safe_close(p->fd);
2347 p->fd = fdset_remove(fds, fd);
2348 }
2349 }
2350
2351 } else if (streq(key, "socket")) {
2352 int fd, type, skip = 0;
2353 SocketPort *p;
2354
2355 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2356 log_unit_debug(u, "Failed to parse socket value: %s", value);
2357 else {
2358
2359 LIST_FOREACH(port, p, s->ports)
2360 if (socket_address_is(&p->address, value+skip, type))
2361 break;
2362
2363 if (p) {
2364 safe_close(p->fd);
2365 p->fd = fdset_remove(fds, fd);
2366 }
2367 }
2368
2369 } else if (streq(key, "netlink")) {
2370 int fd, skip = 0;
2371 SocketPort *p;
2372
2373 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2374 log_unit_debug(u, "Failed to parse socket value: %s", value);
2375 else {
2376
2377 LIST_FOREACH(port, p, s->ports)
2378 if (socket_address_is_netlink(&p->address, value+skip))
2379 break;
2380
2381 if (p) {
2382 safe_close(p->fd);
2383 p->fd = fdset_remove(fds, fd);
2384 }
2385 }
2386
2387 } else if (streq(key, "ffs")) {
2388 int fd, skip = 0;
2389 SocketPort *p;
2390
2391 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2392 log_unit_debug(u, "Failed to parse ffs value: %s", value);
2393 else {
2394
2395 LIST_FOREACH(port, p, s->ports)
2396 if (p->type == SOCKET_USB_FUNCTION &&
2397 path_equal_or_files_same(p->path, value+skip))
2398 break;
2399
2400 if (p) {
2401 safe_close(p->fd);
2402 p->fd = fdset_remove(fds, fd);
2403 }
2404 }
2405
2406 } else
2407 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
2408
2409 return 0;
2410 }
2411
2412 static void socket_distribute_fds(Unit *u, FDSet *fds) {
2413 Socket *s = SOCKET(u);
2414 SocketPort *p;
2415
2416 assert(u);
2417
2418 LIST_FOREACH(port, p, s->ports) {
2419 Iterator i;
2420 int fd;
2421
2422 if (p->type != SOCKET_SOCKET)
2423 continue;
2424
2425 if (p->fd >= 0)
2426 continue;
2427
2428 FDSET_FOREACH(fd, fds, i) {
2429 if (socket_address_matches_fd(&p->address, fd)) {
2430 p->fd = fdset_remove(fds, fd);
2431 s->deserialized_state = SOCKET_LISTENING;
2432 break;
2433 }
2434 }
2435 }
2436 }
2437
2438 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2439 assert(u);
2440
2441 return state_translation_table[SOCKET(u)->state];
2442 }
2443
2444 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2445 assert(u);
2446
2447 return socket_state_to_string(SOCKET(u)->state);
2448 }
2449
2450 const char* socket_port_type_to_string(SocketPort *p) {
2451
2452 assert(p);
2453
2454 switch (p->type) {
2455
2456 case SOCKET_SOCKET:
2457
2458 switch (p->address.type) {
2459
2460 case SOCK_STREAM:
2461 return "Stream";
2462
2463 case SOCK_DGRAM:
2464 return "Datagram";
2465
2466 case SOCK_SEQPACKET:
2467 return "SequentialPacket";
2468
2469 case SOCK_RAW:
2470 if (socket_address_family(&p->address) == AF_NETLINK)
2471 return "Netlink";
2472
2473 default:
2474 return NULL;
2475 }
2476
2477 case SOCKET_SPECIAL:
2478 return "Special";
2479
2480 case SOCKET_MQUEUE:
2481 return "MessageQueue";
2482
2483 case SOCKET_FIFO:
2484 return "FIFO";
2485
2486 case SOCKET_USB_FUNCTION:
2487 return "USBFunction";
2488
2489 default:
2490 return NULL;
2491 }
2492 }
2493
2494 _pure_ static bool socket_check_gc(Unit *u) {
2495 Socket *s = SOCKET(u);
2496
2497 assert(u);
2498
2499 return s->n_connections > 0;
2500 }
2501
2502 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2503 SocketPort *p = userdata;
2504 int cfd = -1;
2505
2506 assert(p);
2507 assert(fd >= 0);
2508
2509 if (p->socket->state != SOCKET_LISTENING)
2510 return 0;
2511
2512 log_unit_debug(UNIT(p->socket), "Incoming traffic");
2513
2514 if (revents != EPOLLIN) {
2515
2516 if (revents & EPOLLHUP)
2517 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2518 else
2519 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
2520 goto fail;
2521 }
2522
2523 if (p->socket->accept &&
2524 p->type == SOCKET_SOCKET &&
2525 socket_address_can_accept(&p->address)) {
2526
2527 for (;;) {
2528
2529 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2530 if (cfd < 0) {
2531
2532 if (errno == EINTR)
2533 continue;
2534
2535 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
2536 goto fail;
2537 }
2538
2539 break;
2540 }
2541
2542 socket_apply_socket_options(p->socket, cfd);
2543 }
2544
2545 socket_enter_running(p->socket, cfd);
2546 return 0;
2547
2548 fail:
2549 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2550 return 0;
2551 }
2552
2553 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2554 Socket *s = SOCKET(u);
2555 SocketResult f;
2556
2557 assert(s);
2558 assert(pid >= 0);
2559
2560 if (pid != s->control_pid)
2561 return;
2562
2563 s->control_pid = 0;
2564
2565 if (is_clean_exit(code, status, NULL))
2566 f = SOCKET_SUCCESS;
2567 else if (code == CLD_EXITED)
2568 f = SOCKET_FAILURE_EXIT_CODE;
2569 else if (code == CLD_KILLED)
2570 f = SOCKET_FAILURE_SIGNAL;
2571 else if (code == CLD_DUMPED)
2572 f = SOCKET_FAILURE_CORE_DUMP;
2573 else
2574 assert_not_reached("Unknown sigchld code");
2575
2576 if (s->control_command) {
2577 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2578
2579 if (s->control_command->ignore)
2580 f = SOCKET_SUCCESS;
2581 }
2582
2583 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2584 "Control process exited, code=%s status=%i",
2585 sigchld_code_to_string(code), status);
2586
2587 if (f != SOCKET_SUCCESS)
2588 s->result = f;
2589
2590 if (s->control_command &&
2591 s->control_command->command_next &&
2592 f == SOCKET_SUCCESS) {
2593
2594 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
2595 socket_run_next(s);
2596 } else {
2597 s->control_command = NULL;
2598 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2599
2600 /* No further commands for this step, so let's figure
2601 * out what to do next */
2602
2603 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
2604
2605 switch (s->state) {
2606
2607 case SOCKET_START_PRE:
2608 if (f == SOCKET_SUCCESS)
2609 socket_enter_start_chown(s);
2610 else
2611 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2612 break;
2613
2614 case SOCKET_START_CHOWN:
2615 if (f == SOCKET_SUCCESS)
2616 socket_enter_start_post(s);
2617 else
2618 socket_enter_stop_pre(s, f);
2619 break;
2620
2621 case SOCKET_START_POST:
2622 if (f == SOCKET_SUCCESS)
2623 socket_enter_listening(s);
2624 else
2625 socket_enter_stop_pre(s, f);
2626 break;
2627
2628 case SOCKET_STOP_PRE:
2629 case SOCKET_STOP_PRE_SIGTERM:
2630 case SOCKET_STOP_PRE_SIGKILL:
2631 socket_enter_stop_post(s, f);
2632 break;
2633
2634 case SOCKET_STOP_POST:
2635 case SOCKET_FINAL_SIGTERM:
2636 case SOCKET_FINAL_SIGKILL:
2637 socket_enter_dead(s, f);
2638 break;
2639
2640 default:
2641 assert_not_reached("Uh, control process died at wrong time.");
2642 }
2643 }
2644
2645 /* Notify clients about changed exit status */
2646 unit_add_to_dbus_queue(u);
2647 }
2648
2649 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2650 Socket *s = SOCKET(userdata);
2651
2652 assert(s);
2653 assert(s->timer_event_source == source);
2654
2655 switch (s->state) {
2656
2657 case SOCKET_START_PRE:
2658 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
2659 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2660 break;
2661
2662 case SOCKET_START_CHOWN:
2663 case SOCKET_START_POST:
2664 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
2665 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2666 break;
2667
2668 case SOCKET_STOP_PRE:
2669 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
2670 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2671 break;
2672
2673 case SOCKET_STOP_PRE_SIGTERM:
2674 if (s->kill_context.send_sigkill) {
2675 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
2676 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2677 } else {
2678 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2679 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2680 }
2681 break;
2682
2683 case SOCKET_STOP_PRE_SIGKILL:
2684 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
2685 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2686 break;
2687
2688 case SOCKET_STOP_POST:
2689 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
2690 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2691 break;
2692
2693 case SOCKET_FINAL_SIGTERM:
2694 if (s->kill_context.send_sigkill) {
2695 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
2696 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2697 } else {
2698 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2699 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2700 }
2701 break;
2702
2703 case SOCKET_FINAL_SIGKILL:
2704 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
2705 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2706 break;
2707
2708 default:
2709 assert_not_reached("Timeout at wrong time.");
2710 }
2711
2712 return 0;
2713 }
2714
2715 int socket_collect_fds(Socket *s, int **fds) {
2716 int *rfds, k = 0, n = 0;
2717 SocketPort *p;
2718
2719 assert(s);
2720 assert(fds);
2721
2722 /* Called from the service code for requesting our fds */
2723
2724 LIST_FOREACH(port, p, s->ports) {
2725 if (p->fd >= 0)
2726 n++;
2727 n += p->n_auxiliary_fds;
2728 }
2729
2730 if (n <= 0) {
2731 *fds = NULL;
2732 return 0;
2733 }
2734
2735 rfds = new(int, n);
2736 if (!rfds)
2737 return -ENOMEM;
2738
2739 LIST_FOREACH(port, p, s->ports) {
2740 int i;
2741
2742 if (p->fd >= 0)
2743 rfds[k++] = p->fd;
2744 for (i = 0; i < p->n_auxiliary_fds; ++i)
2745 rfds[k++] = p->auxiliary_fds[i];
2746 }
2747
2748 assert(k == n);
2749
2750 *fds = rfds;
2751 return n;
2752 }
2753
2754 static void socket_reset_failed(Unit *u) {
2755 Socket *s = SOCKET(u);
2756
2757 assert(s);
2758
2759 if (s->state == SOCKET_FAILED)
2760 socket_set_state(s, SOCKET_DEAD);
2761
2762 s->result = SOCKET_SUCCESS;
2763 }
2764
2765 void socket_connection_unref(Socket *s) {
2766 assert(s);
2767
2768 /* The service is dead. Yay!
2769 *
2770 * This is strictly for one-instance-per-connection
2771 * services. */
2772
2773 assert(s->n_connections > 0);
2774 s->n_connections--;
2775
2776 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
2777 }
2778
2779 static void socket_trigger_notify(Unit *u, Unit *other) {
2780 Socket *s = SOCKET(u);
2781
2782 assert(u);
2783 assert(other);
2784
2785 /* Filter out invocations with bogus state */
2786 if (other->load_state != UNIT_LOADED || other->type != UNIT_SERVICE)
2787 return;
2788
2789 /* Don't propagate state changes from the service if we are already down */
2790 if (!IN_SET(s->state, SOCKET_RUNNING, SOCKET_LISTENING))
2791 return;
2792
2793 /* We don't care for the service state if we are in Accept=yes mode */
2794 if (s->accept)
2795 return;
2796
2797 /* Propagate start limit hit state */
2798 if (other->start_limit_hit) {
2799 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_START_LIMIT_HIT);
2800 return;
2801 }
2802
2803 /* Don't propagate anything if there's still a job queued */
2804 if (other->job)
2805 return;
2806
2807 if (IN_SET(SERVICE(other)->state,
2808 SERVICE_DEAD, SERVICE_FAILED,
2809 SERVICE_FINAL_SIGTERM, SERVICE_FINAL_SIGKILL,
2810 SERVICE_AUTO_RESTART))
2811 socket_enter_listening(s);
2812
2813 if (SERVICE(other)->state == SERVICE_RUNNING)
2814 socket_set_state(s, SOCKET_RUNNING);
2815 }
2816
2817 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2818 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2819 }
2820
2821 static int socket_get_timeout(Unit *u, usec_t *timeout) {
2822 Socket *s = SOCKET(u);
2823 usec_t t;
2824 int r;
2825
2826 if (!s->timer_event_source)
2827 return 0;
2828
2829 r = sd_event_source_get_time(s->timer_event_source, &t);
2830 if (r < 0)
2831 return r;
2832 if (t == USEC_INFINITY)
2833 return 0;
2834
2835 *timeout = t;
2836 return 1;
2837 }
2838
2839 char *socket_fdname(Socket *s) {
2840 assert(s);
2841
2842 /* Returns the name to use for $LISTEN_NAMES. If the user
2843 * didn't specify anything specifically, use the socket unit's
2844 * name as fallback. */
2845
2846 if (s->fdname)
2847 return s->fdname;
2848
2849 return UNIT(s)->id;
2850 }
2851
2852 static int socket_control_pid(Unit *u) {
2853 Socket *s = SOCKET(u);
2854
2855 assert(s);
2856
2857 return s->control_pid;
2858 }
2859
2860 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2861 [SOCKET_EXEC_START_PRE] = "StartPre",
2862 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2863 [SOCKET_EXEC_START_POST] = "StartPost",
2864 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2865 [SOCKET_EXEC_STOP_POST] = "StopPost"
2866 };
2867
2868 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2869
2870 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2871 [SOCKET_SUCCESS] = "success",
2872 [SOCKET_FAILURE_RESOURCES] = "resources",
2873 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2874 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2875 [SOCKET_FAILURE_SIGNAL] = "signal",
2876 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2877 [SOCKET_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
2878 [SOCKET_FAILURE_TRIGGER_LIMIT_HIT] = "trigger-limit-hit",
2879 [SOCKET_FAILURE_SERVICE_START_LIMIT_HIT] = "service-start-limit-hit"
2880 };
2881
2882 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2883
2884 const UnitVTable socket_vtable = {
2885 .object_size = sizeof(Socket),
2886 .exec_context_offset = offsetof(Socket, exec_context),
2887 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2888 .kill_context_offset = offsetof(Socket, kill_context),
2889 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2890
2891 .sections =
2892 "Unit\0"
2893 "Socket\0"
2894 "Install\0",
2895 .private_section = "Socket",
2896
2897 .init = socket_init,
2898 .done = socket_done,
2899 .load = socket_load,
2900
2901 .coldplug = socket_coldplug,
2902
2903 .dump = socket_dump,
2904
2905 .start = socket_start,
2906 .stop = socket_stop,
2907
2908 .kill = socket_kill,
2909
2910 .get_timeout = socket_get_timeout,
2911
2912 .serialize = socket_serialize,
2913 .deserialize_item = socket_deserialize_item,
2914 .distribute_fds = socket_distribute_fds,
2915
2916 .active_state = socket_active_state,
2917 .sub_state_to_string = socket_sub_state_to_string,
2918
2919 .check_gc = socket_check_gc,
2920
2921 .sigchld_event = socket_sigchld_event,
2922
2923 .trigger_notify = socket_trigger_notify,
2924
2925 .reset_failed = socket_reset_failed,
2926
2927 .control_pid = socket_control_pid,
2928
2929 .bus_vtable = bus_socket_vtable,
2930 .bus_set_property = bus_socket_set_property,
2931 .bus_commit_properties = bus_socket_commit_properties,
2932
2933 .status_message_formats = {
2934 /*.starting_stopping = {
2935 [0] = "Starting socket %s...",
2936 [1] = "Stopping socket %s...",
2937 },*/
2938 .finished_start_job = {
2939 [JOB_DONE] = "Listening on %s.",
2940 [JOB_FAILED] = "Failed to listen on %s.",
2941 [JOB_TIMEOUT] = "Timed out starting %s.",
2942 },
2943 .finished_stop_job = {
2944 [JOB_DONE] = "Closed %s.",
2945 [JOB_FAILED] = "Failed stopping %s.",
2946 [JOB_TIMEOUT] = "Timed out stopping %s.",
2947 },
2948 },
2949 };
Unnamed repository; edit this file 'description' to name the repository.