]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/unit.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #10351 from keszybz/meson-cpp-fixups
[thirdparty/systemd.git] / src / core / unit.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2
3 #include <errno.h>
4 #include <stdlib.h>
5 #include <string.h>
6 #include <sys/prctl.h>
7 #include <sys/stat.h>
8 #include <unistd.h>
9
10 #include "sd-id128.h"
11 #include "sd-messages.h"
12
13 #include "alloc-util.h"
14 #include "all-units.h"
15 #include "bus-common-errors.h"
16 #include "bus-util.h"
17 #include "cgroup-util.h"
18 #include "dbus-unit.h"
19 #include "dbus.h"
20 #include "dropin.h"
21 #include "escape.h"
22 #include "execute.h"
23 #include "fd-util.h"
24 #include "fileio-label.h"
25 #include "format-util.h"
26 #include "fs-util.h"
27 #include "id128-util.h"
28 #include "io-util.h"
29 #include "load-dropin.h"
30 #include "load-fragment.h"
31 #include "log.h"
32 #include "macro.h"
33 #include "missing.h"
34 #include "mkdir.h"
35 #include "parse-util.h"
36 #include "path-util.h"
37 #include "process-util.h"
38 #include "set.h"
39 #include "signal-util.h"
40 #include "sparse-endian.h"
41 #include "special.h"
42 #include "specifier.h"
43 #include "stat-util.h"
44 #include "stdio-util.h"
45 #include "string-table.h"
46 #include "string-util.h"
47 #include "strv.h"
48 #include "umask-util.h"
49 #include "unit-name.h"
50 #include "unit.h"
51 #include "user-util.h"
52 #include "virt.h"
53
54 const UnitVTable * const unit_vtable[_UNIT_TYPE_MAX] = {
55 [UNIT_SERVICE] = &service_vtable,
56 [UNIT_SOCKET] = &socket_vtable,
57 [UNIT_TARGET] = &target_vtable,
58 [UNIT_DEVICE] = &device_vtable,
59 [UNIT_MOUNT] = &mount_vtable,
60 [UNIT_AUTOMOUNT] = &automount_vtable,
61 [UNIT_SWAP] = &swap_vtable,
62 [UNIT_TIMER] = &timer_vtable,
63 [UNIT_PATH] = &path_vtable,
64 [UNIT_SLICE] = &slice_vtable,
65 [UNIT_SCOPE] = &scope_vtable,
66 };
67
68 static void maybe_warn_about_dependency(Unit *u, const char *other, UnitDependency dependency);
69
70 Unit *unit_new(Manager *m, size_t size) {
71 Unit *u;
72
73 assert(m);
74 assert(size >= sizeof(Unit));
75
76 u = malloc0(size);
77 if (!u)
78 return NULL;
79
80 u->names = set_new(&string_hash_ops);
81 if (!u->names)
82 return mfree(u);
83
84 u->manager = m;
85 u->type = _UNIT_TYPE_INVALID;
86 u->default_dependencies = true;
87 u->unit_file_state = _UNIT_FILE_STATE_INVALID;
88 u->unit_file_preset = -1;
89 u->on_failure_job_mode = JOB_REPLACE;
90 u->cgroup_inotify_wd = -1;
91 u->job_timeout = USEC_INFINITY;
92 u->job_running_timeout = USEC_INFINITY;
93 u->ref_uid = UID_INVALID;
94 u->ref_gid = GID_INVALID;
95 u->cpu_usage_last = NSEC_INFINITY;
96 u->cgroup_invalidated_mask |= CGROUP_MASK_BPF_FIREWALL;
97
98 u->ip_accounting_ingress_map_fd = -1;
99 u->ip_accounting_egress_map_fd = -1;
100 u->ipv4_allow_map_fd = -1;
101 u->ipv6_allow_map_fd = -1;
102 u->ipv4_deny_map_fd = -1;
103 u->ipv6_deny_map_fd = -1;
104
105 u->last_section_private = -1;
106
107 RATELIMIT_INIT(u->start_limit, m->default_start_limit_interval, m->default_start_limit_burst);
108 RATELIMIT_INIT(u->auto_stop_ratelimit, 10 * USEC_PER_SEC, 16);
109
110 return u;
111 }
112
113 int unit_new_for_name(Manager *m, size_t size, const char *name, Unit **ret) {
114 _cleanup_(unit_freep) Unit *u = NULL;
115 int r;
116
117 u = unit_new(m, size);
118 if (!u)
119 return -ENOMEM;
120
121 r = unit_add_name(u, name);
122 if (r < 0)
123 return r;
124
125 *ret = TAKE_PTR(u);
126
127 return r;
128 }
129
130 bool unit_has_name(Unit *u, const char *name) {
131 assert(u);
132 assert(name);
133
134 return set_contains(u->names, (char*) name);
135 }
136
137 static void unit_init(Unit *u) {
138 CGroupContext *cc;
139 ExecContext *ec;
140 KillContext *kc;
141
142 assert(u);
143 assert(u->manager);
144 assert(u->type >= 0);
145
146 cc = unit_get_cgroup_context(u);
147 if (cc) {
148 cgroup_context_init(cc);
149
150 /* Copy in the manager defaults into the cgroup
151 * context, _before_ the rest of the settings have
152 * been initialized */
153
154 cc->cpu_accounting = u->manager->default_cpu_accounting;
155 cc->io_accounting = u->manager->default_io_accounting;
156 cc->ip_accounting = u->manager->default_ip_accounting;
157 cc->blockio_accounting = u->manager->default_blockio_accounting;
158 cc->memory_accounting = u->manager->default_memory_accounting;
159 cc->tasks_accounting = u->manager->default_tasks_accounting;
160 cc->ip_accounting = u->manager->default_ip_accounting;
161
162 if (u->type != UNIT_SLICE)
163 cc->tasks_max = u->manager->default_tasks_max;
164 }
165
166 ec = unit_get_exec_context(u);
167 if (ec) {
168 exec_context_init(ec);
169
170 ec->keyring_mode = MANAGER_IS_SYSTEM(u->manager) ?
171 EXEC_KEYRING_SHARED : EXEC_KEYRING_INHERIT;
172 }
173
174 kc = unit_get_kill_context(u);
175 if (kc)
176 kill_context_init(kc);
177
178 if (UNIT_VTABLE(u)->init)
179 UNIT_VTABLE(u)->init(u);
180 }
181
182 int unit_add_name(Unit *u, const char *text) {
183 _cleanup_free_ char *s = NULL, *i = NULL;
184 UnitType t;
185 int r;
186
187 assert(u);
188 assert(text);
189
190 if (unit_name_is_valid(text, UNIT_NAME_TEMPLATE)) {
191
192 if (!u->instance)
193 return -EINVAL;
194
195 r = unit_name_replace_instance(text, u->instance, &s);
196 if (r < 0)
197 return r;
198 } else {
199 s = strdup(text);
200 if (!s)
201 return -ENOMEM;
202 }
203
204 if (set_contains(u->names, s))
205 return 0;
206 if (hashmap_contains(u->manager->units, s))
207 return -EEXIST;
208
209 if (!unit_name_is_valid(s, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE))
210 return -EINVAL;
211
212 t = unit_name_to_type(s);
213 if (t < 0)
214 return -EINVAL;
215
216 if (u->type != _UNIT_TYPE_INVALID && t != u->type)
217 return -EINVAL;
218
219 r = unit_name_to_instance(s, &i);
220 if (r < 0)
221 return r;
222
223 if (i && !unit_type_may_template(t))
224 return -EINVAL;
225
226 /* Ensure that this unit is either instanced or not instanced,
227 * but not both. Note that we do allow names with different
228 * instance names however! */
229 if (u->type != _UNIT_TYPE_INVALID && !u->instance != !i)
230 return -EINVAL;
231
232 if (!unit_type_may_alias(t) && !set_isempty(u->names))
233 return -EEXIST;
234
235 if (hashmap_size(u->manager->units) >= MANAGER_MAX_NAMES)
236 return -E2BIG;
237
238 r = set_put(u->names, s);
239 if (r < 0)
240 return r;
241 assert(r > 0);
242
243 r = hashmap_put(u->manager->units, s, u);
244 if (r < 0) {
245 (void) set_remove(u->names, s);
246 return r;
247 }
248
249 if (u->type == _UNIT_TYPE_INVALID) {
250 u->type = t;
251 u->id = s;
252 u->instance = TAKE_PTR(i);
253
254 LIST_PREPEND(units_by_type, u->manager->units_by_type[t], u);
255
256 unit_init(u);
257 }
258
259 s = NULL;
260
261 unit_add_to_dbus_queue(u);
262 return 0;
263 }
264
265 int unit_choose_id(Unit *u, const char *name) {
266 _cleanup_free_ char *t = NULL;
267 char *s, *i;
268 int r;
269
270 assert(u);
271 assert(name);
272
273 if (unit_name_is_valid(name, UNIT_NAME_TEMPLATE)) {
274
275 if (!u->instance)
276 return -EINVAL;
277
278 r = unit_name_replace_instance(name, u->instance, &t);
279 if (r < 0)
280 return r;
281
282 name = t;
283 }
284
285 /* Selects one of the names of this unit as the id */
286 s = set_get(u->names, (char*) name);
287 if (!s)
288 return -ENOENT;
289
290 /* Determine the new instance from the new id */
291 r = unit_name_to_instance(s, &i);
292 if (r < 0)
293 return r;
294
295 u->id = s;
296
297 free(u->instance);
298 u->instance = i;
299
300 unit_add_to_dbus_queue(u);
301
302 return 0;
303 }
304
305 int unit_set_description(Unit *u, const char *description) {
306 int r;
307
308 assert(u);
309
310 r = free_and_strdup(&u->description, empty_to_null(description));
311 if (r < 0)
312 return r;
313 if (r > 0)
314 unit_add_to_dbus_queue(u);
315
316 return 0;
317 }
318
319 bool unit_may_gc(Unit *u) {
320 UnitActiveState state;
321 int r;
322
323 assert(u);
324
325 /* Checks whether the unit is ready to be unloaded for garbage collection.
326 * Returns true when the unit may be collected, and false if there's some
327 * reason to keep it loaded.
328 *
329 * References from other units are *not* checked here. Instead, this is done
330 * in unit_gc_sweep(), but using markers to properly collect dependency loops.
331 */
332
333 if (u->job)
334 return false;
335
336 if (u->nop_job)
337 return false;
338
339 state = unit_active_state(u);
340
341 /* If the unit is inactive and failed and no job is queued for it, then release its runtime resources */
342 if (UNIT_IS_INACTIVE_OR_FAILED(state) &&
343 UNIT_VTABLE(u)->release_resources)
344 UNIT_VTABLE(u)->release_resources(u);
345
346 if (u->perpetual)
347 return false;
348
349 if (sd_bus_track_count(u->bus_track) > 0)
350 return false;
351
352 /* But we keep the unit object around for longer when it is referenced or configured to not be gc'ed */
353 switch (u->collect_mode) {
354
355 case COLLECT_INACTIVE:
356 if (state != UNIT_INACTIVE)
357 return false;
358
359 break;
360
361 case COLLECT_INACTIVE_OR_FAILED:
362 if (!IN_SET(state, UNIT_INACTIVE, UNIT_FAILED))
363 return false;
364
365 break;
366
367 default:
368 assert_not_reached("Unknown garbage collection mode");
369 }
370
371 if (u->cgroup_path) {
372 /* If the unit has a cgroup, then check whether there's anything in it. If so, we should stay
373 * around. Units with active processes should never be collected. */
374
375 r = cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path);
376 if (r < 0)
377 log_unit_debug_errno(u, r, "Failed to determine whether cgroup %s is empty: %m", u->cgroup_path);
378 if (r <= 0)
379 return false;
380 }
381
382 if (UNIT_VTABLE(u)->may_gc && !UNIT_VTABLE(u)->may_gc(u))
383 return false;
384
385 return true;
386 }
387
388 void unit_add_to_load_queue(Unit *u) {
389 assert(u);
390 assert(u->type != _UNIT_TYPE_INVALID);
391
392 if (u->load_state != UNIT_STUB || u->in_load_queue)
393 return;
394
395 LIST_PREPEND(load_queue, u->manager->load_queue, u);
396 u->in_load_queue = true;
397 }
398
399 void unit_add_to_cleanup_queue(Unit *u) {
400 assert(u);
401
402 if (u->in_cleanup_queue)
403 return;
404
405 LIST_PREPEND(cleanup_queue, u->manager->cleanup_queue, u);
406 u->in_cleanup_queue = true;
407 }
408
409 void unit_add_to_gc_queue(Unit *u) {
410 assert(u);
411
412 if (u->in_gc_queue || u->in_cleanup_queue)
413 return;
414
415 if (!unit_may_gc(u))
416 return;
417
418 LIST_PREPEND(gc_queue, u->manager->gc_unit_queue, u);
419 u->in_gc_queue = true;
420 }
421
422 void unit_add_to_dbus_queue(Unit *u) {
423 assert(u);
424 assert(u->type != _UNIT_TYPE_INVALID);
425
426 if (u->load_state == UNIT_STUB || u->in_dbus_queue)
427 return;
428
429 /* Shortcut things if nobody cares */
430 if (sd_bus_track_count(u->manager->subscribed) <= 0 &&
431 sd_bus_track_count(u->bus_track) <= 0 &&
432 set_isempty(u->manager->private_buses)) {
433 u->sent_dbus_new_signal = true;
434 return;
435 }
436
437 LIST_PREPEND(dbus_queue, u->manager->dbus_unit_queue, u);
438 u->in_dbus_queue = true;
439 }
440
441 void unit_submit_to_stop_when_unneeded_queue(Unit *u) {
442 assert(u);
443
444 if (u->in_stop_when_unneeded_queue)
445 return;
446
447 if (!u->stop_when_unneeded)
448 return;
449
450 if (!UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(u)))
451 return;
452
453 LIST_PREPEND(stop_when_unneeded_queue, u->manager->stop_when_unneeded_queue, u);
454 u->in_stop_when_unneeded_queue = true;
455 }
456
457 static void bidi_set_free(Unit *u, Hashmap *h) {
458 Unit *other;
459 Iterator i;
460 void *v;
461
462 assert(u);
463
464 /* Frees the hashmap and makes sure we are dropped from the inverse pointers */
465
466 HASHMAP_FOREACH_KEY(v, other, h, i) {
467 UnitDependency d;
468
469 for (d = 0; d < _UNIT_DEPENDENCY_MAX; d++)
470 hashmap_remove(other->dependencies[d], u);
471
472 unit_add_to_gc_queue(other);
473 }
474
475 hashmap_free(h);
476 }
477
478 static void unit_remove_transient(Unit *u) {
479 char **i;
480
481 assert(u);
482
483 if (!u->transient)
484 return;
485
486 if (u->fragment_path)
487 (void) unlink(u->fragment_path);
488
489 STRV_FOREACH(i, u->dropin_paths) {
490 _cleanup_free_ char *p = NULL, *pp = NULL;
491
492 p = dirname_malloc(*i); /* Get the drop-in directory from the drop-in file */
493 if (!p)
494 continue;
495
496 pp = dirname_malloc(p); /* Get the config directory from the drop-in directory */
497 if (!pp)
498 continue;
499
500 /* Only drop transient drop-ins */
501 if (!path_equal(u->manager->lookup_paths.transient, pp))
502 continue;
503
504 (void) unlink(*i);
505 (void) rmdir(p);
506 }
507 }
508
509 static void unit_free_requires_mounts_for(Unit *u) {
510 assert(u);
511
512 for (;;) {
513 _cleanup_free_ char *path;
514
515 path = hashmap_steal_first_key(u->requires_mounts_for);
516 if (!path)
517 break;
518 else {
519 char s[strlen(path) + 1];
520
521 PATH_FOREACH_PREFIX_MORE(s, path) {
522 char *y;
523 Set *x;
524
525 x = hashmap_get2(u->manager->units_requiring_mounts_for, s, (void**) &y);
526 if (!x)
527 continue;
528
529 (void) set_remove(x, u);
530
531 if (set_isempty(x)) {
532 (void) hashmap_remove(u->manager->units_requiring_mounts_for, y);
533 free(y);
534 set_free(x);
535 }
536 }
537 }
538 }
539
540 u->requires_mounts_for = hashmap_free(u->requires_mounts_for);
541 }
542
543 static void unit_done(Unit *u) {
544 ExecContext *ec;
545 CGroupContext *cc;
546
547 assert(u);
548
549 if (u->type < 0)
550 return;
551
552 if (UNIT_VTABLE(u)->done)
553 UNIT_VTABLE(u)->done(u);
554
555 ec = unit_get_exec_context(u);
556 if (ec)
557 exec_context_done(ec);
558
559 cc = unit_get_cgroup_context(u);
560 if (cc)
561 cgroup_context_done(cc);
562 }
563
564 void unit_free(Unit *u) {
565 UnitDependency d;
566 Iterator i;
567 char *t;
568
569 if (!u)
570 return;
571
572 u->transient_file = safe_fclose(u->transient_file);
573
574 if (!MANAGER_IS_RELOADING(u->manager))
575 unit_remove_transient(u);
576
577 bus_unit_send_removed_signal(u);
578
579 unit_done(u);
580
581 unit_dequeue_rewatch_pids(u);
582
583 sd_bus_slot_unref(u->match_bus_slot);
584 sd_bus_track_unref(u->bus_track);
585 u->deserialized_refs = strv_free(u->deserialized_refs);
586
587 unit_free_requires_mounts_for(u);
588
589 SET_FOREACH(t, u->names, i)
590 hashmap_remove_value(u->manager->units, t, u);
591
592 if (!sd_id128_is_null(u->invocation_id))
593 hashmap_remove_value(u->manager->units_by_invocation_id, &u->invocation_id, u);
594
595 if (u->job) {
596 Job *j = u->job;
597 job_uninstall(j);
598 job_free(j);
599 }
600
601 if (u->nop_job) {
602 Job *j = u->nop_job;
603 job_uninstall(j);
604 job_free(j);
605 }
606
607 for (d = 0; d < _UNIT_DEPENDENCY_MAX; d++)
608 bidi_set_free(u, u->dependencies[d]);
609
610 if (u->on_console)
611 manager_unref_console(u->manager);
612
613 unit_release_cgroup(u);
614
615 if (!MANAGER_IS_RELOADING(u->manager))
616 unit_unlink_state_files(u);
617
618 unit_unref_uid_gid(u, false);
619
620 (void) manager_update_failed_units(u->manager, u, false);
621 set_remove(u->manager->startup_units, u);
622
623 unit_unwatch_all_pids(u);
624
625 unit_ref_unset(&u->slice);
626 while (u->refs_by_target)
627 unit_ref_unset(u->refs_by_target);
628
629 if (u->type != _UNIT_TYPE_INVALID)
630 LIST_REMOVE(units_by_type, u->manager->units_by_type[u->type], u);
631
632 if (u->in_load_queue)
633 LIST_REMOVE(load_queue, u->manager->load_queue, u);
634
635 if (u->in_dbus_queue)
636 LIST_REMOVE(dbus_queue, u->manager->dbus_unit_queue, u);
637
638 if (u->in_gc_queue)
639 LIST_REMOVE(gc_queue, u->manager->gc_unit_queue, u);
640
641 if (u->in_cgroup_realize_queue)
642 LIST_REMOVE(cgroup_realize_queue, u->manager->cgroup_realize_queue, u);
643
644 if (u->in_cgroup_empty_queue)
645 LIST_REMOVE(cgroup_empty_queue, u->manager->cgroup_empty_queue, u);
646
647 if (u->in_cleanup_queue)
648 LIST_REMOVE(cleanup_queue, u->manager->cleanup_queue, u);
649
650 if (u->in_target_deps_queue)
651 LIST_REMOVE(target_deps_queue, u->manager->target_deps_queue, u);
652
653 if (u->in_stop_when_unneeded_queue)
654 LIST_REMOVE(stop_when_unneeded_queue, u->manager->stop_when_unneeded_queue, u);
655
656 safe_close(u->ip_accounting_ingress_map_fd);
657 safe_close(u->ip_accounting_egress_map_fd);
658
659 safe_close(u->ipv4_allow_map_fd);
660 safe_close(u->ipv6_allow_map_fd);
661 safe_close(u->ipv4_deny_map_fd);
662 safe_close(u->ipv6_deny_map_fd);
663
664 bpf_program_unref(u->ip_bpf_ingress);
665 bpf_program_unref(u->ip_bpf_ingress_installed);
666 bpf_program_unref(u->ip_bpf_egress);
667 bpf_program_unref(u->ip_bpf_egress_installed);
668
669 bpf_program_unref(u->bpf_device_control_installed);
670
671 condition_free_list(u->conditions);
672 condition_free_list(u->asserts);
673
674 free(u->description);
675 strv_free(u->documentation);
676 free(u->fragment_path);
677 free(u->source_path);
678 strv_free(u->dropin_paths);
679 free(u->instance);
680
681 free(u->job_timeout_reboot_arg);
682
683 set_free_free(u->names);
684
685 free(u->reboot_arg);
686
687 free(u);
688 }
689
690 UnitActiveState unit_active_state(Unit *u) {
691 assert(u);
692
693 if (u->load_state == UNIT_MERGED)
694 return unit_active_state(unit_follow_merge(u));
695
696 /* After a reload it might happen that a unit is not correctly
697 * loaded but still has a process around. That's why we won't
698 * shortcut failed loading to UNIT_INACTIVE_FAILED. */
699
700 return UNIT_VTABLE(u)->active_state(u);
701 }
702
703 const char* unit_sub_state_to_string(Unit *u) {
704 assert(u);
705
706 return UNIT_VTABLE(u)->sub_state_to_string(u);
707 }
708
709 static int set_complete_move(Set **s, Set **other) {
710 assert(s);
711 assert(other);
712
713 if (!other)
714 return 0;
715
716 if (*s)
717 return set_move(*s, *other);
718 else
719 *s = TAKE_PTR(*other);
720
721 return 0;
722 }
723
724 static int hashmap_complete_move(Hashmap **s, Hashmap **other) {
725 assert(s);
726 assert(other);
727
728 if (!*other)
729 return 0;
730
731 if (*s)
732 return hashmap_move(*s, *other);
733 else
734 *s = TAKE_PTR(*other);
735
736 return 0;
737 }
738
739 static int merge_names(Unit *u, Unit *other) {
740 char *t;
741 Iterator i;
742 int r;
743
744 assert(u);
745 assert(other);
746
747 r = set_complete_move(&u->names, &other->names);
748 if (r < 0)
749 return r;
750
751 set_free_free(other->names);
752 other->names = NULL;
753 other->id = NULL;
754
755 SET_FOREACH(t, u->names, i)
756 assert_se(hashmap_replace(u->manager->units, t, u) == 0);
757
758 return 0;
759 }
760
761 static int reserve_dependencies(Unit *u, Unit *other, UnitDependency d) {
762 unsigned n_reserve;
763
764 assert(u);
765 assert(other);
766 assert(d < _UNIT_DEPENDENCY_MAX);
767
768 /*
769 * If u does not have this dependency set allocated, there is no need
770 * to reserve anything. In that case other's set will be transferred
771 * as a whole to u by complete_move().
772 */
773 if (!u->dependencies[d])
774 return 0;
775
776 /* merge_dependencies() will skip a u-on-u dependency */
777 n_reserve = hashmap_size(other->dependencies[d]) - !!hashmap_get(other->dependencies[d], u);
778
779 return hashmap_reserve(u->dependencies[d], n_reserve);
780 }
781
782 static void merge_dependencies(Unit *u, Unit *other, const char *other_id, UnitDependency d) {
783 Iterator i;
784 Unit *back;
785 void *v;
786 int r;
787
788 /* Merges all dependencies of type 'd' of the unit 'other' into the deps of the unit 'u' */
789
790 assert(u);
791 assert(other);
792 assert(d < _UNIT_DEPENDENCY_MAX);
793
794 /* Fix backwards pointers. Let's iterate through all dependendent units of the other unit. */
795 HASHMAP_FOREACH_KEY(v, back, other->dependencies[d], i) {
796 UnitDependency k;
797
798 /* Let's now iterate through the dependencies of that dependencies of the other units, looking for
799 * pointers back, and let's fix them up, to instead point to 'u'. */
800
801 for (k = 0; k < _UNIT_DEPENDENCY_MAX; k++) {
802 if (back == u) {
803 /* Do not add dependencies between u and itself. */
804 if (hashmap_remove(back->dependencies[k], other))
805 maybe_warn_about_dependency(u, other_id, k);
806 } else {
807 UnitDependencyInfo di_u, di_other, di_merged;
808
809 /* Let's drop this dependency between "back" and "other", and let's create it between
810 * "back" and "u" instead. Let's merge the bit masks of the dependency we are moving,
811 * and any such dependency which might already exist */
812
813 di_other.data = hashmap_get(back->dependencies[k], other);
814 if (!di_other.data)
815 continue; /* dependency isn't set, let's try the next one */
816
817 di_u.data = hashmap_get(back->dependencies[k], u);
818
819 di_merged = (UnitDependencyInfo) {
820 .origin_mask = di_u.origin_mask | di_other.origin_mask,
821 .destination_mask = di_u.destination_mask | di_other.destination_mask,
822 };
823
824 r = hashmap_remove_and_replace(back->dependencies[k], other, u, di_merged.data);
825 if (r < 0)
826 log_warning_errno(r, "Failed to remove/replace: back=%s other=%s u=%s: %m", back->id, other_id, u->id);
827 assert(r >= 0);
828
829 /* assert_se(hashmap_remove_and_replace(back->dependencies[k], other, u, di_merged.data) >= 0); */
830 }
831 }
832
833 }
834
835 /* Also do not move dependencies on u to itself */
836 back = hashmap_remove(other->dependencies[d], u);
837 if (back)
838 maybe_warn_about_dependency(u, other_id, d);
839
840 /* The move cannot fail. The caller must have performed a reservation. */
841 assert_se(hashmap_complete_move(&u->dependencies[d], &other->dependencies[d]) == 0);
842
843 other->dependencies[d] = hashmap_free(other->dependencies[d]);
844 }
845
846 int unit_merge(Unit *u, Unit *other) {
847 UnitDependency d;
848 const char *other_id = NULL;
849 int r;
850
851 assert(u);
852 assert(other);
853 assert(u->manager == other->manager);
854 assert(u->type != _UNIT_TYPE_INVALID);
855
856 other = unit_follow_merge(other);
857
858 if (other == u)
859 return 0;
860
861 if (u->type != other->type)
862 return -EINVAL;
863
864 if (!u->instance != !other->instance)
865 return -EINVAL;
866
867 if (!unit_type_may_alias(u->type)) /* Merging only applies to unit names that support aliases */
868 return -EEXIST;
869
870 if (!IN_SET(other->load_state, UNIT_STUB, UNIT_NOT_FOUND))
871 return -EEXIST;
872
873 if (other->job)
874 return -EEXIST;
875
876 if (other->nop_job)
877 return -EEXIST;
878
879 if (!UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other)))
880 return -EEXIST;
881
882 if (other->id)
883 other_id = strdupa(other->id);
884
885 /* Make reservations to ensure merge_dependencies() won't fail */
886 for (d = 0; d < _UNIT_DEPENDENCY_MAX; d++) {
887 r = reserve_dependencies(u, other, d);
888 /*
889 * We don't rollback reservations if we fail. We don't have
890 * a way to undo reservations. A reservation is not a leak.
891 */
892 if (r < 0)
893 return r;
894 }
895
896 /* Merge names */
897 r = merge_names(u, other);
898 if (r < 0)
899 return r;
900
901 /* Redirect all references */
902 while (other->refs_by_target)
903 unit_ref_set(other->refs_by_target, other->refs_by_target->source, u);
904
905 /* Merge dependencies */
906 for (d = 0; d < _UNIT_DEPENDENCY_MAX; d++)
907 merge_dependencies(u, other, other_id, d);
908
909 other->load_state = UNIT_MERGED;
910 other->merged_into = u;
911
912 /* If there is still some data attached to the other node, we
913 * don't need it anymore, and can free it. */
914 if (other->load_state != UNIT_STUB)
915 if (UNIT_VTABLE(other)->done)
916 UNIT_VTABLE(other)->done(other);
917
918 unit_add_to_dbus_queue(u);
919 unit_add_to_cleanup_queue(other);
920
921 return 0;
922 }
923
924 int unit_merge_by_name(Unit *u, const char *name) {
925 _cleanup_free_ char *s = NULL;
926 Unit *other;
927 int r;
928
929 assert(u);
930 assert(name);
931
932 if (unit_name_is_valid(name, UNIT_NAME_TEMPLATE)) {
933 if (!u->instance)
934 return -EINVAL;
935
936 r = unit_name_replace_instance(name, u->instance, &s);
937 if (r < 0)
938 return r;
939
940 name = s;
941 }
942
943 other = manager_get_unit(u->manager, name);
944 if (other)
945 return unit_merge(u, other);
946
947 return unit_add_name(u, name);
948 }
949
950 Unit* unit_follow_merge(Unit *u) {
951 assert(u);
952
953 while (u->load_state == UNIT_MERGED)
954 assert_se(u = u->merged_into);
955
956 return u;
957 }
958
959 int unit_add_exec_dependencies(Unit *u, ExecContext *c) {
960 ExecDirectoryType dt;
961 char **dp;
962 int r;
963
964 assert(u);
965 assert(c);
966
967 if (c->working_directory) {
968 r = unit_require_mounts_for(u, c->working_directory, UNIT_DEPENDENCY_FILE);
969 if (r < 0)
970 return r;
971 }
972
973 if (c->root_directory) {
974 r = unit_require_mounts_for(u, c->root_directory, UNIT_DEPENDENCY_FILE);
975 if (r < 0)
976 return r;
977 }
978
979 if (c->root_image) {
980 r = unit_require_mounts_for(u, c->root_image, UNIT_DEPENDENCY_FILE);
981 if (r < 0)
982 return r;
983 }
984
985 for (dt = 0; dt < _EXEC_DIRECTORY_TYPE_MAX; dt++) {
986 if (!u->manager->prefix[dt])
987 continue;
988
989 STRV_FOREACH(dp, c->directories[dt].paths) {
990 _cleanup_free_ char *p;
991
992 p = strjoin(u->manager->prefix[dt], "/", *dp);
993 if (!p)
994 return -ENOMEM;
995
996 r = unit_require_mounts_for(u, p, UNIT_DEPENDENCY_FILE);
997 if (r < 0)
998 return r;
999 }
1000 }
1001
1002 if (!MANAGER_IS_SYSTEM(u->manager))
1003 return 0;
1004
1005 if (c->private_tmp) {
1006 const char *p;
1007
1008 FOREACH_STRING(p, "/tmp", "/var/tmp") {
1009 r = unit_require_mounts_for(u, p, UNIT_DEPENDENCY_FILE);
1010 if (r < 0)
1011 return r;
1012 }
1013
1014 r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_TMPFILES_SETUP_SERVICE, true, UNIT_DEPENDENCY_FILE);
1015 if (r < 0)
1016 return r;
1017 }
1018
1019 if (!IN_SET(c->std_output,
1020 EXEC_OUTPUT_JOURNAL, EXEC_OUTPUT_JOURNAL_AND_CONSOLE,
1021 EXEC_OUTPUT_KMSG, EXEC_OUTPUT_KMSG_AND_CONSOLE,
1022 EXEC_OUTPUT_SYSLOG, EXEC_OUTPUT_SYSLOG_AND_CONSOLE) &&
1023 !IN_SET(c->std_error,
1024 EXEC_OUTPUT_JOURNAL, EXEC_OUTPUT_JOURNAL_AND_CONSOLE,
1025 EXEC_OUTPUT_KMSG, EXEC_OUTPUT_KMSG_AND_CONSOLE,
1026 EXEC_OUTPUT_SYSLOG, EXEC_OUTPUT_SYSLOG_AND_CONSOLE))
1027 return 0;
1028
1029 /* If syslog or kernel logging is requested, make sure our own
1030 * logging daemon is run first. */
1031
1032 r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_JOURNALD_SOCKET, true, UNIT_DEPENDENCY_FILE);
1033 if (r < 0)
1034 return r;
1035
1036 return 0;
1037 }
1038
1039 const char *unit_description(Unit *u) {
1040 assert(u);
1041
1042 if (u->description)
1043 return u->description;
1044
1045 return strna(u->id);
1046 }
1047
1048 static void print_unit_dependency_mask(FILE *f, const char *kind, UnitDependencyMask mask, bool *space) {
1049 const struct {
1050 UnitDependencyMask mask;
1051 const char *name;
1052 } table[] = {
1053 { UNIT_DEPENDENCY_FILE, "file" },
1054 { UNIT_DEPENDENCY_IMPLICIT, "implicit" },
1055 { UNIT_DEPENDENCY_DEFAULT, "default" },
1056 { UNIT_DEPENDENCY_UDEV, "udev" },
1057 { UNIT_DEPENDENCY_PATH, "path" },
1058 { UNIT_DEPENDENCY_MOUNTINFO_IMPLICIT, "mountinfo-implicit" },
1059 { UNIT_DEPENDENCY_MOUNTINFO_DEFAULT, "mountinfo-default" },
1060 { UNIT_DEPENDENCY_PROC_SWAP, "proc-swap" },
1061 };
1062 size_t i;
1063
1064 assert(f);
1065 assert(kind);
1066 assert(space);
1067
1068 for (i = 0; i < ELEMENTSOF(table); i++) {
1069
1070 if (mask == 0)
1071 break;
1072
1073 if (FLAGS_SET(mask, table[i].mask)) {
1074 if (*space)
1075 fputc(' ', f);
1076 else
1077 *space = true;
1078
1079 fputs(kind, f);
1080 fputs("-", f);
1081 fputs(table[i].name, f);
1082
1083 mask &= ~table[i].mask;
1084 }
1085 }
1086
1087 assert(mask == 0);
1088 }
1089
1090 void unit_dump(Unit *u, FILE *f, const char *prefix) {
1091 char *t, **j;
1092 UnitDependency d;
1093 Iterator i;
1094 const char *prefix2;
1095 char
1096 timestamp0[FORMAT_TIMESTAMP_MAX],
1097 timestamp1[FORMAT_TIMESTAMP_MAX],
1098 timestamp2[FORMAT_TIMESTAMP_MAX],
1099 timestamp3[FORMAT_TIMESTAMP_MAX],
1100 timestamp4[FORMAT_TIMESTAMP_MAX],
1101 timespan[FORMAT_TIMESPAN_MAX];
1102 Unit *following;
1103 _cleanup_set_free_ Set *following_set = NULL;
1104 const char *n;
1105 CGroupMask m;
1106 int r;
1107
1108 assert(u);
1109 assert(u->type >= 0);
1110
1111 prefix = strempty(prefix);
1112 prefix2 = strjoina(prefix, "\t");
1113
1114 fprintf(f,
1115 "%s-> Unit %s:\n"
1116 "%s\tDescription: %s\n"
1117 "%s\tInstance: %s\n"
1118 "%s\tUnit Load State: %s\n"
1119 "%s\tUnit Active State: %s\n"
1120 "%s\tState Change Timestamp: %s\n"
1121 "%s\tInactive Exit Timestamp: %s\n"
1122 "%s\tActive Enter Timestamp: %s\n"
1123 "%s\tActive Exit Timestamp: %s\n"
1124 "%s\tInactive Enter Timestamp: %s\n"
1125 "%s\tMay GC: %s\n"
1126 "%s\tNeed Daemon Reload: %s\n"
1127 "%s\tTransient: %s\n"
1128 "%s\tPerpetual: %s\n"
1129 "%s\tGarbage Collection Mode: %s\n"
1130 "%s\tSlice: %s\n"
1131 "%s\tCGroup: %s\n"
1132 "%s\tCGroup realized: %s\n",
1133 prefix, u->id,
1134 prefix, unit_description(u),
1135 prefix, strna(u->instance),
1136 prefix, unit_load_state_to_string(u->load_state),
1137 prefix, unit_active_state_to_string(unit_active_state(u)),
1138 prefix, strna(format_timestamp(timestamp0, sizeof(timestamp0), u->state_change_timestamp.realtime)),
1139 prefix, strna(format_timestamp(timestamp1, sizeof(timestamp1), u->inactive_exit_timestamp.realtime)),
1140 prefix, strna(format_timestamp(timestamp2, sizeof(timestamp2), u->active_enter_timestamp.realtime)),
1141 prefix, strna(format_timestamp(timestamp3, sizeof(timestamp3), u->active_exit_timestamp.realtime)),
1142 prefix, strna(format_timestamp(timestamp4, sizeof(timestamp4), u->inactive_enter_timestamp.realtime)),
1143 prefix, yes_no(unit_may_gc(u)),
1144 prefix, yes_no(unit_need_daemon_reload(u)),
1145 prefix, yes_no(u->transient),
1146 prefix, yes_no(u->perpetual),
1147 prefix, collect_mode_to_string(u->collect_mode),
1148 prefix, strna(unit_slice_name(u)),
1149 prefix, strna(u->cgroup_path),
1150 prefix, yes_no(u->cgroup_realized));
1151
1152 if (u->cgroup_realized_mask != 0) {
1153 _cleanup_free_ char *s = NULL;
1154 (void) cg_mask_to_string(u->cgroup_realized_mask, &s);
1155 fprintf(f, "%s\tCGroup realized mask: %s\n", prefix, strnull(s));
1156 }
1157 if (u->cgroup_enabled_mask != 0) {
1158 _cleanup_free_ char *s = NULL;
1159 (void) cg_mask_to_string(u->cgroup_enabled_mask, &s);
1160 fprintf(f, "%s\tCGroup enabled mask: %s\n", prefix, strnull(s));
1161 }
1162 m = unit_get_own_mask(u);
1163 if (m != 0) {
1164 _cleanup_free_ char *s = NULL;
1165 (void) cg_mask_to_string(m, &s);
1166 fprintf(f, "%s\tCGroup own mask: %s\n", prefix, strnull(s));
1167 }
1168 m = unit_get_members_mask(u);
1169 if (m != 0) {
1170 _cleanup_free_ char *s = NULL;
1171 (void) cg_mask_to_string(m, &s);
1172 fprintf(f, "%s\tCGroup members mask: %s\n", prefix, strnull(s));
1173 }
1174
1175 SET_FOREACH(t, u->names, i)
1176 fprintf(f, "%s\tName: %s\n", prefix, t);
1177
1178 if (!sd_id128_is_null(u->invocation_id))
1179 fprintf(f, "%s\tInvocation ID: " SD_ID128_FORMAT_STR "\n",
1180 prefix, SD_ID128_FORMAT_VAL(u->invocation_id));
1181
1182 STRV_FOREACH(j, u->documentation)
1183 fprintf(f, "%s\tDocumentation: %s\n", prefix, *j);
1184
1185 following = unit_following(u);
1186 if (following)
1187 fprintf(f, "%s\tFollowing: %s\n", prefix, following->id);
1188
1189 r = unit_following_set(u, &following_set);
1190 if (r >= 0) {
1191 Unit *other;
1192
1193 SET_FOREACH(other, following_set, i)
1194 fprintf(f, "%s\tFollowing Set Member: %s\n", prefix, other->id);
1195 }
1196
1197 if (u->fragment_path)
1198 fprintf(f, "%s\tFragment Path: %s\n", prefix, u->fragment_path);
1199
1200 if (u->source_path)
1201 fprintf(f, "%s\tSource Path: %s\n", prefix, u->source_path);
1202
1203 STRV_FOREACH(j, u->dropin_paths)
1204 fprintf(f, "%s\tDropIn Path: %s\n", prefix, *j);
1205
1206 if (u->failure_action != EMERGENCY_ACTION_NONE)
1207 fprintf(f, "%s\tFailure Action: %s\n", prefix, emergency_action_to_string(u->failure_action));
1208 if (u->success_action != EMERGENCY_ACTION_NONE)
1209 fprintf(f, "%s\tSuccess Action: %s\n", prefix, emergency_action_to_string(u->success_action));
1210
1211 if (u->job_timeout != USEC_INFINITY)
1212 fprintf(f, "%s\tJob Timeout: %s\n", prefix, format_timespan(timespan, sizeof(timespan), u->job_timeout, 0));
1213
1214 if (u->job_timeout_action != EMERGENCY_ACTION_NONE)
1215 fprintf(f, "%s\tJob Timeout Action: %s\n", prefix, emergency_action_to_string(u->job_timeout_action));
1216
1217 if (u->job_timeout_reboot_arg)
1218 fprintf(f, "%s\tJob Timeout Reboot Argument: %s\n", prefix, u->job_timeout_reboot_arg);
1219
1220 condition_dump_list(u->conditions, f, prefix, condition_type_to_string);
1221 condition_dump_list(u->asserts, f, prefix, assert_type_to_string);
1222
1223 if (dual_timestamp_is_set(&u->condition_timestamp))
1224 fprintf(f,
1225 "%s\tCondition Timestamp: %s\n"
1226 "%s\tCondition Result: %s\n",
1227 prefix, strna(format_timestamp(timestamp1, sizeof(timestamp1), u->condition_timestamp.realtime)),
1228 prefix, yes_no(u->condition_result));
1229
1230 if (dual_timestamp_is_set(&u->assert_timestamp))
1231 fprintf(f,
1232 "%s\tAssert Timestamp: %s\n"
1233 "%s\tAssert Result: %s\n",
1234 prefix, strna(format_timestamp(timestamp1, sizeof(timestamp1), u->assert_timestamp.realtime)),
1235 prefix, yes_no(u->assert_result));
1236
1237 for (d = 0; d < _UNIT_DEPENDENCY_MAX; d++) {
1238 UnitDependencyInfo di;
1239 Unit *other;
1240
1241 HASHMAP_FOREACH_KEY(di.data, other, u->dependencies[d], i) {
1242 bool space = false;
1243
1244 fprintf(f, "%s\t%s: %s (", prefix, unit_dependency_to_string(d), other->id);
1245
1246 print_unit_dependency_mask(f, "origin", di.origin_mask, &space);
1247 print_unit_dependency_mask(f, "destination", di.destination_mask, &space);
1248
1249 fputs(")\n", f);
1250 }
1251 }
1252
1253 if (!hashmap_isempty(u->requires_mounts_for)) {
1254 UnitDependencyInfo di;
1255 const char *path;
1256
1257 HASHMAP_FOREACH_KEY(di.data, path, u->requires_mounts_for, i) {
1258 bool space = false;
1259
1260 fprintf(f, "%s\tRequiresMountsFor: %s (", prefix, path);
1261
1262 print_unit_dependency_mask(f, "origin", di.origin_mask, &space);
1263 print_unit_dependency_mask(f, "destination", di.destination_mask, &space);
1264
1265 fputs(")\n", f);
1266 }
1267 }
1268
1269 if (u->load_state == UNIT_LOADED) {
1270
1271 fprintf(f,
1272 "%s\tStopWhenUnneeded: %s\n"
1273 "%s\tRefuseManualStart: %s\n"
1274 "%s\tRefuseManualStop: %s\n"
1275 "%s\tDefaultDependencies: %s\n"
1276 "%s\tOnFailureJobMode: %s\n"
1277 "%s\tIgnoreOnIsolate: %s\n",
1278 prefix, yes_no(u->stop_when_unneeded),
1279 prefix, yes_no(u->refuse_manual_start),
1280 prefix, yes_no(u->refuse_manual_stop),
1281 prefix, yes_no(u->default_dependencies),
1282 prefix, job_mode_to_string(u->on_failure_job_mode),
1283 prefix, yes_no(u->ignore_on_isolate));
1284
1285 if (UNIT_VTABLE(u)->dump)
1286 UNIT_VTABLE(u)->dump(u, f, prefix2);
1287
1288 } else if (u->load_state == UNIT_MERGED)
1289 fprintf(f,
1290 "%s\tMerged into: %s\n",
1291 prefix, u->merged_into->id);
1292 else if (u->load_state == UNIT_ERROR)
1293 fprintf(f, "%s\tLoad Error Code: %s\n", prefix, strerror(-u->load_error));
1294
1295 for (n = sd_bus_track_first(u->bus_track); n; n = sd_bus_track_next(u->bus_track))
1296 fprintf(f, "%s\tBus Ref: %s\n", prefix, n);
1297
1298 if (u->job)
1299 job_dump(u->job, f, prefix2);
1300
1301 if (u->nop_job)
1302 job_dump(u->nop_job, f, prefix2);
1303 }
1304
1305 /* Common implementation for multiple backends */
1306 int unit_load_fragment_and_dropin(Unit *u) {
1307 int r;
1308
1309 assert(u);
1310
1311 /* Load a .{service,socket,...} file */
1312 r = unit_load_fragment(u);
1313 if (r < 0)
1314 return r;
1315
1316 if (u->load_state == UNIT_STUB)
1317 return -ENOENT;
1318
1319 /* Load drop-in directory data. If u is an alias, we might be reloading the
1320 * target unit needlessly. But we cannot be sure which drops-ins have already
1321 * been loaded and which not, at least without doing complicated book-keeping,
1322 * so let's always reread all drop-ins. */
1323 return unit_load_dropin(unit_follow_merge(u));
1324 }
1325
1326 /* Common implementation for multiple backends */
1327 int unit_load_fragment_and_dropin_optional(Unit *u) {
1328 int r;
1329
1330 assert(u);
1331
1332 /* Same as unit_load_fragment_and_dropin(), but whether
1333 * something can be loaded or not doesn't matter. */
1334
1335 /* Load a .service/.socket/.slice/… file */
1336 r = unit_load_fragment(u);
1337 if (r < 0)
1338 return r;
1339
1340 if (u->load_state == UNIT_STUB)
1341 u->load_state = UNIT_LOADED;
1342
1343 /* Load drop-in directory data */
1344 return unit_load_dropin(unit_follow_merge(u));
1345 }
1346
1347 void unit_add_to_target_deps_queue(Unit *u) {
1348 Manager *m = u->manager;
1349
1350 assert(u);
1351
1352 if (u->in_target_deps_queue)
1353 return;
1354
1355 LIST_PREPEND(target_deps_queue, m->target_deps_queue, u);
1356 u->in_target_deps_queue = true;
1357 }
1358
1359 int unit_add_default_target_dependency(Unit *u, Unit *target) {
1360 assert(u);
1361 assert(target);
1362
1363 if (target->type != UNIT_TARGET)
1364 return 0;
1365
1366 /* Only add the dependency if both units are loaded, so that
1367 * that loop check below is reliable */
1368 if (u->load_state != UNIT_LOADED ||
1369 target->load_state != UNIT_LOADED)
1370 return 0;
1371
1372 /* If either side wants no automatic dependencies, then let's
1373 * skip this */
1374 if (!u->default_dependencies ||
1375 !target->default_dependencies)
1376 return 0;
1377
1378 /* Don't create loops */
1379 if (hashmap_get(target->dependencies[UNIT_BEFORE], u))
1380 return 0;
1381
1382 return unit_add_dependency(target, UNIT_AFTER, u, true, UNIT_DEPENDENCY_DEFAULT);
1383 }
1384
1385 static int unit_add_slice_dependencies(Unit *u) {
1386 UnitDependencyMask mask;
1387 assert(u);
1388
1389 if (!UNIT_HAS_CGROUP_CONTEXT(u))
1390 return 0;
1391
1392 /* Slice units are implicitly ordered against their parent slices (as this relationship is encoded in the
1393 name), while all other units are ordered based on configuration (as in their case Slice= configures the
1394 relationship). */
1395 mask = u->type == UNIT_SLICE ? UNIT_DEPENDENCY_IMPLICIT : UNIT_DEPENDENCY_FILE;
1396
1397 if (UNIT_ISSET(u->slice))
1398 return unit_add_two_dependencies(u, UNIT_AFTER, UNIT_REQUIRES, UNIT_DEREF(u->slice), true, mask);
1399
1400 if (unit_has_name(u, SPECIAL_ROOT_SLICE))
1401 return 0;
1402
1403 return unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_REQUIRES, SPECIAL_ROOT_SLICE, true, mask);
1404 }
1405
1406 static int unit_add_mount_dependencies(Unit *u) {
1407 UnitDependencyInfo di;
1408 const char *path;
1409 Iterator i;
1410 int r;
1411
1412 assert(u);
1413
1414 HASHMAP_FOREACH_KEY(di.data, path, u->requires_mounts_for, i) {
1415 char prefix[strlen(path) + 1];
1416
1417 PATH_FOREACH_PREFIX_MORE(prefix, path) {
1418 _cleanup_free_ char *p = NULL;
1419 Unit *m;
1420
1421 r = unit_name_from_path(prefix, ".mount", &p);
1422 if (r < 0)
1423 return r;
1424
1425 m = manager_get_unit(u->manager, p);
1426 if (!m) {
1427 /* Make sure to load the mount unit if
1428 * it exists. If so the dependencies
1429 * on this unit will be added later
1430 * during the loading of the mount
1431 * unit. */
1432 (void) manager_load_unit_prepare(u->manager, p, NULL, NULL, &m);
1433 continue;
1434 }
1435 if (m == u)
1436 continue;
1437
1438 if (m->load_state != UNIT_LOADED)
1439 continue;
1440
1441 r = unit_add_dependency(u, UNIT_AFTER, m, true, di.origin_mask);
1442 if (r < 0)
1443 return r;
1444
1445 if (m->fragment_path) {
1446 r = unit_add_dependency(u, UNIT_REQUIRES, m, true, di.origin_mask);
1447 if (r < 0)
1448 return r;
1449 }
1450 }
1451 }
1452
1453 return 0;
1454 }
1455
1456 static int unit_add_startup_units(Unit *u) {
1457 CGroupContext *c;
1458 int r;
1459
1460 c = unit_get_cgroup_context(u);
1461 if (!c)
1462 return 0;
1463
1464 if (c->startup_cpu_shares == CGROUP_CPU_SHARES_INVALID &&
1465 c->startup_io_weight == CGROUP_WEIGHT_INVALID &&
1466 c->startup_blockio_weight == CGROUP_BLKIO_WEIGHT_INVALID)
1467 return 0;
1468
1469 r = set_ensure_allocated(&u->manager->startup_units, NULL);
1470 if (r < 0)
1471 return r;
1472
1473 return set_put(u->manager->startup_units, u);
1474 }
1475
1476 int unit_load(Unit *u) {
1477 int r;
1478
1479 assert(u);
1480
1481 if (u->in_load_queue) {
1482 LIST_REMOVE(load_queue, u->manager->load_queue, u);
1483 u->in_load_queue = false;
1484 }
1485
1486 if (u->type == _UNIT_TYPE_INVALID)
1487 return -EINVAL;
1488
1489 if (u->load_state != UNIT_STUB)
1490 return 0;
1491
1492 if (u->transient_file) {
1493 r = fflush_and_check(u->transient_file);
1494 if (r < 0)
1495 goto fail;
1496
1497 u->transient_file = safe_fclose(u->transient_file);
1498 u->fragment_mtime = now(CLOCK_REALTIME);
1499 }
1500
1501 if (UNIT_VTABLE(u)->load) {
1502 r = UNIT_VTABLE(u)->load(u);
1503 if (r < 0)
1504 goto fail;
1505 }
1506
1507 if (u->load_state == UNIT_STUB) {
1508 r = -ENOENT;
1509 goto fail;
1510 }
1511
1512 if (u->load_state == UNIT_LOADED) {
1513 unit_add_to_target_deps_queue(u);
1514
1515 r = unit_add_slice_dependencies(u);
1516 if (r < 0)
1517 goto fail;
1518
1519 r = unit_add_mount_dependencies(u);
1520 if (r < 0)
1521 goto fail;
1522
1523 r = unit_add_startup_units(u);
1524 if (r < 0)
1525 goto fail;
1526
1527 if (u->on_failure_job_mode == JOB_ISOLATE && hashmap_size(u->dependencies[UNIT_ON_FAILURE]) > 1) {
1528 log_unit_error(u, "More than one OnFailure= dependencies specified but OnFailureJobMode=isolate set. Refusing.");
1529 r = -ENOEXEC;
1530 goto fail;
1531 }
1532
1533 if (u->job_running_timeout != USEC_INFINITY && u->job_running_timeout > u->job_timeout)
1534 log_unit_warning(u, "JobRunningTimeoutSec= is greater than JobTimeoutSec=, it has no effect.");
1535
1536 unit_update_cgroup_members_masks(u);
1537 }
1538
1539 assert((u->load_state != UNIT_MERGED) == !u->merged_into);
1540
1541 unit_add_to_dbus_queue(unit_follow_merge(u));
1542 unit_add_to_gc_queue(u);
1543
1544 return 0;
1545
1546 fail:
1547 /* We convert ENOEXEC errors to the UNIT_BAD_SETTING load state here. Configuration parsing code should hence
1548 * return ENOEXEC to ensure units are placed in this state after loading */
1549
1550 u->load_state = u->load_state == UNIT_STUB ? UNIT_NOT_FOUND :
1551 r == -ENOEXEC ? UNIT_BAD_SETTING :
1552 UNIT_ERROR;
1553 u->load_error = r;
1554
1555 unit_add_to_dbus_queue(u);
1556 unit_add_to_gc_queue(u);
1557
1558 return log_unit_debug_errno(u, r, "Failed to load configuration: %m");
1559 }
1560
1561 static bool unit_condition_test_list(Unit *u, Condition *first, const char *(*to_string)(ConditionType t)) {
1562 Condition *c;
1563 int triggered = -1;
1564
1565 assert(u);
1566 assert(to_string);
1567
1568 /* If the condition list is empty, then it is true */
1569 if (!first)
1570 return true;
1571
1572 /* Otherwise, if all of the non-trigger conditions apply and
1573 * if any of the trigger conditions apply (unless there are
1574 * none) we return true */
1575 LIST_FOREACH(conditions, c, first) {
1576 int r;
1577
1578 r = condition_test(c);
1579 if (r < 0)
1580 log_unit_warning(u,
1581 "Couldn't determine result for %s=%s%s%s, assuming failed: %m",
1582 to_string(c->type),
1583 c->trigger ? "|" : "",
1584 c->negate ? "!" : "",
1585 c->parameter);
1586 else
1587 log_unit_debug(u,
1588 "%s=%s%s%s %s.",
1589 to_string(c->type),
1590 c->trigger ? "|" : "",
1591 c->negate ? "!" : "",
1592 c->parameter,
1593 condition_result_to_string(c->result));
1594
1595 if (!c->trigger && r <= 0)
1596 return false;
1597
1598 if (c->trigger && triggered <= 0)
1599 triggered = r > 0;
1600 }
1601
1602 return triggered != 0;
1603 }
1604
1605 static bool unit_condition_test(Unit *u) {
1606 assert(u);
1607
1608 dual_timestamp_get(&u->condition_timestamp);
1609 u->condition_result = unit_condition_test_list(u, u->conditions, condition_type_to_string);
1610
1611 return u->condition_result;
1612 }
1613
1614 static bool unit_assert_test(Unit *u) {
1615 assert(u);
1616
1617 dual_timestamp_get(&u->assert_timestamp);
1618 u->assert_result = unit_condition_test_list(u, u->asserts, assert_type_to_string);
1619
1620 return u->assert_result;
1621 }
1622
1623 void unit_status_printf(Unit *u, const char *status, const char *unit_status_msg_format) {
1624 DISABLE_WARNING_FORMAT_NONLITERAL;
1625 manager_status_printf(u->manager, STATUS_TYPE_NORMAL, status, unit_status_msg_format, unit_description(u));
1626 REENABLE_WARNING;
1627 }
1628
1629 _pure_ static const char* unit_get_status_message_format(Unit *u, JobType t) {
1630 const char *format;
1631 const UnitStatusMessageFormats *format_table;
1632
1633 assert(u);
1634 assert(IN_SET(t, JOB_START, JOB_STOP, JOB_RELOAD));
1635
1636 if (t != JOB_RELOAD) {
1637 format_table = &UNIT_VTABLE(u)->status_message_formats;
1638 if (format_table) {
1639 format = format_table->starting_stopping[t == JOB_STOP];
1640 if (format)
1641 return format;
1642 }
1643 }
1644
1645 /* Return generic strings */
1646 if (t == JOB_START)
1647 return "Starting %s.";
1648 else if (t == JOB_STOP)
1649 return "Stopping %s.";
1650 else
1651 return "Reloading %s.";
1652 }
1653
1654 static void unit_status_print_starting_stopping(Unit *u, JobType t) {
1655 const char *format;
1656
1657 assert(u);
1658
1659 /* Reload status messages have traditionally not been printed to console. */
1660 if (!IN_SET(t, JOB_START, JOB_STOP))
1661 return;
1662
1663 format = unit_get_status_message_format(u, t);
1664
1665 DISABLE_WARNING_FORMAT_NONLITERAL;
1666 unit_status_printf(u, "", format);
1667 REENABLE_WARNING;
1668 }
1669
1670 static void unit_status_log_starting_stopping_reloading(Unit *u, JobType t) {
1671 const char *format, *mid;
1672 char buf[LINE_MAX];
1673
1674 assert(u);
1675
1676 if (!IN_SET(t, JOB_START, JOB_STOP, JOB_RELOAD))
1677 return;
1678
1679 if (log_on_console())
1680 return;
1681
1682 /* We log status messages for all units and all operations. */
1683
1684 format = unit_get_status_message_format(u, t);
1685
1686 DISABLE_WARNING_FORMAT_NONLITERAL;
1687 (void) snprintf(buf, sizeof buf, format, unit_description(u));
1688 REENABLE_WARNING;
1689
1690 mid = t == JOB_START ? "MESSAGE_ID=" SD_MESSAGE_UNIT_STARTING_STR :
1691 t == JOB_STOP ? "MESSAGE_ID=" SD_MESSAGE_UNIT_STOPPING_STR :
1692 "MESSAGE_ID=" SD_MESSAGE_UNIT_RELOADING_STR;
1693
1694 /* Note that we deliberately use LOG_MESSAGE() instead of
1695 * LOG_UNIT_MESSAGE() here, since this is supposed to mimic
1696 * closely what is written to screen using the status output,
1697 * which is supposed the highest level, friendliest output
1698 * possible, which means we should avoid the low-level unit
1699 * name. */
1700 log_struct(LOG_INFO,
1701 LOG_MESSAGE("%s", buf),
1702 LOG_UNIT_ID(u),
1703 LOG_UNIT_INVOCATION_ID(u),
1704 mid);
1705 }
1706
1707 void unit_status_emit_starting_stopping_reloading(Unit *u, JobType t) {
1708 assert(u);
1709 assert(t >= 0);
1710 assert(t < _JOB_TYPE_MAX);
1711
1712 unit_status_log_starting_stopping_reloading(u, t);
1713 unit_status_print_starting_stopping(u, t);
1714 }
1715
1716 int unit_start_limit_test(Unit *u) {
1717 assert(u);
1718
1719 if (ratelimit_below(&u->start_limit)) {
1720 u->start_limit_hit = false;
1721 return 0;
1722 }
1723
1724 log_unit_warning(u, "Start request repeated too quickly.");
1725 u->start_limit_hit = true;
1726
1727 return emergency_action(u->manager, u->start_limit_action, u->reboot_arg, "unit failed");
1728 }
1729
1730 bool unit_shall_confirm_spawn(Unit *u) {
1731 assert(u);
1732
1733 if (manager_is_confirm_spawn_disabled(u->manager))
1734 return false;
1735
1736 /* For some reasons units remaining in the same process group
1737 * as PID 1 fail to acquire the console even if it's not used
1738 * by any process. So skip the confirmation question for them. */
1739 return !unit_get_exec_context(u)->same_pgrp;
1740 }
1741
1742 static bool unit_verify_deps(Unit *u) {
1743 Unit *other;
1744 Iterator j;
1745 void *v;
1746
1747 assert(u);
1748
1749 /* Checks whether all BindsTo= dependencies of this unit are fulfilled — if they are also combined with
1750 * After=. We do not check Requires= or Requisite= here as they only should have an effect on the job
1751 * processing, but do not have any effect afterwards. We don't check BindsTo= dependencies that are not used in
1752 * conjunction with After= as for them any such check would make things entirely racy. */
1753
1754 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_BINDS_TO], j) {
1755
1756 if (!hashmap_contains(u->dependencies[UNIT_AFTER], other))
1757 continue;
1758
1759 if (!UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(other))) {
1760 log_unit_notice(u, "Bound to unit %s, but unit isn't active.", other->id);
1761 return false;
1762 }
1763 }
1764
1765 return true;
1766 }
1767
1768 /* Errors:
1769 * -EBADR: This unit type does not support starting.
1770 * -EALREADY: Unit is already started.
1771 * -EAGAIN: An operation is already in progress. Retry later.
1772 * -ECANCELED: Too many requests for now.
1773 * -EPROTO: Assert failed
1774 * -EINVAL: Unit not loaded
1775 * -EOPNOTSUPP: Unit type not supported
1776 * -ENOLINK: The necessary dependencies are not fulfilled.
1777 * -ESTALE: This unit has been started before and can't be started a second time
1778 */
1779 int unit_start(Unit *u) {
1780 UnitActiveState state;
1781 Unit *following;
1782
1783 assert(u);
1784
1785 /* If this is already started, then this will succeed. Note
1786 * that this will even succeed if this unit is not startable
1787 * by the user. This is relied on to detect when we need to
1788 * wait for units and when waiting is finished. */
1789 state = unit_active_state(u);
1790 if (UNIT_IS_ACTIVE_OR_RELOADING(state))
1791 return -EALREADY;
1792
1793 /* Units that aren't loaded cannot be started */
1794 if (u->load_state != UNIT_LOADED)
1795 return -EINVAL;
1796
1797 /* Refuse starting scope units more than once */
1798 if (UNIT_VTABLE(u)->once_only && dual_timestamp_is_set(&u->inactive_enter_timestamp))
1799 return -ESTALE;
1800
1801 /* If the conditions failed, don't do anything at all. If we
1802 * already are activating this call might still be useful to
1803 * speed up activation in case there is some hold-off time,
1804 * but we don't want to recheck the condition in that case. */
1805 if (state != UNIT_ACTIVATING &&
1806 !unit_condition_test(u)) {
1807 log_unit_debug(u, "Starting requested but condition failed. Not starting unit.");
1808 return -EALREADY;
1809 }
1810
1811 /* If the asserts failed, fail the entire job */
1812 if (state != UNIT_ACTIVATING &&
1813 !unit_assert_test(u)) {
1814 log_unit_notice(u, "Starting requested but asserts failed.");
1815 return -EPROTO;
1816 }
1817
1818 /* Units of types that aren't supported cannot be
1819 * started. Note that we do this test only after the condition
1820 * checks, so that we rather return condition check errors
1821 * (which are usually not considered a true failure) than "not
1822 * supported" errors (which are considered a failure).
1823 */
1824 if (!unit_supported(u))
1825 return -EOPNOTSUPP;
1826
1827 /* Let's make sure that the deps really are in order before we start this. Normally the job engine should have
1828 * taken care of this already, but let's check this here again. After all, our dependencies might not be in
1829 * effect anymore, due to a reload or due to a failed condition. */
1830 if (!unit_verify_deps(u))
1831 return -ENOLINK;
1832
1833 /* Forward to the main object, if we aren't it. */
1834 following = unit_following(u);
1835 if (following) {
1836 log_unit_debug(u, "Redirecting start request from %s to %s.", u->id, following->id);
1837 return unit_start(following);
1838 }
1839
1840 /* If it is stopped, but we cannot start it, then fail */
1841 if (!UNIT_VTABLE(u)->start)
1842 return -EBADR;
1843
1844 /* We don't suppress calls to ->start() here when we are
1845 * already starting, to allow this request to be used as a
1846 * "hurry up" call, for example when the unit is in some "auto
1847 * restart" state where it waits for a holdoff timer to elapse
1848 * before it will start again. */
1849
1850 unit_add_to_dbus_queue(u);
1851
1852 return UNIT_VTABLE(u)->start(u);
1853 }
1854
1855 bool unit_can_start(Unit *u) {
1856 assert(u);
1857
1858 if (u->load_state != UNIT_LOADED)
1859 return false;
1860
1861 if (!unit_supported(u))
1862 return false;
1863
1864 /* Scope units may be started only once */
1865 if (UNIT_VTABLE(u)->once_only && dual_timestamp_is_set(&u->inactive_exit_timestamp))
1866 return false;
1867
1868 return !!UNIT_VTABLE(u)->start;
1869 }
1870
1871 bool unit_can_isolate(Unit *u) {
1872 assert(u);
1873
1874 return unit_can_start(u) &&
1875 u->allow_isolate;
1876 }
1877
1878 /* Errors:
1879 * -EBADR: This unit type does not support stopping.
1880 * -EALREADY: Unit is already stopped.
1881 * -EAGAIN: An operation is already in progress. Retry later.
1882 */
1883 int unit_stop(Unit *u) {
1884 UnitActiveState state;
1885 Unit *following;
1886
1887 assert(u);
1888
1889 state = unit_active_state(u);
1890 if (UNIT_IS_INACTIVE_OR_FAILED(state))
1891 return -EALREADY;
1892
1893 following = unit_following(u);
1894 if (following) {
1895 log_unit_debug(u, "Redirecting stop request from %s to %s.", u->id, following->id);
1896 return unit_stop(following);
1897 }
1898
1899 if (!UNIT_VTABLE(u)->stop)
1900 return -EBADR;
1901
1902 unit_add_to_dbus_queue(u);
1903
1904 return UNIT_VTABLE(u)->stop(u);
1905 }
1906
1907 bool unit_can_stop(Unit *u) {
1908 assert(u);
1909
1910 if (!unit_supported(u))
1911 return false;
1912
1913 if (u->perpetual)
1914 return false;
1915
1916 return !!UNIT_VTABLE(u)->stop;
1917 }
1918
1919 /* Errors:
1920 * -EBADR: This unit type does not support reloading.
1921 * -ENOEXEC: Unit is not started.
1922 * -EAGAIN: An operation is already in progress. Retry later.
1923 */
1924 int unit_reload(Unit *u) {
1925 UnitActiveState state;
1926 Unit *following;
1927
1928 assert(u);
1929
1930 if (u->load_state != UNIT_LOADED)
1931 return -EINVAL;
1932
1933 if (!unit_can_reload(u))
1934 return -EBADR;
1935
1936 state = unit_active_state(u);
1937 if (state == UNIT_RELOADING)
1938 return -EALREADY;
1939
1940 if (state != UNIT_ACTIVE) {
1941 log_unit_warning(u, "Unit cannot be reloaded because it is inactive.");
1942 return -ENOEXEC;
1943 }
1944
1945 following = unit_following(u);
1946 if (following) {
1947 log_unit_debug(u, "Redirecting reload request from %s to %s.", u->id, following->id);
1948 return unit_reload(following);
1949 }
1950
1951 unit_add_to_dbus_queue(u);
1952
1953 if (!UNIT_VTABLE(u)->reload) {
1954 /* Unit doesn't have a reload function, but we need to propagate the reload anyway */
1955 unit_notify(u, unit_active_state(u), unit_active_state(u), 0);
1956 return 0;
1957 }
1958
1959 return UNIT_VTABLE(u)->reload(u);
1960 }
1961
1962 bool unit_can_reload(Unit *u) {
1963 assert(u);
1964
1965 if (UNIT_VTABLE(u)->can_reload)
1966 return UNIT_VTABLE(u)->can_reload(u);
1967
1968 if (!hashmap_isempty(u->dependencies[UNIT_PROPAGATES_RELOAD_TO]))
1969 return true;
1970
1971 return UNIT_VTABLE(u)->reload;
1972 }
1973
1974 bool unit_is_unneeded(Unit *u) {
1975 static const UnitDependency deps[] = {
1976 UNIT_REQUIRED_BY,
1977 UNIT_REQUISITE_OF,
1978 UNIT_WANTED_BY,
1979 UNIT_BOUND_BY,
1980 };
1981 size_t j;
1982
1983 assert(u);
1984
1985 if (!u->stop_when_unneeded)
1986 return false;
1987
1988 /* Don't clean up while the unit is transitioning or is even inactive. */
1989 if (!UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(u)))
1990 return false;
1991 if (u->job)
1992 return false;
1993
1994 for (j = 0; j < ELEMENTSOF(deps); j++) {
1995 Unit *other;
1996 Iterator i;
1997 void *v;
1998
1999 /* If a dependent unit has a job queued, is active or transitioning, or is marked for
2000 * restart, then don't clean this one up. */
2001
2002 HASHMAP_FOREACH_KEY(v, other, u->dependencies[deps[j]], i) {
2003 if (u->job)
2004 return false;
2005
2006 if (!UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other)))
2007 return false;
2008
2009 if (unit_will_restart(other))
2010 return false;
2011 }
2012 }
2013
2014 return true;
2015 }
2016
2017 static void check_unneeded_dependencies(Unit *u) {
2018
2019 static const UnitDependency deps[] = {
2020 UNIT_REQUIRES,
2021 UNIT_REQUISITE,
2022 UNIT_WANTS,
2023 UNIT_BINDS_TO,
2024 };
2025 size_t j;
2026
2027 assert(u);
2028
2029 /* Add all units this unit depends on to the queue that processes StopWhenUnneeded= behaviour. */
2030
2031 for (j = 0; j < ELEMENTSOF(deps); j++) {
2032 Unit *other;
2033 Iterator i;
2034 void *v;
2035
2036 HASHMAP_FOREACH_KEY(v, other, u->dependencies[deps[j]], i)
2037 unit_submit_to_stop_when_unneeded_queue(other);
2038 }
2039 }
2040
2041 static void unit_check_binds_to(Unit *u) {
2042 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2043 bool stop = false;
2044 Unit *other;
2045 Iterator i;
2046 void *v;
2047 int r;
2048
2049 assert(u);
2050
2051 if (u->job)
2052 return;
2053
2054 if (unit_active_state(u) != UNIT_ACTIVE)
2055 return;
2056
2057 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_BINDS_TO], i) {
2058 if (other->job)
2059 continue;
2060
2061 if (!other->coldplugged)
2062 /* We might yet create a job for the other unit… */
2063 continue;
2064
2065 if (!UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other)))
2066 continue;
2067
2068 stop = true;
2069 break;
2070 }
2071
2072 if (!stop)
2073 return;
2074
2075 /* If stopping a unit fails continuously we might enter a stop
2076 * loop here, hence stop acting on the service being
2077 * unnecessary after a while. */
2078 if (!ratelimit_below(&u->auto_stop_ratelimit)) {
2079 log_unit_warning(u, "Unit is bound to inactive unit %s, but not stopping since we tried this too often recently.", other->id);
2080 return;
2081 }
2082
2083 assert(other);
2084 log_unit_info(u, "Unit is bound to inactive unit %s. Stopping, too.", other->id);
2085
2086 /* A unit we need to run is gone. Sniff. Let's stop this. */
2087 r = manager_add_job(u->manager, JOB_STOP, u, JOB_FAIL, &error, NULL);
2088 if (r < 0)
2089 log_unit_warning_errno(u, r, "Failed to enqueue stop job, ignoring: %s", bus_error_message(&error, r));
2090 }
2091
2092 static void retroactively_start_dependencies(Unit *u) {
2093 Iterator i;
2094 Unit *other;
2095 void *v;
2096
2097 assert(u);
2098 assert(UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(u)));
2099
2100 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_REQUIRES], i)
2101 if (!hashmap_get(u->dependencies[UNIT_AFTER], other) &&
2102 !UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(other)))
2103 manager_add_job(u->manager, JOB_START, other, JOB_REPLACE, NULL, NULL);
2104
2105 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_BINDS_TO], i)
2106 if (!hashmap_get(u->dependencies[UNIT_AFTER], other) &&
2107 !UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(other)))
2108 manager_add_job(u->manager, JOB_START, other, JOB_REPLACE, NULL, NULL);
2109
2110 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_WANTS], i)
2111 if (!hashmap_get(u->dependencies[UNIT_AFTER], other) &&
2112 !UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(other)))
2113 manager_add_job(u->manager, JOB_START, other, JOB_FAIL, NULL, NULL);
2114
2115 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_CONFLICTS], i)
2116 if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
2117 manager_add_job(u->manager, JOB_STOP, other, JOB_REPLACE, NULL, NULL);
2118
2119 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_CONFLICTED_BY], i)
2120 if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
2121 manager_add_job(u->manager, JOB_STOP, other, JOB_REPLACE, NULL, NULL);
2122 }
2123
2124 static void retroactively_stop_dependencies(Unit *u) {
2125 Unit *other;
2126 Iterator i;
2127 void *v;
2128
2129 assert(u);
2130 assert(UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(u)));
2131
2132 /* Pull down units which are bound to us recursively if enabled */
2133 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_BOUND_BY], i)
2134 if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
2135 manager_add_job(u->manager, JOB_STOP, other, JOB_REPLACE, NULL, NULL);
2136 }
2137
2138 void unit_start_on_failure(Unit *u) {
2139 Unit *other;
2140 Iterator i;
2141 void *v;
2142 int r;
2143
2144 assert(u);
2145
2146 if (hashmap_size(u->dependencies[UNIT_ON_FAILURE]) <= 0)
2147 return;
2148
2149 log_unit_info(u, "Triggering OnFailure= dependencies.");
2150
2151 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_ON_FAILURE], i) {
2152 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2153
2154 r = manager_add_job(u->manager, JOB_START, other, u->on_failure_job_mode, &error, NULL);
2155 if (r < 0)
2156 log_unit_warning_errno(u, r, "Failed to enqueue OnFailure= job, ignoring: %s", bus_error_message(&error, r));
2157 }
2158 }
2159
2160 void unit_trigger_notify(Unit *u) {
2161 Unit *other;
2162 Iterator i;
2163 void *v;
2164
2165 assert(u);
2166
2167 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_TRIGGERED_BY], i)
2168 if (UNIT_VTABLE(other)->trigger_notify)
2169 UNIT_VTABLE(other)->trigger_notify(other, u);
2170 }
2171
2172 static int unit_log_resources(Unit *u) {
2173
2174 struct iovec iovec[1 + _CGROUP_IP_ACCOUNTING_METRIC_MAX + 4];
2175 size_t n_message_parts = 0, n_iovec = 0;
2176 char* message_parts[3 + 1], *t;
2177 nsec_t nsec = NSEC_INFINITY;
2178 CGroupIPAccountingMetric m;
2179 size_t i;
2180 int r;
2181 const char* const ip_fields[_CGROUP_IP_ACCOUNTING_METRIC_MAX] = {
2182 [CGROUP_IP_INGRESS_BYTES] = "IP_METRIC_INGRESS_BYTES",
2183 [CGROUP_IP_INGRESS_PACKETS] = "IP_METRIC_INGRESS_PACKETS",
2184 [CGROUP_IP_EGRESS_BYTES] = "IP_METRIC_EGRESS_BYTES",
2185 [CGROUP_IP_EGRESS_PACKETS] = "IP_METRIC_EGRESS_PACKETS",
2186 };
2187
2188 assert(u);
2189
2190 /* Invoked whenever a unit enters failed or dead state. Logs information about consumed resources if resource
2191 * accounting was enabled for a unit. It does this in two ways: a friendly human readable string with reduced
2192 * information and the complete data in structured fields. */
2193
2194 (void) unit_get_cpu_usage(u, &nsec);
2195 if (nsec != NSEC_INFINITY) {
2196 char buf[FORMAT_TIMESPAN_MAX] = "";
2197
2198 /* Format the CPU time for inclusion in the structured log message */
2199 if (asprintf(&t, "CPU_USAGE_NSEC=%" PRIu64, nsec) < 0) {
2200 r = log_oom();
2201 goto finish;
2202 }
2203 iovec[n_iovec++] = IOVEC_MAKE_STRING(t);
2204
2205 /* Format the CPU time for inclusion in the human language message string */
2206 format_timespan(buf, sizeof(buf), nsec / NSEC_PER_USEC, USEC_PER_MSEC);
2207 t = strjoin(n_message_parts > 0 ? "consumed " : "Consumed ", buf, " CPU time");
2208 if (!t) {
2209 r = log_oom();
2210 goto finish;
2211 }
2212
2213 message_parts[n_message_parts++] = t;
2214 }
2215
2216 for (m = 0; m < _CGROUP_IP_ACCOUNTING_METRIC_MAX; m++) {
2217 char buf[FORMAT_BYTES_MAX] = "";
2218 uint64_t value = UINT64_MAX;
2219
2220 assert(ip_fields[m]);
2221
2222 (void) unit_get_ip_accounting(u, m, &value);
2223 if (value == UINT64_MAX)
2224 continue;
2225
2226 /* Format IP accounting data for inclusion in the structured log message */
2227 if (asprintf(&t, "%s=%" PRIu64, ip_fields[m], value) < 0) {
2228 r = log_oom();
2229 goto finish;
2230 }
2231 iovec[n_iovec++] = IOVEC_MAKE_STRING(t);
2232
2233 /* Format the IP accounting data for inclusion in the human language message string, but only for the
2234 * bytes counters (and not for the packets counters) */
2235 if (m == CGROUP_IP_INGRESS_BYTES)
2236 t = strjoin(n_message_parts > 0 ? "received " : "Received ",
2237 format_bytes(buf, sizeof(buf), value),
2238 " IP traffic");
2239 else if (m == CGROUP_IP_EGRESS_BYTES)
2240 t = strjoin(n_message_parts > 0 ? "sent " : "Sent ",
2241 format_bytes(buf, sizeof(buf), value),
2242 " IP traffic");
2243 else
2244 continue;
2245 if (!t) {
2246 r = log_oom();
2247 goto finish;
2248 }
2249
2250 message_parts[n_message_parts++] = t;
2251 }
2252
2253 /* Is there any accounting data available at all? */
2254 if (n_iovec == 0) {
2255 r = 0;
2256 goto finish;
2257 }
2258
2259 if (n_message_parts == 0)
2260 t = strjoina("MESSAGE=", u->id, ": Completed");
2261 else {
2262 _cleanup_free_ char *joined;
2263
2264 message_parts[n_message_parts] = NULL;
2265
2266 joined = strv_join(message_parts, ", ");
2267 if (!joined) {
2268 r = log_oom();
2269 goto finish;
2270 }
2271
2272 t = strjoina("MESSAGE=", u->id, ": ", joined);
2273 }
2274
2275 /* The following four fields we allocate on the stack or are static strings, we hence don't want to free them,
2276 * and hence don't increase n_iovec for them */
2277 iovec[n_iovec] = IOVEC_MAKE_STRING(t);
2278 iovec[n_iovec + 1] = IOVEC_MAKE_STRING("MESSAGE_ID=" SD_MESSAGE_UNIT_RESOURCES_STR);
2279
2280 t = strjoina(u->manager->unit_log_field, u->id);
2281 iovec[n_iovec + 2] = IOVEC_MAKE_STRING(t);
2282
2283 t = strjoina(u->manager->invocation_log_field, u->invocation_id_string);
2284 iovec[n_iovec + 3] = IOVEC_MAKE_STRING(t);
2285
2286 log_struct_iovec(LOG_INFO, iovec, n_iovec + 4);
2287 r = 0;
2288
2289 finish:
2290 for (i = 0; i < n_message_parts; i++)
2291 free(message_parts[i]);
2292
2293 for (i = 0; i < n_iovec; i++)
2294 free(iovec[i].iov_base);
2295
2296 return r;
2297
2298 }
2299
2300 static void unit_update_on_console(Unit *u) {
2301 bool b;
2302
2303 assert(u);
2304
2305 b = unit_needs_console(u);
2306 if (u->on_console == b)
2307 return;
2308
2309 u->on_console = b;
2310 if (b)
2311 manager_ref_console(u->manager);
2312 else
2313 manager_unref_console(u->manager);
2314 }
2315
2316 void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, UnitNotifyFlags flags) {
2317 bool unexpected;
2318 Manager *m;
2319
2320 assert(u);
2321 assert(os < _UNIT_ACTIVE_STATE_MAX);
2322 assert(ns < _UNIT_ACTIVE_STATE_MAX);
2323
2324 /* Note that this is called for all low-level state changes, even if they might map to the same high-level
2325 * UnitActiveState! That means that ns == os is an expected behavior here. For example: if a mount point is
2326 * remounted this function will be called too! */
2327
2328 m = u->manager;
2329
2330 /* Update timestamps for state changes */
2331 if (!MANAGER_IS_RELOADING(m)) {
2332 dual_timestamp_get(&u->state_change_timestamp);
2333
2334 if (UNIT_IS_INACTIVE_OR_FAILED(os) && !UNIT_IS_INACTIVE_OR_FAILED(ns))
2335 u->inactive_exit_timestamp = u->state_change_timestamp;
2336 else if (!UNIT_IS_INACTIVE_OR_FAILED(os) && UNIT_IS_INACTIVE_OR_FAILED(ns))
2337 u->inactive_enter_timestamp = u->state_change_timestamp;
2338
2339 if (!UNIT_IS_ACTIVE_OR_RELOADING(os) && UNIT_IS_ACTIVE_OR_RELOADING(ns))
2340 u->active_enter_timestamp = u->state_change_timestamp;
2341 else if (UNIT_IS_ACTIVE_OR_RELOADING(os) && !UNIT_IS_ACTIVE_OR_RELOADING(ns))
2342 u->active_exit_timestamp = u->state_change_timestamp;
2343 }
2344
2345 /* Keep track of failed units */
2346 (void) manager_update_failed_units(u->manager, u, ns == UNIT_FAILED);
2347
2348 /* Make sure the cgroup and state files are always removed when we become inactive */
2349 if (UNIT_IS_INACTIVE_OR_FAILED(ns)) {
2350 unit_prune_cgroup(u);
2351 unit_unlink_state_files(u);
2352 }
2353
2354 unit_update_on_console(u);
2355
2356 if (u->job) {
2357 unexpected = false;
2358
2359 if (u->job->state == JOB_WAITING)
2360
2361 /* So we reached a different state for this
2362 * job. Let's see if we can run it now if it
2363 * failed previously due to EAGAIN. */
2364 job_add_to_run_queue(u->job);
2365
2366 /* Let's check whether this state change constitutes a
2367 * finished job, or maybe contradicts a running job and
2368 * hence needs to invalidate jobs. */
2369
2370 switch (u->job->type) {
2371
2372 case JOB_START:
2373 case JOB_VERIFY_ACTIVE:
2374
2375 if (UNIT_IS_ACTIVE_OR_RELOADING(ns))
2376 job_finish_and_invalidate(u->job, JOB_DONE, true, false);
2377 else if (u->job->state == JOB_RUNNING && ns != UNIT_ACTIVATING) {
2378 unexpected = true;
2379
2380 if (UNIT_IS_INACTIVE_OR_FAILED(ns))
2381 job_finish_and_invalidate(u->job, ns == UNIT_FAILED ? JOB_FAILED : JOB_DONE, true, false);
2382 }
2383
2384 break;
2385
2386 case JOB_RELOAD:
2387 case JOB_RELOAD_OR_START:
2388 case JOB_TRY_RELOAD:
2389
2390 if (u->job->state == JOB_RUNNING) {
2391 if (ns == UNIT_ACTIVE)
2392 job_finish_and_invalidate(u->job, (flags & UNIT_NOTIFY_RELOAD_FAILURE) ? JOB_FAILED : JOB_DONE, true, false);
2393 else if (!IN_SET(ns, UNIT_ACTIVATING, UNIT_RELOADING)) {
2394 unexpected = true;
2395
2396 if (UNIT_IS_INACTIVE_OR_FAILED(ns))
2397 job_finish_and_invalidate(u->job, ns == UNIT_FAILED ? JOB_FAILED : JOB_DONE, true, false);
2398 }
2399 }
2400
2401 break;
2402
2403 case JOB_STOP:
2404 case JOB_RESTART:
2405 case JOB_TRY_RESTART:
2406
2407 if (UNIT_IS_INACTIVE_OR_FAILED(ns))
2408 job_finish_and_invalidate(u->job, JOB_DONE, true, false);
2409 else if (u->job->state == JOB_RUNNING && ns != UNIT_DEACTIVATING) {
2410 unexpected = true;
2411 job_finish_and_invalidate(u->job, JOB_FAILED, true, false);
2412 }
2413
2414 break;
2415
2416 default:
2417 assert_not_reached("Job type unknown");
2418 }
2419
2420 } else
2421 unexpected = true;
2422
2423 if (!MANAGER_IS_RELOADING(m)) {
2424
2425 /* If this state change happened without being
2426 * requested by a job, then let's retroactively start
2427 * or stop dependencies. We skip that step when
2428 * deserializing, since we don't want to create any
2429 * additional jobs just because something is already
2430 * activated. */
2431
2432 if (unexpected) {
2433 if (UNIT_IS_INACTIVE_OR_FAILED(os) && UNIT_IS_ACTIVE_OR_ACTIVATING(ns))
2434 retroactively_start_dependencies(u);
2435 else if (UNIT_IS_ACTIVE_OR_ACTIVATING(os) && UNIT_IS_INACTIVE_OR_DEACTIVATING(ns))
2436 retroactively_stop_dependencies(u);
2437 }
2438
2439 /* stop unneeded units regardless if going down was expected or not */
2440 if (UNIT_IS_INACTIVE_OR_FAILED(ns))
2441 check_unneeded_dependencies(u);
2442
2443 if (ns != os && ns == UNIT_FAILED) {
2444 log_unit_debug(u, "Unit entered failed state.");
2445
2446 if (!(flags & UNIT_NOTIFY_WILL_AUTO_RESTART))
2447 unit_start_on_failure(u);
2448 }
2449
2450 if (UNIT_IS_ACTIVE_OR_RELOADING(ns) && !UNIT_IS_ACTIVE_OR_RELOADING(os)) {
2451 /* This unit just finished starting up */
2452
2453 if (u->type == UNIT_SERVICE) {
2454 /* Write audit record if we have just finished starting up */
2455 manager_send_unit_audit(m, u, AUDIT_SERVICE_START, true);
2456 u->in_audit = true;
2457 }
2458
2459 manager_send_unit_plymouth(m, u);
2460 }
2461
2462 if (UNIT_IS_INACTIVE_OR_FAILED(ns) && !UNIT_IS_INACTIVE_OR_FAILED(os)) {
2463 /* This unit just stopped/failed. */
2464
2465 if (u->type == UNIT_SERVICE) {
2466
2467 if (u->in_audit) {
2468 /* Write audit record if we have just finished shutting down */
2469 manager_send_unit_audit(m, u, AUDIT_SERVICE_STOP, ns == UNIT_INACTIVE);
2470 u->in_audit = false;
2471 } else {
2472 /* Hmm, if there was no start record written write it now, so that we always
2473 * have a nice pair */
2474 manager_send_unit_audit(m, u, AUDIT_SERVICE_START, ns == UNIT_INACTIVE);
2475
2476 if (ns == UNIT_INACTIVE)
2477 manager_send_unit_audit(m, u, AUDIT_SERVICE_STOP, true);
2478 }
2479 }
2480
2481 /* Write a log message about consumed resources */
2482 unit_log_resources(u);
2483 }
2484 }
2485
2486 manager_recheck_journal(m);
2487 manager_recheck_dbus(m);
2488
2489 unit_trigger_notify(u);
2490
2491 if (!MANAGER_IS_RELOADING(u->manager)) {
2492 /* Maybe we finished startup and are now ready for being stopped because unneeded? */
2493 unit_submit_to_stop_when_unneeded_queue(u);
2494
2495 /* Maybe we finished startup, but something we needed has vanished? Let's die then. (This happens when
2496 * something BindsTo= to a Type=oneshot unit, as these units go directly from starting to inactive,
2497 * without ever entering started.) */
2498 unit_check_binds_to(u);
2499
2500 if (os != UNIT_FAILED && ns == UNIT_FAILED)
2501 (void) emergency_action(u->manager, u->failure_action, u->reboot_arg, "unit failed");
2502 else if (!UNIT_IS_INACTIVE_OR_FAILED(os) && ns == UNIT_INACTIVE)
2503 (void) emergency_action(u->manager, u->success_action, u->reboot_arg, "unit succeeded");
2504 }
2505
2506 unit_add_to_dbus_queue(u);
2507 unit_add_to_gc_queue(u);
2508 }
2509
2510 int unit_watch_pid(Unit *u, pid_t pid) {
2511 int r;
2512
2513 assert(u);
2514 assert(pid_is_valid(pid));
2515
2516 /* Watch a specific PID */
2517
2518 r = set_ensure_allocated(&u->pids, NULL);
2519 if (r < 0)
2520 return r;
2521
2522 r = hashmap_ensure_allocated(&u->manager->watch_pids, NULL);
2523 if (r < 0)
2524 return r;
2525
2526 /* First try, let's add the unit keyed by "pid". */
2527 r = hashmap_put(u->manager->watch_pids, PID_TO_PTR(pid), u);
2528 if (r == -EEXIST) {
2529 Unit **array;
2530 bool found = false;
2531 size_t n = 0;
2532
2533 /* OK, the "pid" key is already assigned to a different unit. Let's see if the "-pid" key (which points
2534 * to an array of Units rather than just a Unit), lists us already. */
2535
2536 array = hashmap_get(u->manager->watch_pids, PID_TO_PTR(-pid));
2537 if (array)
2538 for (; array[n]; n++)
2539 if (array[n] == u)
2540 found = true;
2541
2542 if (found) /* Found it already? if so, do nothing */
2543 r = 0;
2544 else {
2545 Unit **new_array;
2546
2547 /* Allocate a new array */
2548 new_array = new(Unit*, n + 2);
2549 if (!new_array)
2550 return -ENOMEM;
2551
2552 memcpy_safe(new_array, array, sizeof(Unit*) * n);
2553 new_array[n] = u;
2554 new_array[n+1] = NULL;
2555
2556 /* Add or replace the old array */
2557 r = hashmap_replace(u->manager->watch_pids, PID_TO_PTR(-pid), new_array);
2558 if (r < 0) {
2559 free(new_array);
2560 return r;
2561 }
2562
2563 free(array);
2564 }
2565 } else if (r < 0)
2566 return r;
2567
2568 r = set_put(u->pids, PID_TO_PTR(pid));
2569 if (r < 0)
2570 return r;
2571
2572 return 0;
2573 }
2574
2575 void unit_unwatch_pid(Unit *u, pid_t pid) {
2576 Unit **array;
2577
2578 assert(u);
2579 assert(pid_is_valid(pid));
2580
2581 /* First let's drop the unit in case it's keyed as "pid". */
2582 (void) hashmap_remove_value(u->manager->watch_pids, PID_TO_PTR(pid), u);
2583
2584 /* Then, let's also drop the unit, in case it's in the array keyed by -pid */
2585 array = hashmap_get(u->manager->watch_pids, PID_TO_PTR(-pid));
2586 if (array) {
2587 size_t n, m = 0;
2588
2589 /* Let's iterate through the array, dropping our own entry */
2590 for (n = 0; array[n]; n++)
2591 if (array[n] != u)
2592 array[m++] = array[n];
2593 array[m] = NULL;
2594
2595 if (m == 0) {
2596 /* The array is now empty, remove the entire entry */
2597 assert(hashmap_remove(u->manager->watch_pids, PID_TO_PTR(-pid)) == array);
2598 free(array);
2599 }
2600 }
2601
2602 (void) set_remove(u->pids, PID_TO_PTR(pid));
2603 }
2604
2605 void unit_unwatch_all_pids(Unit *u) {
2606 assert(u);
2607
2608 while (!set_isempty(u->pids))
2609 unit_unwatch_pid(u, PTR_TO_PID(set_first(u->pids)));
2610
2611 u->pids = set_free(u->pids);
2612 }
2613
2614 static void unit_tidy_watch_pids(Unit *u) {
2615 pid_t except1, except2;
2616 Iterator i;
2617 void *e;
2618
2619 assert(u);
2620
2621 /* Cleans dead PIDs from our list */
2622
2623 except1 = unit_main_pid(u);
2624 except2 = unit_control_pid(u);
2625
2626 SET_FOREACH(e, u->pids, i) {
2627 pid_t pid = PTR_TO_PID(e);
2628
2629 if (pid == except1 || pid == except2)
2630 continue;
2631
2632 if (!pid_is_unwaited(pid))
2633 unit_unwatch_pid(u, pid);
2634 }
2635 }
2636
2637 static int on_rewatch_pids_event(sd_event_source *s, void *userdata) {
2638 Unit *u = userdata;
2639
2640 assert(s);
2641 assert(u);
2642
2643 unit_tidy_watch_pids(u);
2644 unit_watch_all_pids(u);
2645
2646 /* If the PID set is empty now, then let's finish this off. */
2647 unit_synthesize_cgroup_empty_event(u);
2648
2649 return 0;
2650 }
2651
2652 int unit_enqueue_rewatch_pids(Unit *u) {
2653 int r;
2654
2655 assert(u);
2656
2657 if (!u->cgroup_path)
2658 return -ENOENT;
2659
2660 r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER);
2661 if (r < 0)
2662 return r;
2663 if (r > 0) /* On unified we can use proper notifications */
2664 return 0;
2665
2666 /* Enqueues a low-priority job that will clean up dead PIDs from our list of PIDs to watch and subscribe to new
2667 * PIDs that might have appeared. We do this in a delayed job because the work might be quite slow, as it
2668 * involves issuing kill(pid, 0) on all processes we watch. */
2669
2670 if (!u->rewatch_pids_event_source) {
2671 _cleanup_(sd_event_source_unrefp) sd_event_source *s = NULL;
2672
2673 r = sd_event_add_defer(u->manager->event, &s, on_rewatch_pids_event, u);
2674 if (r < 0)
2675 return log_error_errno(r, "Failed to allocate event source for tidying watched PIDs: %m");
2676
2677 r = sd_event_source_set_priority(s, SD_EVENT_PRIORITY_IDLE);
2678 if (r < 0)
2679 return log_error_errno(r, "Failed to adjust priority of event source for tidying watched PIDs: m");
2680
2681 (void) sd_event_source_set_description(s, "tidy-watch-pids");
2682
2683 u->rewatch_pids_event_source = TAKE_PTR(s);
2684 }
2685
2686 r = sd_event_source_set_enabled(u->rewatch_pids_event_source, SD_EVENT_ONESHOT);
2687 if (r < 0)
2688 return log_error_errno(r, "Failed to enable event source for tidying watched PIDs: %m");
2689
2690 return 0;
2691 }
2692
2693 void unit_dequeue_rewatch_pids(Unit *u) {
2694 int r;
2695 assert(u);
2696
2697 if (!u->rewatch_pids_event_source)
2698 return;
2699
2700 r = sd_event_source_set_enabled(u->rewatch_pids_event_source, SD_EVENT_OFF);
2701 if (r < 0)
2702 log_warning_errno(r, "Failed to disable event source for tidying watched PIDs, ignoring: %m");
2703
2704 u->rewatch_pids_event_source = sd_event_source_unref(u->rewatch_pids_event_source);
2705 }
2706
2707 bool unit_job_is_applicable(Unit *u, JobType j) {
2708 assert(u);
2709 assert(j >= 0 && j < _JOB_TYPE_MAX);
2710
2711 switch (j) {
2712
2713 case JOB_VERIFY_ACTIVE:
2714 case JOB_START:
2715 case JOB_NOP:
2716 /* Note that we don't check unit_can_start() here. That's because .device units and suchlike are not
2717 * startable by us but may appear due to external events, and it thus makes sense to permit enqueing
2718 * jobs for it. */
2719 return true;
2720
2721 case JOB_STOP:
2722 /* Similar as above. However, perpetual units can never be stopped (neither explicitly nor due to
2723 * external events), hence it makes no sense to permit enqueing such a request either. */
2724 return !u->perpetual;
2725
2726 case JOB_RESTART:
2727 case JOB_TRY_RESTART:
2728 return unit_can_stop(u) && unit_can_start(u);
2729
2730 case JOB_RELOAD:
2731 case JOB_TRY_RELOAD:
2732 return unit_can_reload(u);
2733
2734 case JOB_RELOAD_OR_START:
2735 return unit_can_reload(u) && unit_can_start(u);
2736
2737 default:
2738 assert_not_reached("Invalid job type");
2739 }
2740 }
2741
2742 static void maybe_warn_about_dependency(Unit *u, const char *other, UnitDependency dependency) {
2743 assert(u);
2744
2745 /* Only warn about some unit types */
2746 if (!IN_SET(dependency, UNIT_CONFLICTS, UNIT_CONFLICTED_BY, UNIT_BEFORE, UNIT_AFTER, UNIT_ON_FAILURE, UNIT_TRIGGERS, UNIT_TRIGGERED_BY))
2747 return;
2748
2749 if (streq_ptr(u->id, other))
2750 log_unit_warning(u, "Dependency %s=%s dropped", unit_dependency_to_string(dependency), u->id);
2751 else
2752 log_unit_warning(u, "Dependency %s=%s dropped, merged into %s", unit_dependency_to_string(dependency), strna(other), u->id);
2753 }
2754
2755 static int unit_add_dependency_hashmap(
2756 Hashmap **h,
2757 Unit *other,
2758 UnitDependencyMask origin_mask,
2759 UnitDependencyMask destination_mask) {
2760
2761 UnitDependencyInfo info;
2762 int r;
2763
2764 assert(h);
2765 assert(other);
2766 assert(origin_mask < _UNIT_DEPENDENCY_MASK_FULL);
2767 assert(destination_mask < _UNIT_DEPENDENCY_MASK_FULL);
2768 assert(origin_mask > 0 || destination_mask > 0);
2769
2770 r = hashmap_ensure_allocated(h, NULL);
2771 if (r < 0)
2772 return r;
2773
2774 assert_cc(sizeof(void*) == sizeof(info));
2775
2776 info.data = hashmap_get(*h, other);
2777 if (info.data) {
2778 /* Entry already exists. Add in our mask. */
2779
2780 if (FLAGS_SET(origin_mask, info.origin_mask) &&
2781 FLAGS_SET(destination_mask, info.destination_mask))
2782 return 0; /* NOP */
2783
2784 info.origin_mask |= origin_mask;
2785 info.destination_mask |= destination_mask;
2786
2787 r = hashmap_update(*h, other, info.data);
2788 } else {
2789 info = (UnitDependencyInfo) {
2790 .origin_mask = origin_mask,
2791 .destination_mask = destination_mask,
2792 };
2793
2794 r = hashmap_put(*h, other, info.data);
2795 }
2796 if (r < 0)
2797 return r;
2798
2799 return 1;
2800 }
2801
2802 int unit_add_dependency(
2803 Unit *u,
2804 UnitDependency d,
2805 Unit *other,
2806 bool add_reference,
2807 UnitDependencyMask mask) {
2808
2809 static const UnitDependency inverse_table[_UNIT_DEPENDENCY_MAX] = {
2810 [UNIT_REQUIRES] = UNIT_REQUIRED_BY,
2811 [UNIT_WANTS] = UNIT_WANTED_BY,
2812 [UNIT_REQUISITE] = UNIT_REQUISITE_OF,
2813 [UNIT_BINDS_TO] = UNIT_BOUND_BY,
2814 [UNIT_PART_OF] = UNIT_CONSISTS_OF,
2815 [UNIT_REQUIRED_BY] = UNIT_REQUIRES,
2816 [UNIT_REQUISITE_OF] = UNIT_REQUISITE,
2817 [UNIT_WANTED_BY] = UNIT_WANTS,
2818 [UNIT_BOUND_BY] = UNIT_BINDS_TO,
2819 [UNIT_CONSISTS_OF] = UNIT_PART_OF,
2820 [UNIT_CONFLICTS] = UNIT_CONFLICTED_BY,
2821 [UNIT_CONFLICTED_BY] = UNIT_CONFLICTS,
2822 [UNIT_BEFORE] = UNIT_AFTER,
2823 [UNIT_AFTER] = UNIT_BEFORE,
2824 [UNIT_ON_FAILURE] = _UNIT_DEPENDENCY_INVALID,
2825 [UNIT_REFERENCES] = UNIT_REFERENCED_BY,
2826 [UNIT_REFERENCED_BY] = UNIT_REFERENCES,
2827 [UNIT_TRIGGERS] = UNIT_TRIGGERED_BY,
2828 [UNIT_TRIGGERED_BY] = UNIT_TRIGGERS,
2829 [UNIT_PROPAGATES_RELOAD_TO] = UNIT_RELOAD_PROPAGATED_FROM,
2830 [UNIT_RELOAD_PROPAGATED_FROM] = UNIT_PROPAGATES_RELOAD_TO,
2831 [UNIT_JOINS_NAMESPACE_OF] = UNIT_JOINS_NAMESPACE_OF,
2832 };
2833 Unit *original_u = u, *original_other = other;
2834 int r;
2835
2836 assert(u);
2837 assert(d >= 0 && d < _UNIT_DEPENDENCY_MAX);
2838 assert(other);
2839
2840 u = unit_follow_merge(u);
2841 other = unit_follow_merge(other);
2842
2843 /* We won't allow dependencies on ourselves. We will not
2844 * consider them an error however. */
2845 if (u == other) {
2846 maybe_warn_about_dependency(original_u, original_other->id, d);
2847 return 0;
2848 }
2849
2850 if ((d == UNIT_BEFORE && other->type == UNIT_DEVICE) ||
2851 (d == UNIT_AFTER && u->type == UNIT_DEVICE)) {
2852 log_unit_warning(u, "Dependency Before=%s ignored (.device units cannot be delayed)", other->id);
2853 return 0;
2854 }
2855
2856 r = unit_add_dependency_hashmap(u->dependencies + d, other, mask, 0);
2857 if (r < 0)
2858 return r;
2859
2860 if (inverse_table[d] != _UNIT_DEPENDENCY_INVALID && inverse_table[d] != d) {
2861 r = unit_add_dependency_hashmap(other->dependencies + inverse_table[d], u, 0, mask);
2862 if (r < 0)
2863 return r;
2864 }
2865
2866 if (add_reference) {
2867 r = unit_add_dependency_hashmap(u->dependencies + UNIT_REFERENCES, other, mask, 0);
2868 if (r < 0)
2869 return r;
2870
2871 r = unit_add_dependency_hashmap(other->dependencies + UNIT_REFERENCED_BY, u, 0, mask);
2872 if (r < 0)
2873 return r;
2874 }
2875
2876 unit_add_to_dbus_queue(u);
2877 return 0;
2878 }
2879
2880 int unit_add_two_dependencies(Unit *u, UnitDependency d, UnitDependency e, Unit *other, bool add_reference, UnitDependencyMask mask) {
2881 int r;
2882
2883 assert(u);
2884
2885 r = unit_add_dependency(u, d, other, add_reference, mask);
2886 if (r < 0)
2887 return r;
2888
2889 return unit_add_dependency(u, e, other, add_reference, mask);
2890 }
2891
2892 static int resolve_template(Unit *u, const char *name, char **buf, const char **ret) {
2893 int r;
2894
2895 assert(u);
2896 assert(name);
2897 assert(buf);
2898 assert(ret);
2899
2900 if (!unit_name_is_valid(name, UNIT_NAME_TEMPLATE)) {
2901 *buf = NULL;
2902 *ret = name;
2903 return 0;
2904 }
2905
2906 if (u->instance)
2907 r = unit_name_replace_instance(name, u->instance, buf);
2908 else {
2909 _cleanup_free_ char *i = NULL;
2910
2911 r = unit_name_to_prefix(u->id, &i);
2912 if (r < 0)
2913 return r;
2914
2915 r = unit_name_replace_instance(name, i, buf);
2916 }
2917 if (r < 0)
2918 return r;
2919
2920 *ret = *buf;
2921 return 0;
2922 }
2923
2924 int unit_add_dependency_by_name(Unit *u, UnitDependency d, const char *name, bool add_reference, UnitDependencyMask mask) {
2925 _cleanup_free_ char *buf = NULL;
2926 Unit *other;
2927 int r;
2928
2929 assert(u);
2930 assert(name);
2931
2932 r = resolve_template(u, name, &buf, &name);
2933 if (r < 0)
2934 return r;
2935
2936 r = manager_load_unit(u->manager, name, NULL, NULL, &other);
2937 if (r < 0)
2938 return r;
2939
2940 return unit_add_dependency(u, d, other, add_reference, mask);
2941 }
2942
2943 int unit_add_two_dependencies_by_name(Unit *u, UnitDependency d, UnitDependency e, const char *name, bool add_reference, UnitDependencyMask mask) {
2944 _cleanup_free_ char *buf = NULL;
2945 Unit *other;
2946 int r;
2947
2948 assert(u);
2949 assert(name);
2950
2951 r = resolve_template(u, name, &buf, &name);
2952 if (r < 0)
2953 return r;
2954
2955 r = manager_load_unit(u->manager, name, NULL, NULL, &other);
2956 if (r < 0)
2957 return r;
2958
2959 return unit_add_two_dependencies(u, d, e, other, add_reference, mask);
2960 }
2961
2962 int set_unit_path(const char *p) {
2963 /* This is mostly for debug purposes */
2964 if (setenv("SYSTEMD_UNIT_PATH", p, 1) < 0)
2965 return -errno;
2966
2967 return 0;
2968 }
2969
2970 char *unit_dbus_path(Unit *u) {
2971 assert(u);
2972
2973 if (!u->id)
2974 return NULL;
2975
2976 return unit_dbus_path_from_name(u->id);
2977 }
2978
2979 char *unit_dbus_path_invocation_id(Unit *u) {
2980 assert(u);
2981
2982 if (sd_id128_is_null(u->invocation_id))
2983 return NULL;
2984
2985 return unit_dbus_path_from_name(u->invocation_id_string);
2986 }
2987
2988 int unit_set_slice(Unit *u, Unit *slice) {
2989 assert(u);
2990 assert(slice);
2991
2992 /* Sets the unit slice if it has not been set before. Is extra
2993 * careful, to only allow this for units that actually have a
2994 * cgroup context. Also, we don't allow to set this for slices
2995 * (since the parent slice is derived from the name). Make
2996 * sure the unit we set is actually a slice. */
2997
2998 if (!UNIT_HAS_CGROUP_CONTEXT(u))
2999 return -EOPNOTSUPP;
3000
3001 if (u->type == UNIT_SLICE)
3002 return -EINVAL;
3003
3004 if (unit_active_state(u) != UNIT_INACTIVE)
3005 return -EBUSY;
3006
3007 if (slice->type != UNIT_SLICE)
3008 return -EINVAL;
3009
3010 if (unit_has_name(u, SPECIAL_INIT_SCOPE) &&
3011 !unit_has_name(slice, SPECIAL_ROOT_SLICE))
3012 return -EPERM;
3013
3014 if (UNIT_DEREF(u->slice) == slice)
3015 return 0;
3016
3017 /* Disallow slice changes if @u is already bound to cgroups */
3018 if (UNIT_ISSET(u->slice) && u->cgroup_realized)
3019 return -EBUSY;
3020
3021 unit_ref_set(&u->slice, u, slice);
3022 return 1;
3023 }
3024
3025 int unit_set_default_slice(Unit *u) {
3026 _cleanup_free_ char *b = NULL;
3027 const char *slice_name;
3028 Unit *slice;
3029 int r;
3030
3031 assert(u);
3032
3033 if (UNIT_ISSET(u->slice))
3034 return 0;
3035
3036 if (u->instance) {
3037 _cleanup_free_ char *prefix = NULL, *escaped = NULL;
3038
3039 /* Implicitly place all instantiated units in their
3040 * own per-template slice */
3041
3042 r = unit_name_to_prefix(u->id, &prefix);
3043 if (r < 0)
3044 return r;
3045
3046 /* The prefix is already escaped, but it might include
3047 * "-" which has a special meaning for slice units,
3048 * hence escape it here extra. */
3049 escaped = unit_name_escape(prefix);
3050 if (!escaped)
3051 return -ENOMEM;
3052
3053 if (MANAGER_IS_SYSTEM(u->manager))
3054 b = strjoin("system-", escaped, ".slice");
3055 else
3056 b = strappend(escaped, ".slice");
3057 if (!b)
3058 return -ENOMEM;
3059
3060 slice_name = b;
3061 } else
3062 slice_name =
3063 MANAGER_IS_SYSTEM(u->manager) && !unit_has_name(u, SPECIAL_INIT_SCOPE)
3064 ? SPECIAL_SYSTEM_SLICE
3065 : SPECIAL_ROOT_SLICE;
3066
3067 r = manager_load_unit(u->manager, slice_name, NULL, NULL, &slice);
3068 if (r < 0)
3069 return r;
3070
3071 return unit_set_slice(u, slice);
3072 }
3073
3074 const char *unit_slice_name(Unit *u) {
3075 assert(u);
3076
3077 if (!UNIT_ISSET(u->slice))
3078 return NULL;
3079
3080 return UNIT_DEREF(u->slice)->id;
3081 }
3082
3083 int unit_load_related_unit(Unit *u, const char *type, Unit **_found) {
3084 _cleanup_free_ char *t = NULL;
3085 int r;
3086
3087 assert(u);
3088 assert(type);
3089 assert(_found);
3090
3091 r = unit_name_change_suffix(u->id, type, &t);
3092 if (r < 0)
3093 return r;
3094 if (unit_has_name(u, t))
3095 return -EINVAL;
3096
3097 r = manager_load_unit(u->manager, t, NULL, NULL, _found);
3098 assert(r < 0 || *_found != u);
3099 return r;
3100 }
3101
3102 static int signal_name_owner_changed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
3103 const char *name, *old_owner, *new_owner;
3104 Unit *u = userdata;
3105 int r;
3106
3107 assert(message);
3108 assert(u);
3109
3110 r = sd_bus_message_read(message, "sss", &name, &old_owner, &new_owner);
3111 if (r < 0) {
3112 bus_log_parse_error(r);
3113 return 0;
3114 }
3115
3116 old_owner = empty_to_null(old_owner);
3117 new_owner = empty_to_null(new_owner);
3118
3119 if (UNIT_VTABLE(u)->bus_name_owner_change)
3120 UNIT_VTABLE(u)->bus_name_owner_change(u, name, old_owner, new_owner);
3121
3122 return 0;
3123 }
3124
3125 int unit_install_bus_match(Unit *u, sd_bus *bus, const char *name) {
3126 const char *match;
3127
3128 assert(u);
3129 assert(bus);
3130 assert(name);
3131
3132 if (u->match_bus_slot)
3133 return -EBUSY;
3134
3135 match = strjoina("type='signal',"
3136 "sender='org.freedesktop.DBus',"
3137 "path='/org/freedesktop/DBus',"
3138 "interface='org.freedesktop.DBus',"
3139 "member='NameOwnerChanged',"
3140 "arg0='", name, "'");
3141
3142 return sd_bus_add_match_async(bus, &u->match_bus_slot, match, signal_name_owner_changed, NULL, u);
3143 }
3144
3145 int unit_watch_bus_name(Unit *u, const char *name) {
3146 int r;
3147
3148 assert(u);
3149 assert(name);
3150
3151 /* Watch a specific name on the bus. We only support one unit
3152 * watching each name for now. */
3153
3154 if (u->manager->api_bus) {
3155 /* If the bus is already available, install the match directly.
3156 * Otherwise, just put the name in the list. bus_setup_api() will take care later. */
3157 r = unit_install_bus_match(u, u->manager->api_bus, name);
3158 if (r < 0)
3159 return log_warning_errno(r, "Failed to subscribe to NameOwnerChanged signal for '%s': %m", name);
3160 }
3161
3162 r = hashmap_put(u->manager->watch_bus, name, u);
3163 if (r < 0) {
3164 u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot);
3165 return log_warning_errno(r, "Failed to put bus name to hashmap: %m");
3166 }
3167
3168 return 0;
3169 }
3170
3171 void unit_unwatch_bus_name(Unit *u, const char *name) {
3172 assert(u);
3173 assert(name);
3174
3175 (void) hashmap_remove_value(u->manager->watch_bus, name, u);
3176 u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot);
3177 }
3178
3179 bool unit_can_serialize(Unit *u) {
3180 assert(u);
3181
3182 return UNIT_VTABLE(u)->serialize && UNIT_VTABLE(u)->deserialize_item;
3183 }
3184
3185 static int unit_serialize_cgroup_mask(FILE *f, const char *key, CGroupMask mask) {
3186 _cleanup_free_ char *s = NULL;
3187 int r = 0;
3188
3189 assert(f);
3190 assert(key);
3191
3192 if (mask != 0) {
3193 r = cg_mask_to_string(mask, &s);
3194 if (r >= 0) {
3195 fputs(key, f);
3196 fputc('=', f);
3197 fputs(s, f);
3198 fputc('\n', f);
3199 }
3200 }
3201 return r;
3202 }
3203
3204 static const char *ip_accounting_metric_field[_CGROUP_IP_ACCOUNTING_METRIC_MAX] = {
3205 [CGROUP_IP_INGRESS_BYTES] = "ip-accounting-ingress-bytes",
3206 [CGROUP_IP_INGRESS_PACKETS] = "ip-accounting-ingress-packets",
3207 [CGROUP_IP_EGRESS_BYTES] = "ip-accounting-egress-bytes",
3208 [CGROUP_IP_EGRESS_PACKETS] = "ip-accounting-egress-packets",
3209 };
3210
3211 int unit_serialize(Unit *u, FILE *f, FDSet *fds, bool serialize_jobs) {
3212 CGroupIPAccountingMetric m;
3213 int r;
3214
3215 assert(u);
3216 assert(f);
3217 assert(fds);
3218
3219 if (unit_can_serialize(u)) {
3220 r = UNIT_VTABLE(u)->serialize(u, f, fds);
3221 if (r < 0)
3222 return r;
3223 }
3224
3225 dual_timestamp_serialize(f, "state-change-timestamp", &u->state_change_timestamp);
3226
3227 dual_timestamp_serialize(f, "inactive-exit-timestamp", &u->inactive_exit_timestamp);
3228 dual_timestamp_serialize(f, "active-enter-timestamp", &u->active_enter_timestamp);
3229 dual_timestamp_serialize(f, "active-exit-timestamp", &u->active_exit_timestamp);
3230 dual_timestamp_serialize(f, "inactive-enter-timestamp", &u->inactive_enter_timestamp);
3231
3232 dual_timestamp_serialize(f, "condition-timestamp", &u->condition_timestamp);
3233 dual_timestamp_serialize(f, "assert-timestamp", &u->assert_timestamp);
3234
3235 if (dual_timestamp_is_set(&u->condition_timestamp))
3236 unit_serialize_item(u, f, "condition-result", yes_no(u->condition_result));
3237
3238 if (dual_timestamp_is_set(&u->assert_timestamp))
3239 unit_serialize_item(u, f, "assert-result", yes_no(u->assert_result));
3240
3241 unit_serialize_item(u, f, "transient", yes_no(u->transient));
3242
3243 unit_serialize_item(u, f, "in-audit", yes_no(u->in_audit));
3244
3245 unit_serialize_item(u, f, "exported-invocation-id", yes_no(u->exported_invocation_id));
3246 unit_serialize_item(u, f, "exported-log-level-max", yes_no(u->exported_log_level_max));
3247 unit_serialize_item(u, f, "exported-log-extra-fields", yes_no(u->exported_log_extra_fields));
3248
3249 unit_serialize_item_format(u, f, "cpu-usage-base", "%" PRIu64, u->cpu_usage_base);
3250 if (u->cpu_usage_last != NSEC_INFINITY)
3251 unit_serialize_item_format(u, f, "cpu-usage-last", "%" PRIu64, u->cpu_usage_last);
3252
3253 if (u->cgroup_path)
3254 unit_serialize_item(u, f, "cgroup", u->cgroup_path);
3255 unit_serialize_item(u, f, "cgroup-realized", yes_no(u->cgroup_realized));
3256 (void) unit_serialize_cgroup_mask(f, "cgroup-realized-mask", u->cgroup_realized_mask);
3257 (void) unit_serialize_cgroup_mask(f, "cgroup-enabled-mask", u->cgroup_enabled_mask);
3258 (void) unit_serialize_cgroup_mask(f, "cgroup-invalidated-mask", u->cgroup_invalidated_mask);
3259
3260 if (uid_is_valid(u->ref_uid))
3261 unit_serialize_item_format(u, f, "ref-uid", UID_FMT, u->ref_uid);
3262 if (gid_is_valid(u->ref_gid))
3263 unit_serialize_item_format(u, f, "ref-gid", GID_FMT, u->ref_gid);
3264
3265 if (!sd_id128_is_null(u->invocation_id))
3266 unit_serialize_item_format(u, f, "invocation-id", SD_ID128_FORMAT_STR, SD_ID128_FORMAT_VAL(u->invocation_id));
3267
3268 bus_track_serialize(u->bus_track, f, "ref");
3269
3270 for (m = 0; m < _CGROUP_IP_ACCOUNTING_METRIC_MAX; m++) {
3271 uint64_t v;
3272
3273 r = unit_get_ip_accounting(u, m, &v);
3274 if (r >= 0)
3275 unit_serialize_item_format(u, f, ip_accounting_metric_field[m], "%" PRIu64, v);
3276 }
3277
3278 if (serialize_jobs) {
3279 if (u->job) {
3280 fprintf(f, "job\n");
3281 job_serialize(u->job, f);
3282 }
3283
3284 if (u->nop_job) {
3285 fprintf(f, "job\n");
3286 job_serialize(u->nop_job, f);
3287 }
3288 }
3289
3290 /* End marker */
3291 fputc('\n', f);
3292 return 0;
3293 }
3294
3295 int unit_serialize_item(Unit *u, FILE *f, const char *key, const char *value) {
3296 assert(u);
3297 assert(f);
3298 assert(key);
3299
3300 if (!value)
3301 return 0;
3302
3303 fputs(key, f);
3304 fputc('=', f);
3305 fputs(value, f);
3306 fputc('\n', f);
3307
3308 return 1;
3309 }
3310
3311 int unit_serialize_item_escaped(Unit *u, FILE *f, const char *key, const char *value) {
3312 _cleanup_free_ char *c = NULL;
3313
3314 assert(u);
3315 assert(f);
3316 assert(key);
3317
3318 if (!value)
3319 return 0;
3320
3321 c = cescape(value);
3322 if (!c)
3323 return -ENOMEM;
3324
3325 fputs(key, f);
3326 fputc('=', f);
3327 fputs(c, f);
3328 fputc('\n', f);
3329
3330 return 1;
3331 }
3332
3333 int unit_serialize_item_fd(Unit *u, FILE *f, FDSet *fds, const char *key, int fd) {
3334 int copy;
3335
3336 assert(u);
3337 assert(f);
3338 assert(key);
3339
3340 if (fd < 0)
3341 return 0;
3342
3343 copy = fdset_put_dup(fds, fd);
3344 if (copy < 0)
3345 return copy;
3346
3347 fprintf(f, "%s=%i\n", key, copy);
3348 return 1;
3349 }
3350
3351 void unit_serialize_item_format(Unit *u, FILE *f, const char *key, const char *format, ...) {
3352 va_list ap;
3353
3354 assert(u);
3355 assert(f);
3356 assert(key);
3357 assert(format);
3358
3359 fputs(key, f);
3360 fputc('=', f);
3361
3362 va_start(ap, format);
3363 vfprintf(f, format, ap);
3364 va_end(ap);
3365
3366 fputc('\n', f);
3367 }
3368
3369 int unit_deserialize(Unit *u, FILE *f, FDSet *fds) {
3370 int r;
3371
3372 assert(u);
3373 assert(f);
3374 assert(fds);
3375
3376 for (;;) {
3377 char line[LINE_MAX], *l, *v;
3378 CGroupIPAccountingMetric m;
3379 size_t k;
3380
3381 if (!fgets(line, sizeof(line), f)) {
3382 if (feof(f))
3383 return 0;
3384 return -errno;
3385 }
3386
3387 char_array_0(line);
3388 l = strstrip(line);
3389
3390 /* End marker */
3391 if (isempty(l))
3392 break;
3393
3394 k = strcspn(l, "=");
3395
3396 if (l[k] == '=') {
3397 l[k] = 0;
3398 v = l+k+1;
3399 } else
3400 v = l+k;
3401
3402 if (streq(l, "job")) {
3403 if (v[0] == '\0') {
3404 /* new-style serialized job */
3405 Job *j;
3406
3407 j = job_new_raw(u);
3408 if (!j)
3409 return log_oom();
3410
3411 r = job_deserialize(j, f);
3412 if (r < 0) {
3413 job_free(j);
3414 return r;
3415 }
3416
3417 r = hashmap_put(u->manager->jobs, UINT32_TO_PTR(j->id), j);
3418 if (r < 0) {
3419 job_free(j);
3420 return r;
3421 }
3422
3423 r = job_install_deserialized(j);
3424 if (r < 0) {
3425 hashmap_remove(u->manager->jobs, UINT32_TO_PTR(j->id));
3426 job_free(j);
3427 return r;
3428 }
3429 } else /* legacy for pre-44 */
3430 log_unit_warning(u, "Update from too old systemd versions are unsupported, cannot deserialize job: %s", v);
3431 continue;
3432 } else if (streq(l, "state-change-timestamp")) {
3433 dual_timestamp_deserialize(v, &u->state_change_timestamp);
3434 continue;
3435 } else if (streq(l, "inactive-exit-timestamp")) {
3436 dual_timestamp_deserialize(v, &u->inactive_exit_timestamp);
3437 continue;
3438 } else if (streq(l, "active-enter-timestamp")) {
3439 dual_timestamp_deserialize(v, &u->active_enter_timestamp);
3440 continue;
3441 } else if (streq(l, "active-exit-timestamp")) {
3442 dual_timestamp_deserialize(v, &u->active_exit_timestamp);
3443 continue;
3444 } else if (streq(l, "inactive-enter-timestamp")) {
3445 dual_timestamp_deserialize(v, &u->inactive_enter_timestamp);
3446 continue;
3447 } else if (streq(l, "condition-timestamp")) {
3448 dual_timestamp_deserialize(v, &u->condition_timestamp);
3449 continue;
3450 } else if (streq(l, "assert-timestamp")) {
3451 dual_timestamp_deserialize(v, &u->assert_timestamp);
3452 continue;
3453 } else if (streq(l, "condition-result")) {
3454
3455 r = parse_boolean(v);
3456 if (r < 0)
3457 log_unit_debug(u, "Failed to parse condition result value %s, ignoring.", v);
3458 else
3459 u->condition_result = r;
3460
3461 continue;
3462
3463 } else if (streq(l, "assert-result")) {
3464
3465 r = parse_boolean(v);
3466 if (r < 0)
3467 log_unit_debug(u, "Failed to parse assert result value %s, ignoring.", v);
3468 else
3469 u->assert_result = r;
3470
3471 continue;
3472
3473 } else if (streq(l, "transient")) {
3474
3475 r = parse_boolean(v);
3476 if (r < 0)
3477 log_unit_debug(u, "Failed to parse transient bool %s, ignoring.", v);
3478 else
3479 u->transient = r;
3480
3481 continue;
3482
3483 } else if (streq(l, "in-audit")) {
3484
3485 r = parse_boolean(v);
3486 if (r < 0)
3487 log_unit_debug(u, "Failed to parse in-audit bool %s, ignoring.", v);
3488 else
3489 u->in_audit = r;
3490
3491 continue;
3492
3493 } else if (streq(l, "exported-invocation-id")) {
3494
3495 r = parse_boolean(v);
3496 if (r < 0)
3497 log_unit_debug(u, "Failed to parse exported invocation ID bool %s, ignoring.", v);
3498 else
3499 u->exported_invocation_id = r;
3500
3501 continue;
3502
3503 } else if (streq(l, "exported-log-level-max")) {
3504
3505 r = parse_boolean(v);
3506 if (r < 0)
3507 log_unit_debug(u, "Failed to parse exported log level max bool %s, ignoring.", v);
3508 else
3509 u->exported_log_level_max = r;
3510
3511 continue;
3512
3513 } else if (streq(l, "exported-log-extra-fields")) {
3514
3515 r = parse_boolean(v);
3516 if (r < 0)
3517 log_unit_debug(u, "Failed to parse exported log extra fields bool %s, ignoring.", v);
3518 else
3519 u->exported_log_extra_fields = r;
3520
3521 continue;
3522
3523 } else if (STR_IN_SET(l, "cpu-usage-base", "cpuacct-usage-base")) {
3524
3525 r = safe_atou64(v, &u->cpu_usage_base);
3526 if (r < 0)
3527 log_unit_debug(u, "Failed to parse CPU usage base %s, ignoring.", v);
3528
3529 continue;
3530
3531 } else if (streq(l, "cpu-usage-last")) {
3532
3533 r = safe_atou64(v, &u->cpu_usage_last);
3534 if (r < 0)
3535 log_unit_debug(u, "Failed to read CPU usage last %s, ignoring.", v);
3536
3537 continue;
3538
3539 } else if (streq(l, "cgroup")) {
3540
3541 r = unit_set_cgroup_path(u, v);
3542 if (r < 0)
3543 log_unit_debug_errno(u, r, "Failed to set cgroup path %s, ignoring: %m", v);
3544
3545 (void) unit_watch_cgroup(u);
3546
3547 continue;
3548 } else if (streq(l, "cgroup-realized")) {
3549 int b;
3550
3551 b = parse_boolean(v);
3552 if (b < 0)
3553 log_unit_debug(u, "Failed to parse cgroup-realized bool %s, ignoring.", v);
3554 else
3555 u->cgroup_realized = b;
3556
3557 continue;
3558
3559 } else if (streq(l, "cgroup-realized-mask")) {
3560
3561 r = cg_mask_from_string(v, &u->cgroup_realized_mask);
3562 if (r < 0)
3563 log_unit_debug(u, "Failed to parse cgroup-realized-mask %s, ignoring.", v);
3564 continue;
3565
3566 } else if (streq(l, "cgroup-enabled-mask")) {
3567
3568 r = cg_mask_from_string(v, &u->cgroup_enabled_mask);
3569 if (r < 0)
3570 log_unit_debug(u, "Failed to parse cgroup-enabled-mask %s, ignoring.", v);
3571 continue;
3572
3573 } else if (streq(l, "cgroup-invalidated-mask")) {
3574
3575 r = cg_mask_from_string(v, &u->cgroup_invalidated_mask);
3576 if (r < 0)
3577 log_unit_debug(u, "Failed to parse cgroup-invalidated-mask %s, ignoring.", v);
3578 continue;
3579
3580 } else if (streq(l, "ref-uid")) {
3581 uid_t uid;
3582
3583 r = parse_uid(v, &uid);
3584 if (r < 0)
3585 log_unit_debug(u, "Failed to parse referenced UID %s, ignoring.", v);
3586 else
3587 unit_ref_uid_gid(u, uid, GID_INVALID);
3588
3589 continue;
3590
3591 } else if (streq(l, "ref-gid")) {
3592 gid_t gid;
3593
3594 r = parse_gid(v, &gid);
3595 if (r < 0)
3596 log_unit_debug(u, "Failed to parse referenced GID %s, ignoring.", v);
3597 else
3598 unit_ref_uid_gid(u, UID_INVALID, gid);
3599
3600 continue;
3601
3602 } else if (streq(l, "ref")) {
3603
3604 r = strv_extend(&u->deserialized_refs, v);
3605 if (r < 0)
3606 log_oom();
3607
3608 continue;
3609 } else if (streq(l, "invocation-id")) {
3610 sd_id128_t id;
3611
3612 r = sd_id128_from_string(v, &id);
3613 if (r < 0)
3614 log_unit_debug(u, "Failed to parse invocation id %s, ignoring.", v);
3615 else {
3616 r = unit_set_invocation_id(u, id);
3617 if (r < 0)
3618 log_unit_warning_errno(u, r, "Failed to set invocation ID for unit: %m");
3619 }
3620
3621 continue;
3622 }
3623
3624 /* Check if this is an IP accounting metric serialization field */
3625 for (m = 0; m < _CGROUP_IP_ACCOUNTING_METRIC_MAX; m++)
3626 if (streq(l, ip_accounting_metric_field[m]))
3627 break;
3628 if (m < _CGROUP_IP_ACCOUNTING_METRIC_MAX) {
3629 uint64_t c;
3630
3631 r = safe_atou64(v, &c);
3632 if (r < 0)
3633 log_unit_debug(u, "Failed to parse IP accounting value %s, ignoring.", v);
3634 else
3635 u->ip_accounting_extra[m] = c;
3636 continue;
3637 }
3638
3639 if (unit_can_serialize(u)) {
3640 r = exec_runtime_deserialize_compat(u, l, v, fds);
3641 if (r < 0) {
3642 log_unit_warning(u, "Failed to deserialize runtime parameter '%s', ignoring.", l);
3643 continue;
3644 }
3645
3646 /* Returns positive if key was handled by the call */
3647 if (r > 0)
3648 continue;
3649
3650 r = UNIT_VTABLE(u)->deserialize_item(u, l, v, fds);
3651 if (r < 0)
3652 log_unit_warning(u, "Failed to deserialize unit parameter '%s', ignoring.", l);
3653 }
3654 }
3655
3656 /* Versions before 228 did not carry a state change timestamp. In this case, take the current time. This is
3657 * useful, so that timeouts based on this timestamp don't trigger too early, and is in-line with the logic from
3658 * before 228 where the base for timeouts was not persistent across reboots. */
3659
3660 if (!dual_timestamp_is_set(&u->state_change_timestamp))
3661 dual_timestamp_get(&u->state_change_timestamp);
3662
3663 /* Let's make sure that everything that is deserialized also gets any potential new cgroup settings applied
3664 * after we are done. For that we invalidate anything already realized, so that we can realize it again. */
3665 unit_invalidate_cgroup(u, _CGROUP_MASK_ALL);
3666 unit_invalidate_cgroup_bpf(u);
3667
3668 return 0;
3669 }
3670
3671 void unit_deserialize_skip(FILE *f) {
3672 assert(f);
3673
3674 /* Skip serialized data for this unit. We don't know what it is. */
3675
3676 for (;;) {
3677 char line[LINE_MAX], *l;
3678
3679 if (!fgets(line, sizeof line, f))
3680 return;
3681
3682 char_array_0(line);
3683 l = strstrip(line);
3684
3685 /* End marker */
3686 if (isempty(l))
3687 return;
3688 }
3689 }
3690
3691 int unit_add_node_dependency(Unit *u, const char *what, bool wants, UnitDependency dep, UnitDependencyMask mask) {
3692 Unit *device;
3693 _cleanup_free_ char *e = NULL;
3694 int r;
3695
3696 assert(u);
3697
3698 /* Adds in links to the device node that this unit is based on */
3699 if (isempty(what))
3700 return 0;
3701
3702 if (!is_device_path(what))
3703 return 0;
3704
3705 /* When device units aren't supported (such as in a
3706 * container), don't create dependencies on them. */
3707 if (!unit_type_supported(UNIT_DEVICE))
3708 return 0;
3709
3710 r = unit_name_from_path(what, ".device", &e);
3711 if (r < 0)
3712 return r;
3713
3714 r = manager_load_unit(u->manager, e, NULL, NULL, &device);
3715 if (r < 0)
3716 return r;
3717
3718 if (dep == UNIT_REQUIRES && device_shall_be_bound_by(device, u))
3719 dep = UNIT_BINDS_TO;
3720
3721 r = unit_add_two_dependencies(u, UNIT_AFTER,
3722 MANAGER_IS_SYSTEM(u->manager) ? dep : UNIT_WANTS,
3723 device, true, mask);
3724 if (r < 0)
3725 return r;
3726
3727 if (wants) {
3728 r = unit_add_dependency(device, UNIT_WANTS, u, false, mask);
3729 if (r < 0)
3730 return r;
3731 }
3732
3733 return 0;
3734 }
3735
3736 int unit_coldplug(Unit *u) {
3737 int r = 0, q;
3738 char **i;
3739
3740 assert(u);
3741
3742 /* Make sure we don't enter a loop, when coldplugging recursively. */
3743 if (u->coldplugged)
3744 return 0;
3745
3746 u->coldplugged = true;
3747
3748 STRV_FOREACH(i, u->deserialized_refs) {
3749 q = bus_unit_track_add_name(u, *i);
3750 if (q < 0 && r >= 0)
3751 r = q;
3752 }
3753 u->deserialized_refs = strv_free(u->deserialized_refs);
3754
3755 if (UNIT_VTABLE(u)->coldplug) {
3756 q = UNIT_VTABLE(u)->coldplug(u);
3757 if (q < 0 && r >= 0)
3758 r = q;
3759 }
3760
3761 if (u->job) {
3762 q = job_coldplug(u->job);
3763 if (q < 0 && r >= 0)
3764 r = q;
3765 }
3766
3767 return r;
3768 }
3769
3770 void unit_catchup(Unit *u) {
3771 assert(u);
3772
3773 if (UNIT_VTABLE(u)->catchup)
3774 UNIT_VTABLE(u)->catchup(u);
3775 }
3776
3777 static bool fragment_mtime_newer(const char *path, usec_t mtime, bool path_masked) {
3778 struct stat st;
3779
3780 if (!path)
3781 return false;
3782
3783 /* If the source is some virtual kernel file system, then we assume we watch it anyway, and hence pretend we
3784 * are never out-of-date. */
3785 if (PATH_STARTSWITH_SET(path, "/proc", "/sys"))
3786 return false;
3787
3788 if (stat(path, &st) < 0)
3789 /* What, cannot access this anymore? */
3790 return true;
3791
3792 if (path_masked)
3793 /* For masked files check if they are still so */
3794 return !null_or_empty(&st);
3795 else
3796 /* For non-empty files check the mtime */
3797 return timespec_load(&st.st_mtim) > mtime;
3798
3799 return false;
3800 }
3801
3802 bool unit_need_daemon_reload(Unit *u) {
3803 _cleanup_strv_free_ char **t = NULL;
3804 char **path;
3805
3806 assert(u);
3807
3808 /* For unit files, we allow masking… */
3809 if (fragment_mtime_newer(u->fragment_path, u->fragment_mtime,
3810 u->load_state == UNIT_MASKED))
3811 return true;
3812
3813 /* Source paths should not be masked… */
3814 if (fragment_mtime_newer(u->source_path, u->source_mtime, false))
3815 return true;
3816
3817 if (u->load_state == UNIT_LOADED)
3818 (void) unit_find_dropin_paths(u, &t);
3819 if (!strv_equal(u->dropin_paths, t))
3820 return true;
3821
3822 /* … any drop-ins that are masked are simply omitted from the list. */
3823 STRV_FOREACH(path, u->dropin_paths)
3824 if (fragment_mtime_newer(*path, u->dropin_mtime, false))
3825 return true;
3826
3827 return false;
3828 }
3829
3830 void unit_reset_failed(Unit *u) {
3831 assert(u);
3832
3833 if (UNIT_VTABLE(u)->reset_failed)
3834 UNIT_VTABLE(u)->reset_failed(u);
3835
3836 RATELIMIT_RESET(u->start_limit);
3837 u->start_limit_hit = false;
3838 }
3839
3840 Unit *unit_following(Unit *u) {
3841 assert(u);
3842
3843 if (UNIT_VTABLE(u)->following)
3844 return UNIT_VTABLE(u)->following(u);
3845
3846 return NULL;
3847 }
3848
3849 bool unit_stop_pending(Unit *u) {
3850 assert(u);
3851
3852 /* This call does check the current state of the unit. It's
3853 * hence useful to be called from state change calls of the
3854 * unit itself, where the state isn't updated yet. This is
3855 * different from unit_inactive_or_pending() which checks both
3856 * the current state and for a queued job. */
3857
3858 return u->job && u->job->type == JOB_STOP;
3859 }
3860
3861 bool unit_inactive_or_pending(Unit *u) {
3862 assert(u);
3863
3864 /* Returns true if the unit is inactive or going down */
3865
3866 if (UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(u)))
3867 return true;
3868
3869 if (unit_stop_pending(u))
3870 return true;
3871
3872 return false;
3873 }
3874
3875 bool unit_active_or_pending(Unit *u) {
3876 assert(u);
3877
3878 /* Returns true if the unit is active or going up */
3879
3880 if (UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(u)))
3881 return true;
3882
3883 if (u->job &&
3884 IN_SET(u->job->type, JOB_START, JOB_RELOAD_OR_START, JOB_RESTART))
3885 return true;
3886
3887 return false;
3888 }
3889
3890 bool unit_will_restart(Unit *u) {
3891 assert(u);
3892
3893 if (!UNIT_VTABLE(u)->will_restart)
3894 return false;
3895
3896 return UNIT_VTABLE(u)->will_restart(u);
3897 }
3898
3899 int unit_kill(Unit *u, KillWho w, int signo, sd_bus_error *error) {
3900 assert(u);
3901 assert(w >= 0 && w < _KILL_WHO_MAX);
3902 assert(SIGNAL_VALID(signo));
3903
3904 if (!UNIT_VTABLE(u)->kill)
3905 return -EOPNOTSUPP;
3906
3907 return UNIT_VTABLE(u)->kill(u, w, signo, error);
3908 }
3909
3910 static Set *unit_pid_set(pid_t main_pid, pid_t control_pid) {
3911 _cleanup_set_free_ Set *pid_set = NULL;
3912 int r;
3913
3914 pid_set = set_new(NULL);
3915 if (!pid_set)
3916 return NULL;
3917
3918 /* Exclude the main/control pids from being killed via the cgroup */
3919 if (main_pid > 0) {
3920 r = set_put(pid_set, PID_TO_PTR(main_pid));
3921 if (r < 0)
3922 return NULL;
3923 }
3924
3925 if (control_pid > 0) {
3926 r = set_put(pid_set, PID_TO_PTR(control_pid));
3927 if (r < 0)
3928 return NULL;
3929 }
3930
3931 return TAKE_PTR(pid_set);
3932 }
3933
3934 int unit_kill_common(
3935 Unit *u,
3936 KillWho who,
3937 int signo,
3938 pid_t main_pid,
3939 pid_t control_pid,
3940 sd_bus_error *error) {
3941
3942 int r = 0;
3943 bool killed = false;
3944
3945 if (IN_SET(who, KILL_MAIN, KILL_MAIN_FAIL)) {
3946 if (main_pid < 0)
3947 return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_PROCESS, "%s units have no main processes", unit_type_to_string(u->type));
3948 else if (main_pid == 0)
3949 return sd_bus_error_set_const(error, BUS_ERROR_NO_SUCH_PROCESS, "No main process to kill");
3950 }
3951
3952 if (IN_SET(who, KILL_CONTROL, KILL_CONTROL_FAIL)) {
3953 if (control_pid < 0)
3954 return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_PROCESS, "%s units have no control processes", unit_type_to_string(u->type));
3955 else if (control_pid == 0)
3956 return sd_bus_error_set_const(error, BUS_ERROR_NO_SUCH_PROCESS, "No control process to kill");
3957 }
3958
3959 if (IN_SET(who, KILL_CONTROL, KILL_CONTROL_FAIL, KILL_ALL, KILL_ALL_FAIL))
3960 if (control_pid > 0) {
3961 if (kill(control_pid, signo) < 0)
3962 r = -errno;
3963 else
3964 killed = true;
3965 }
3966
3967 if (IN_SET(who, KILL_MAIN, KILL_MAIN_FAIL, KILL_ALL, KILL_ALL_FAIL))
3968 if (main_pid > 0) {
3969 if (kill(main_pid, signo) < 0)
3970 r = -errno;
3971 else
3972 killed = true;
3973 }
3974
3975 if (IN_SET(who, KILL_ALL, KILL_ALL_FAIL) && u->cgroup_path) {
3976 _cleanup_set_free_ Set *pid_set = NULL;
3977 int q;
3978
3979 /* Exclude the main/control pids from being killed via the cgroup */
3980 pid_set = unit_pid_set(main_pid, control_pid);
3981 if (!pid_set)
3982 return -ENOMEM;
3983
3984 q = cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, signo, 0, pid_set, NULL, NULL);
3985 if (q < 0 && !IN_SET(q, -EAGAIN, -ESRCH, -ENOENT))
3986 r = q;
3987 else
3988 killed = true;
3989 }
3990
3991 if (r == 0 && !killed && IN_SET(who, KILL_ALL_FAIL, KILL_CONTROL_FAIL))
3992 return -ESRCH;
3993
3994 return r;
3995 }
3996
3997 int unit_following_set(Unit *u, Set **s) {
3998 assert(u);
3999 assert(s);
4000
4001 if (UNIT_VTABLE(u)->following_set)
4002 return UNIT_VTABLE(u)->following_set(u, s);
4003
4004 *s = NULL;
4005 return 0;
4006 }
4007
4008 UnitFileState unit_get_unit_file_state(Unit *u) {
4009 int r;
4010
4011 assert(u);
4012
4013 if (u->unit_file_state < 0 && u->fragment_path) {
4014 r = unit_file_get_state(
4015 u->manager->unit_file_scope,
4016 NULL,
4017 u->id,
4018 &u->unit_file_state);
4019 if (r < 0)
4020 u->unit_file_state = UNIT_FILE_BAD;
4021 }
4022
4023 return u->unit_file_state;
4024 }
4025
4026 int unit_get_unit_file_preset(Unit *u) {
4027 assert(u);
4028
4029 if (u->unit_file_preset < 0 && u->fragment_path)
4030 u->unit_file_preset = unit_file_query_preset(
4031 u->manager->unit_file_scope,
4032 NULL,
4033 basename(u->fragment_path));
4034
4035 return u->unit_file_preset;
4036 }
4037
4038 Unit* unit_ref_set(UnitRef *ref, Unit *source, Unit *target) {
4039 assert(ref);
4040 assert(source);
4041 assert(target);
4042
4043 if (ref->target)
4044 unit_ref_unset(ref);
4045
4046 ref->source = source;
4047 ref->target = target;
4048 LIST_PREPEND(refs_by_target, target->refs_by_target, ref);
4049 return target;
4050 }
4051
4052 void unit_ref_unset(UnitRef *ref) {
4053 assert(ref);
4054
4055 if (!ref->target)
4056 return;
4057
4058 /* We are about to drop a reference to the unit, make sure the garbage collection has a look at it as it might
4059 * be unreferenced now. */
4060 unit_add_to_gc_queue(ref->target);
4061
4062 LIST_REMOVE(refs_by_target, ref->target->refs_by_target, ref);
4063 ref->source = ref->target = NULL;
4064 }
4065
4066 static int user_from_unit_name(Unit *u, char **ret) {
4067
4068 static const uint8_t hash_key[] = {
4069 0x58, 0x1a, 0xaf, 0xe6, 0x28, 0x58, 0x4e, 0x96,
4070 0xb4, 0x4e, 0xf5, 0x3b, 0x8c, 0x92, 0x07, 0xec
4071 };
4072
4073 _cleanup_free_ char *n = NULL;
4074 int r;
4075
4076 r = unit_name_to_prefix(u->id, &n);
4077 if (r < 0)
4078 return r;
4079
4080 if (valid_user_group_name(n)) {
4081 *ret = TAKE_PTR(n);
4082 return 0;
4083 }
4084
4085 /* If we can't use the unit name as a user name, then let's hash it and use that */
4086 if (asprintf(ret, "_du%016" PRIx64, siphash24(n, strlen(n), hash_key)) < 0)
4087 return -ENOMEM;
4088
4089 return 0;
4090 }
4091
4092 int unit_patch_contexts(Unit *u) {
4093 CGroupContext *cc;
4094 ExecContext *ec;
4095 unsigned i;
4096 int r;
4097
4098 assert(u);
4099
4100 /* Patch in the manager defaults into the exec and cgroup
4101 * contexts, _after_ the rest of the settings have been
4102 * initialized */
4103
4104 ec = unit_get_exec_context(u);
4105 if (ec) {
4106 /* This only copies in the ones that need memory */
4107 for (i = 0; i < _RLIMIT_MAX; i++)
4108 if (u->manager->rlimit[i] && !ec->rlimit[i]) {
4109 ec->rlimit[i] = newdup(struct rlimit, u->manager->rlimit[i], 1);
4110 if (!ec->rlimit[i])
4111 return -ENOMEM;
4112 }
4113
4114 if (MANAGER_IS_USER(u->manager) &&
4115 !ec->working_directory) {
4116
4117 r = get_home_dir(&ec->working_directory);
4118 if (r < 0)
4119 return r;
4120
4121 /* Allow user services to run, even if the
4122 * home directory is missing */
4123 ec->working_directory_missing_ok = true;
4124 }
4125
4126 if (ec->private_devices)
4127 ec->capability_bounding_set &= ~((UINT64_C(1) << CAP_MKNOD) | (UINT64_C(1) << CAP_SYS_RAWIO));
4128
4129 if (ec->protect_kernel_modules)
4130 ec->capability_bounding_set &= ~(UINT64_C(1) << CAP_SYS_MODULE);
4131
4132 if (ec->dynamic_user) {
4133 if (!ec->user) {
4134 r = user_from_unit_name(u, &ec->user);
4135 if (r < 0)
4136 return r;
4137 }
4138
4139 if (!ec->group) {
4140 ec->group = strdup(ec->user);
4141 if (!ec->group)
4142 return -ENOMEM;
4143 }
4144
4145 /* If the dynamic user option is on, let's make sure that the unit can't leave its UID/GID
4146 * around in the file system or on IPC objects. Hence enforce a strict sandbox. */
4147
4148 ec->private_tmp = true;
4149 ec->remove_ipc = true;
4150 ec->protect_system = PROTECT_SYSTEM_STRICT;
4151 if (ec->protect_home == PROTECT_HOME_NO)
4152 ec->protect_home = PROTECT_HOME_READ_ONLY;
4153 }
4154 }
4155
4156 cc = unit_get_cgroup_context(u);
4157 if (cc && ec) {
4158
4159 if (ec->private_devices &&
4160 cc->device_policy == CGROUP_AUTO)
4161 cc->device_policy = CGROUP_CLOSED;
4162
4163 if (ec->root_image &&
4164 (cc->device_policy != CGROUP_AUTO || cc->device_allow)) {
4165
4166 /* When RootImage= is specified, the following devices are touched. */
4167 r = cgroup_add_device_allow(cc, "/dev/loop-control", "rw");
4168 if (r < 0)
4169 return r;
4170
4171 r = cgroup_add_device_allow(cc, "block-loop", "rwm");
4172 if (r < 0)
4173 return r;
4174
4175 r = cgroup_add_device_allow(cc, "block-blkext", "rwm");
4176 if (r < 0)
4177 return r;
4178 }
4179 }
4180
4181 return 0;
4182 }
4183
4184 ExecContext *unit_get_exec_context(Unit *u) {
4185 size_t offset;
4186 assert(u);
4187
4188 if (u->type < 0)
4189 return NULL;
4190
4191 offset = UNIT_VTABLE(u)->exec_context_offset;
4192 if (offset <= 0)
4193 return NULL;
4194
4195 return (ExecContext*) ((uint8_t*) u + offset);
4196 }
4197
4198 KillContext *unit_get_kill_context(Unit *u) {
4199 size_t offset;
4200 assert(u);
4201
4202 if (u->type < 0)
4203 return NULL;
4204
4205 offset = UNIT_VTABLE(u)->kill_context_offset;
4206 if (offset <= 0)
4207 return NULL;
4208
4209 return (KillContext*) ((uint8_t*) u + offset);
4210 }
4211
4212 CGroupContext *unit_get_cgroup_context(Unit *u) {
4213 size_t offset;
4214
4215 if (u->type < 0)
4216 return NULL;
4217
4218 offset = UNIT_VTABLE(u)->cgroup_context_offset;
4219 if (offset <= 0)
4220 return NULL;
4221
4222 return (CGroupContext*) ((uint8_t*) u + offset);
4223 }
4224
4225 ExecRuntime *unit_get_exec_runtime(Unit *u) {
4226 size_t offset;
4227
4228 if (u->type < 0)
4229 return NULL;
4230
4231 offset = UNIT_VTABLE(u)->exec_runtime_offset;
4232 if (offset <= 0)
4233 return NULL;
4234
4235 return *(ExecRuntime**) ((uint8_t*) u + offset);
4236 }
4237
4238 static const char* unit_drop_in_dir(Unit *u, UnitWriteFlags flags) {
4239 assert(u);
4240
4241 if (UNIT_WRITE_FLAGS_NOOP(flags))
4242 return NULL;
4243
4244 if (u->transient) /* Redirect drop-ins for transient units always into the transient directory. */
4245 return u->manager->lookup_paths.transient;
4246
4247 if (flags & UNIT_PERSISTENT)
4248 return u->manager->lookup_paths.persistent_control;
4249
4250 if (flags & UNIT_RUNTIME)
4251 return u->manager->lookup_paths.runtime_control;
4252
4253 return NULL;
4254 }
4255
4256 char* unit_escape_setting(const char *s, UnitWriteFlags flags, char **buf) {
4257 char *ret = NULL;
4258
4259 if (!s)
4260 return NULL;
4261
4262 /* Escapes the input string as requested. Returns the escaped string. If 'buf' is specified then the allocated
4263 * return buffer pointer is also written to *buf, except if no escaping was necessary, in which case *buf is
4264 * set to NULL, and the input pointer is returned as-is. This means the return value always contains a properly
4265 * escaped version, but *buf when passed only contains a pointer if an allocation was necessary. If *buf is
4266 * not specified, then the return value always needs to be freed. Callers can use this to optimize memory
4267 * allocations. */
4268
4269 if (flags & UNIT_ESCAPE_SPECIFIERS) {
4270 ret = specifier_escape(s);
4271 if (!ret)
4272 return NULL;
4273
4274 s = ret;
4275 }
4276
4277 if (flags & UNIT_ESCAPE_C) {
4278 char *a;
4279
4280 a = cescape(s);
4281 free(ret);
4282 if (!a)
4283 return NULL;
4284
4285 ret = a;
4286 }
4287
4288 if (buf) {
4289 *buf = ret;
4290 return ret ?: (char*) s;
4291 }
4292
4293 return ret ?: strdup(s);
4294 }
4295
4296 char* unit_concat_strv(char **l, UnitWriteFlags flags) {
4297 _cleanup_free_ char *result = NULL;
4298 size_t n = 0, allocated = 0;
4299 char **i;
4300
4301 /* Takes a list of strings, escapes them, and concatenates them. This may be used to format command lines in a
4302 * way suitable for ExecStart= stanzas */
4303
4304 STRV_FOREACH(i, l) {
4305 _cleanup_free_ char *buf = NULL;
4306 const char *p;
4307 size_t a;
4308 char *q;
4309
4310 p = unit_escape_setting(*i, flags, &buf);
4311 if (!p)
4312 return NULL;
4313
4314 a = (n > 0) + 1 + strlen(p) + 1; /* separating space + " + entry + " */
4315 if (!GREEDY_REALLOC(result, allocated, n + a + 1))
4316 return NULL;
4317
4318 q = result + n;
4319 if (n > 0)
4320 *(q++) = ' ';
4321
4322 *(q++) = '"';
4323 q = stpcpy(q, p);
4324 *(q++) = '"';
4325
4326 n += a;
4327 }
4328
4329 if (!GREEDY_REALLOC(result, allocated, n + 1))
4330 return NULL;
4331
4332 result[n] = 0;
4333
4334 return TAKE_PTR(result);
4335 }
4336
4337 int unit_write_setting(Unit *u, UnitWriteFlags flags, const char *name, const char *data) {
4338 _cleanup_free_ char *p = NULL, *q = NULL, *escaped = NULL;
4339 const char *dir, *wrapped;
4340 int r;
4341
4342 assert(u);
4343 assert(name);
4344 assert(data);
4345
4346 if (UNIT_WRITE_FLAGS_NOOP(flags))
4347 return 0;
4348
4349 data = unit_escape_setting(data, flags, &escaped);
4350 if (!data)
4351 return -ENOMEM;
4352
4353 /* Prefix the section header. If we are writing this out as transient file, then let's suppress this if the
4354 * previous section header is the same */
4355
4356 if (flags & UNIT_PRIVATE) {
4357 if (!UNIT_VTABLE(u)->private_section)
4358 return -EINVAL;
4359
4360 if (!u->transient_file || u->last_section_private < 0)
4361 data = strjoina("[", UNIT_VTABLE(u)->private_section, "]\n", data);
4362 else if (u->last_section_private == 0)
4363 data = strjoina("\n[", UNIT_VTABLE(u)->private_section, "]\n", data);
4364 } else {
4365 if (!u->transient_file || u->last_section_private < 0)
4366 data = strjoina("[Unit]\n", data);
4367 else if (u->last_section_private > 0)
4368 data = strjoina("\n[Unit]\n", data);
4369 }
4370
4371 if (u->transient_file) {
4372 /* When this is a transient unit file in creation, then let's not create a new drop-in but instead
4373 * write to the transient unit file. */
4374 fputs(data, u->transient_file);
4375
4376 if (!endswith(data, "\n"))
4377 fputc('\n', u->transient_file);
4378
4379 /* Remember which section we wrote this entry to */
4380 u->last_section_private = !!(flags & UNIT_PRIVATE);
4381 return 0;
4382 }
4383
4384 dir = unit_drop_in_dir(u, flags);
4385 if (!dir)
4386 return -EINVAL;
4387
4388 wrapped = strjoina("# This is a drop-in unit file extension, created via \"systemctl set-property\"\n"
4389 "# or an equivalent operation. Do not edit.\n",
4390 data,
4391 "\n");
4392
4393 r = drop_in_file(dir, u->id, 50, name, &p, &q);
4394 if (r < 0)
4395 return r;
4396
4397 (void) mkdir_p_label(p, 0755);
4398 r = write_string_file_atomic_label(q, wrapped);
4399 if (r < 0)
4400 return r;
4401
4402 r = strv_push(&u->dropin_paths, q);
4403 if (r < 0)
4404 return r;
4405 q = NULL;
4406
4407 strv_uniq(u->dropin_paths);
4408
4409 u->dropin_mtime = now(CLOCK_REALTIME);
4410
4411 return 0;
4412 }
4413
4414 int unit_write_settingf(Unit *u, UnitWriteFlags flags, const char *name, const char *format, ...) {
4415 _cleanup_free_ char *p = NULL;
4416 va_list ap;
4417 int r;
4418
4419 assert(u);
4420 assert(name);
4421 assert(format);
4422
4423 if (UNIT_WRITE_FLAGS_NOOP(flags))
4424 return 0;
4425
4426 va_start(ap, format);
4427 r = vasprintf(&p, format, ap);
4428 va_end(ap);
4429
4430 if (r < 0)
4431 return -ENOMEM;
4432
4433 return unit_write_setting(u, flags, name, p);
4434 }
4435
4436 int unit_make_transient(Unit *u) {
4437 _cleanup_free_ char *path = NULL;
4438 FILE *f;
4439
4440 assert(u);
4441
4442 if (!UNIT_VTABLE(u)->can_transient)
4443 return -EOPNOTSUPP;
4444
4445 (void) mkdir_p_label(u->manager->lookup_paths.transient, 0755);
4446
4447 path = strjoin(u->manager->lookup_paths.transient, "/", u->id);
4448 if (!path)
4449 return -ENOMEM;
4450
4451 /* Let's open the file we'll write the transient settings into. This file is kept open as long as we are
4452 * creating the transient, and is closed in unit_load(), as soon as we start loading the file. */
4453
4454 RUN_WITH_UMASK(0022) {
4455 f = fopen(path, "we");
4456 if (!f)
4457 return -errno;
4458 }
4459
4460 safe_fclose(u->transient_file);
4461 u->transient_file = f;
4462
4463 free_and_replace(u->fragment_path, path);
4464
4465 u->source_path = mfree(u->source_path);
4466 u->dropin_paths = strv_free(u->dropin_paths);
4467 u->fragment_mtime = u->source_mtime = u->dropin_mtime = 0;
4468
4469 u->load_state = UNIT_STUB;
4470 u->load_error = 0;
4471 u->transient = true;
4472
4473 unit_add_to_dbus_queue(u);
4474 unit_add_to_gc_queue(u);
4475
4476 fputs("# This is a transient unit file, created programmatically via the systemd API. Do not edit.\n",
4477 u->transient_file);
4478
4479 return 0;
4480 }
4481
4482 static void log_kill(pid_t pid, int sig, void *userdata) {
4483 _cleanup_free_ char *comm = NULL;
4484
4485 (void) get_process_comm(pid, &comm);
4486
4487 /* Don't log about processes marked with brackets, under the assumption that these are temporary processes
4488 only, like for example systemd's own PAM stub process. */
4489 if (comm && comm[0] == '(')
4490 return;
4491
4492 log_unit_notice(userdata,
4493 "Killing process " PID_FMT " (%s) with signal SIG%s.",
4494 pid,
4495 strna(comm),
4496 signal_to_string(sig));
4497 }
4498
4499 static int operation_to_signal(KillContext *c, KillOperation k) {
4500 assert(c);
4501
4502 switch (k) {
4503
4504 case KILL_TERMINATE:
4505 case KILL_TERMINATE_AND_LOG:
4506 return c->kill_signal;
4507
4508 case KILL_KILL:
4509 return c->final_kill_signal;
4510
4511 case KILL_WATCHDOG:
4512 return c->watchdog_signal;
4513
4514 default:
4515 assert_not_reached("KillOperation unknown");
4516 }
4517 }
4518
4519 int unit_kill_context(
4520 Unit *u,
4521 KillContext *c,
4522 KillOperation k,
4523 pid_t main_pid,
4524 pid_t control_pid,
4525 bool main_pid_alien) {
4526
4527 bool wait_for_exit = false, send_sighup;
4528 cg_kill_log_func_t log_func = NULL;
4529 int sig, r;
4530
4531 assert(u);
4532 assert(c);
4533
4534 /* Kill the processes belonging to this unit, in preparation for shutting the unit down.
4535 * Returns > 0 if we killed something worth waiting for, 0 otherwise. */
4536
4537 if (c->kill_mode == KILL_NONE)
4538 return 0;
4539
4540 sig = operation_to_signal(c, k);
4541
4542 send_sighup =
4543 c->send_sighup &&
4544 IN_SET(k, KILL_TERMINATE, KILL_TERMINATE_AND_LOG) &&
4545 sig != SIGHUP;
4546
4547 if (k != KILL_TERMINATE || IN_SET(sig, SIGKILL, SIGABRT))
4548 log_func = log_kill;
4549
4550 if (main_pid > 0) {
4551 if (log_func)
4552 log_func(main_pid, sig, u);
4553
4554 r = kill_and_sigcont(main_pid, sig);
4555 if (r < 0 && r != -ESRCH) {
4556 _cleanup_free_ char *comm = NULL;
4557 (void) get_process_comm(main_pid, &comm);
4558
4559 log_unit_warning_errno(u, r, "Failed to kill main process " PID_FMT " (%s), ignoring: %m", main_pid, strna(comm));
4560 } else {
4561 if (!main_pid_alien)
4562 wait_for_exit = true;
4563
4564 if (r != -ESRCH && send_sighup)
4565 (void) kill(main_pid, SIGHUP);
4566 }
4567 }
4568
4569 if (control_pid > 0) {
4570 if (log_func)
4571 log_func(control_pid, sig, u);
4572
4573 r = kill_and_sigcont(control_pid, sig);
4574 if (r < 0 && r != -ESRCH) {
4575 _cleanup_free_ char *comm = NULL;
4576 (void) get_process_comm(control_pid, &comm);
4577
4578 log_unit_warning_errno(u, r, "Failed to kill control process " PID_FMT " (%s), ignoring: %m", control_pid, strna(comm));
4579 } else {
4580 wait_for_exit = true;
4581
4582 if (r != -ESRCH && send_sighup)
4583 (void) kill(control_pid, SIGHUP);
4584 }
4585 }
4586
4587 if (u->cgroup_path &&
4588 (c->kill_mode == KILL_CONTROL_GROUP || (c->kill_mode == KILL_MIXED && k == KILL_KILL))) {
4589 _cleanup_set_free_ Set *pid_set = NULL;
4590
4591 /* Exclude the main/control pids from being killed via the cgroup */
4592 pid_set = unit_pid_set(main_pid, control_pid);
4593 if (!pid_set)
4594 return -ENOMEM;
4595
4596 r = cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path,
4597 sig,
4598 CGROUP_SIGCONT|CGROUP_IGNORE_SELF,
4599 pid_set,
4600 log_func, u);
4601 if (r < 0) {
4602 if (!IN_SET(r, -EAGAIN, -ESRCH, -ENOENT))
4603 log_unit_warning_errno(u, r, "Failed to kill control group %s, ignoring: %m", u->cgroup_path);
4604
4605 } else if (r > 0) {
4606
4607 /* FIXME: For now, on the legacy hierarchy, we will not wait for the cgroup members to die if
4608 * we are running in a container or if this is a delegation unit, simply because cgroup
4609 * notification is unreliable in these cases. It doesn't work at all in containers, and outside
4610 * of containers it can be confused easily by left-over directories in the cgroup — which
4611 * however should not exist in non-delegated units. On the unified hierarchy that's different,
4612 * there we get proper events. Hence rely on them. */
4613
4614 if (cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER) > 0 ||
4615 (detect_container() == 0 && !unit_cgroup_delegate(u)))
4616 wait_for_exit = true;
4617
4618 if (send_sighup) {
4619 set_free(pid_set);
4620
4621 pid_set = unit_pid_set(main_pid, control_pid);
4622 if (!pid_set)
4623 return -ENOMEM;
4624
4625 cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path,
4626 SIGHUP,
4627 CGROUP_IGNORE_SELF,
4628 pid_set,
4629 NULL, NULL);
4630 }
4631 }
4632 }
4633
4634 return wait_for_exit;
4635 }
4636
4637 int unit_require_mounts_for(Unit *u, const char *path, UnitDependencyMask mask) {
4638 _cleanup_free_ char *p = NULL;
4639 char *prefix;
4640 UnitDependencyInfo di;
4641 int r;
4642
4643 assert(u);
4644 assert(path);
4645
4646 /* Registers a unit for requiring a certain path and all its prefixes. We keep a hashtable of these paths in
4647 * the unit (from the path to the UnitDependencyInfo structure indicating how to the dependency came to
4648 * be). However, we build a prefix table for all possible prefixes so that new appearing mount units can easily
4649 * determine which units to make themselves a dependency of. */
4650
4651 if (!path_is_absolute(path))
4652 return -EINVAL;
4653
4654 r = hashmap_ensure_allocated(&u->requires_mounts_for, &path_hash_ops);
4655 if (r < 0)
4656 return r;
4657
4658 p = strdup(path);
4659 if (!p)
4660 return -ENOMEM;
4661
4662 path = path_simplify(p, false);
4663
4664 if (!path_is_normalized(path))
4665 return -EPERM;
4666
4667 if (hashmap_contains(u->requires_mounts_for, path))
4668 return 0;
4669
4670 di = (UnitDependencyInfo) {
4671 .origin_mask = mask
4672 };
4673
4674 r = hashmap_put(u->requires_mounts_for, path, di.data);
4675 if (r < 0)
4676 return r;
4677 p = NULL;
4678
4679 prefix = alloca(strlen(path) + 1);
4680 PATH_FOREACH_PREFIX_MORE(prefix, path) {
4681 Set *x;
4682
4683 x = hashmap_get(u->manager->units_requiring_mounts_for, prefix);
4684 if (!x) {
4685 _cleanup_free_ char *q = NULL;
4686
4687 r = hashmap_ensure_allocated(&u->manager->units_requiring_mounts_for, &path_hash_ops);
4688 if (r < 0)
4689 return r;
4690
4691 q = strdup(prefix);
4692 if (!q)
4693 return -ENOMEM;
4694
4695 x = set_new(NULL);
4696 if (!x)
4697 return -ENOMEM;
4698
4699 r = hashmap_put(u->manager->units_requiring_mounts_for, q, x);
4700 if (r < 0) {
4701 set_free(x);
4702 return r;
4703 }
4704 q = NULL;
4705 }
4706
4707 r = set_put(x, u);
4708 if (r < 0)
4709 return r;
4710 }
4711
4712 return 0;
4713 }
4714
4715 int unit_setup_exec_runtime(Unit *u) {
4716 ExecRuntime **rt;
4717 size_t offset;
4718 Unit *other;
4719 Iterator i;
4720 void *v;
4721 int r;
4722
4723 offset = UNIT_VTABLE(u)->exec_runtime_offset;
4724 assert(offset > 0);
4725
4726 /* Check if there already is an ExecRuntime for this unit? */
4727 rt = (ExecRuntime**) ((uint8_t*) u + offset);
4728 if (*rt)
4729 return 0;
4730
4731 /* Try to get it from somebody else */
4732 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_JOINS_NAMESPACE_OF], i) {
4733 r = exec_runtime_acquire(u->manager, NULL, other->id, false, rt);
4734 if (r == 1)
4735 return 1;
4736 }
4737
4738 return exec_runtime_acquire(u->manager, unit_get_exec_context(u), u->id, true, rt);
4739 }
4740
4741 int unit_setup_dynamic_creds(Unit *u) {
4742 ExecContext *ec;
4743 DynamicCreds *dcreds;
4744 size_t offset;
4745
4746 assert(u);
4747
4748 offset = UNIT_VTABLE(u)->dynamic_creds_offset;
4749 assert(offset > 0);
4750 dcreds = (DynamicCreds*) ((uint8_t*) u + offset);
4751
4752 ec = unit_get_exec_context(u);
4753 assert(ec);
4754
4755 if (!ec->dynamic_user)
4756 return 0;
4757
4758 return dynamic_creds_acquire(dcreds, u->manager, ec->user, ec->group);
4759 }
4760
4761 bool unit_type_supported(UnitType t) {
4762 if (_unlikely_(t < 0))
4763 return false;
4764 if (_unlikely_(t >= _UNIT_TYPE_MAX))
4765 return false;
4766
4767 if (!unit_vtable[t]->supported)
4768 return true;
4769
4770 return unit_vtable[t]->supported();
4771 }
4772
4773 void unit_warn_if_dir_nonempty(Unit *u, const char* where) {
4774 int r;
4775
4776 assert(u);
4777 assert(where);
4778
4779 r = dir_is_empty(where);
4780 if (r > 0 || r == -ENOTDIR)
4781 return;
4782 if (r < 0) {
4783 log_unit_warning_errno(u, r, "Failed to check directory %s: %m", where);
4784 return;
4785 }
4786
4787 log_struct(LOG_NOTICE,
4788 "MESSAGE_ID=" SD_MESSAGE_OVERMOUNTING_STR,
4789 LOG_UNIT_ID(u),
4790 LOG_UNIT_INVOCATION_ID(u),
4791 LOG_UNIT_MESSAGE(u, "Directory %s to mount over is not empty, mounting anyway.", where),
4792 "WHERE=%s", where);
4793 }
4794
4795 int unit_fail_if_noncanonical(Unit *u, const char* where) {
4796 _cleanup_free_ char *canonical_where;
4797 int r;
4798
4799 assert(u);
4800 assert(where);
4801
4802 r = chase_symlinks(where, NULL, CHASE_NONEXISTENT, &canonical_where);
4803 if (r < 0) {
4804 log_unit_debug_errno(u, r, "Failed to check %s for symlinks, ignoring: %m", where);
4805 return 0;
4806 }
4807
4808 /* We will happily ignore a trailing slash (or any redundant slashes) */
4809 if (path_equal(where, canonical_where))
4810 return 0;
4811
4812 /* No need to mention "." or "..", they would already have been rejected by unit_name_from_path() */
4813 log_struct(LOG_ERR,
4814 "MESSAGE_ID=" SD_MESSAGE_OVERMOUNTING_STR,
4815 LOG_UNIT_ID(u),
4816 LOG_UNIT_INVOCATION_ID(u),
4817 LOG_UNIT_MESSAGE(u, "Mount path %s is not canonical (contains a symlink).", where),
4818 "WHERE=%s", where);
4819
4820 return -ELOOP;
4821 }
4822
4823 bool unit_is_pristine(Unit *u) {
4824 assert(u);
4825
4826 /* Check if the unit already exists or is already around,
4827 * in a number of different ways. Note that to cater for unit
4828 * types such as slice, we are generally fine with units that
4829 * are marked UNIT_LOADED even though nothing was actually
4830 * loaded, as those unit types don't require a file on disk. */
4831
4832 return !(!IN_SET(u->load_state, UNIT_NOT_FOUND, UNIT_LOADED) ||
4833 u->fragment_path ||
4834 u->source_path ||
4835 !strv_isempty(u->dropin_paths) ||
4836 u->job ||
4837 u->merged_into);
4838 }
4839
4840 pid_t unit_control_pid(Unit *u) {
4841 assert(u);
4842
4843 if (UNIT_VTABLE(u)->control_pid)
4844 return UNIT_VTABLE(u)->control_pid(u);
4845
4846 return 0;
4847 }
4848
4849 pid_t unit_main_pid(Unit *u) {
4850 assert(u);
4851
4852 if (UNIT_VTABLE(u)->main_pid)
4853 return UNIT_VTABLE(u)->main_pid(u);
4854
4855 return 0;
4856 }
4857
4858 static void unit_unref_uid_internal(
4859 Unit *u,
4860 uid_t *ref_uid,
4861 bool destroy_now,
4862 void (*_manager_unref_uid)(Manager *m, uid_t uid, bool destroy_now)) {
4863
4864 assert(u);
4865 assert(ref_uid);
4866 assert(_manager_unref_uid);
4867
4868 /* Generic implementation of both unit_unref_uid() and unit_unref_gid(), under the assumption that uid_t and
4869 * gid_t are actually the same time, with the same validity rules.
4870 *
4871 * Drops a reference to UID/GID from a unit. */
4872
4873 assert_cc(sizeof(uid_t) == sizeof(gid_t));
4874 assert_cc(UID_INVALID == (uid_t) GID_INVALID);
4875
4876 if (!uid_is_valid(*ref_uid))
4877 return;
4878
4879 _manager_unref_uid(u->manager, *ref_uid, destroy_now);
4880 *ref_uid = UID_INVALID;
4881 }
4882
4883 void unit_unref_uid(Unit *u, bool destroy_now) {
4884 unit_unref_uid_internal(u, &u->ref_uid, destroy_now, manager_unref_uid);
4885 }
4886
4887 void unit_unref_gid(Unit *u, bool destroy_now) {
4888 unit_unref_uid_internal(u, (uid_t*) &u->ref_gid, destroy_now, manager_unref_gid);
4889 }
4890
4891 static int unit_ref_uid_internal(
4892 Unit *u,
4893 uid_t *ref_uid,
4894 uid_t uid,
4895 bool clean_ipc,
4896 int (*_manager_ref_uid)(Manager *m, uid_t uid, bool clean_ipc)) {
4897
4898 int r;
4899
4900 assert(u);
4901 assert(ref_uid);
4902 assert(uid_is_valid(uid));
4903 assert(_manager_ref_uid);
4904
4905 /* Generic implementation of both unit_ref_uid() and unit_ref_guid(), under the assumption that uid_t and gid_t
4906 * are actually the same type, and have the same validity rules.
4907 *
4908 * Adds a reference on a specific UID/GID to this unit. Each unit referencing the same UID/GID maintains a
4909 * reference so that we can destroy the UID/GID's IPC resources as soon as this is requested and the counter
4910 * drops to zero. */
4911
4912 assert_cc(sizeof(uid_t) == sizeof(gid_t));
4913 assert_cc(UID_INVALID == (uid_t) GID_INVALID);
4914
4915 if (*ref_uid == uid)
4916 return 0;
4917
4918 if (uid_is_valid(*ref_uid)) /* Already set? */
4919 return -EBUSY;
4920
4921 r = _manager_ref_uid(u->manager, uid, clean_ipc);
4922 if (r < 0)
4923 return r;
4924
4925 *ref_uid = uid;
4926 return 1;
4927 }
4928
4929 int unit_ref_uid(Unit *u, uid_t uid, bool clean_ipc) {
4930 return unit_ref_uid_internal(u, &u->ref_uid, uid, clean_ipc, manager_ref_uid);
4931 }
4932
4933 int unit_ref_gid(Unit *u, gid_t gid, bool clean_ipc) {
4934 return unit_ref_uid_internal(u, (uid_t*) &u->ref_gid, (uid_t) gid, clean_ipc, manager_ref_gid);
4935 }
4936
4937 static int unit_ref_uid_gid_internal(Unit *u, uid_t uid, gid_t gid, bool clean_ipc) {
4938 int r = 0, q = 0;
4939
4940 assert(u);
4941
4942 /* Reference both a UID and a GID in one go. Either references both, or neither. */
4943
4944 if (uid_is_valid(uid)) {
4945 r = unit_ref_uid(u, uid, clean_ipc);
4946 if (r < 0)
4947 return r;
4948 }
4949
4950 if (gid_is_valid(gid)) {
4951 q = unit_ref_gid(u, gid, clean_ipc);
4952 if (q < 0) {
4953 if (r > 0)
4954 unit_unref_uid(u, false);
4955
4956 return q;
4957 }
4958 }
4959
4960 return r > 0 || q > 0;
4961 }
4962
4963 int unit_ref_uid_gid(Unit *u, uid_t uid, gid_t gid) {
4964 ExecContext *c;
4965 int r;
4966
4967 assert(u);
4968
4969 c = unit_get_exec_context(u);
4970
4971 r = unit_ref_uid_gid_internal(u, uid, gid, c ? c->remove_ipc : false);
4972 if (r < 0)
4973 return log_unit_warning_errno(u, r, "Couldn't add UID/GID reference to unit, proceeding without: %m");
4974
4975 return r;
4976 }
4977
4978 void unit_unref_uid_gid(Unit *u, bool destroy_now) {
4979 assert(u);
4980
4981 unit_unref_uid(u, destroy_now);
4982 unit_unref_gid(u, destroy_now);
4983 }
4984
4985 void unit_notify_user_lookup(Unit *u, uid_t uid, gid_t gid) {
4986 int r;
4987
4988 assert(u);
4989
4990 /* This is invoked whenever one of the forked off processes let's us know the UID/GID its user name/group names
4991 * resolved to. We keep track of which UID/GID is currently assigned in order to be able to destroy its IPC
4992 * objects when no service references the UID/GID anymore. */
4993
4994 r = unit_ref_uid_gid(u, uid, gid);
4995 if (r > 0)
4996 bus_unit_send_change_signal(u);
4997 }
4998
4999 int unit_set_invocation_id(Unit *u, sd_id128_t id) {
5000 int r;
5001
5002 assert(u);
5003
5004 /* Set the invocation ID for this unit. If we cannot, this will not roll back, but reset the whole thing. */
5005
5006 if (sd_id128_equal(u->invocation_id, id))
5007 return 0;
5008
5009 if (!sd_id128_is_null(u->invocation_id))
5010 (void) hashmap_remove_value(u->manager->units_by_invocation_id, &u->invocation_id, u);
5011
5012 if (sd_id128_is_null(id)) {
5013 r = 0;
5014 goto reset;
5015 }
5016
5017 r = hashmap_ensure_allocated(&u->manager->units_by_invocation_id, &id128_hash_ops);
5018 if (r < 0)
5019 goto reset;
5020
5021 u->invocation_id = id;
5022 sd_id128_to_string(id, u->invocation_id_string);
5023
5024 r = hashmap_put(u->manager->units_by_invocation_id, &u->invocation_id, u);
5025 if (r < 0)
5026 goto reset;
5027
5028 return 0;
5029
5030 reset:
5031 u->invocation_id = SD_ID128_NULL;
5032 u->invocation_id_string[0] = 0;
5033 return r;
5034 }
5035
5036 int unit_acquire_invocation_id(Unit *u) {
5037 sd_id128_t id;
5038 int r;
5039
5040 assert(u);
5041
5042 r = sd_id128_randomize(&id);
5043 if (r < 0)
5044 return log_unit_error_errno(u, r, "Failed to generate invocation ID for unit: %m");
5045
5046 r = unit_set_invocation_id(u, id);
5047 if (r < 0)
5048 return log_unit_error_errno(u, r, "Failed to set invocation ID for unit: %m");
5049
5050 return 0;
5051 }
5052
5053 void unit_set_exec_params(Unit *u, ExecParameters *p) {
5054 assert(u);
5055 assert(p);
5056
5057 /* Copy parameters from manager */
5058 p->environment = u->manager->environment;
5059 p->confirm_spawn = manager_get_confirm_spawn(u->manager);
5060 p->cgroup_supported = u->manager->cgroup_supported;
5061 p->prefix = u->manager->prefix;
5062 SET_FLAG(p->flags, EXEC_PASS_LOG_UNIT|EXEC_CHOWN_DIRECTORIES, MANAGER_IS_SYSTEM(u->manager));
5063
5064 /* Copy paramaters from unit */
5065 p->cgroup_path = u->cgroup_path;
5066 SET_FLAG(p->flags, EXEC_CGROUP_DELEGATE, unit_cgroup_delegate(u));
5067 }
5068
5069 int unit_fork_helper_process(Unit *u, const char *name, pid_t *ret) {
5070 int r;
5071
5072 assert(u);
5073 assert(ret);
5074
5075 /* Forks off a helper process and makes sure it is a member of the unit's cgroup. Returns == 0 in the child,
5076 * and > 0 in the parent. The pid parameter is always filled in with the child's PID. */
5077
5078 (void) unit_realize_cgroup(u);
5079
5080 r = safe_fork(name, FORK_REOPEN_LOG, ret);
5081 if (r != 0)
5082 return r;
5083
5084 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
5085 (void) ignore_signals(SIGPIPE, -1);
5086
5087 (void) prctl(PR_SET_PDEATHSIG, SIGTERM);
5088
5089 if (u->cgroup_path) {
5090 r = cg_attach_everywhere(u->manager->cgroup_supported, u->cgroup_path, 0, NULL, NULL);
5091 if (r < 0) {
5092 log_unit_error_errno(u, r, "Failed to join unit cgroup %s: %m", u->cgroup_path);
5093 _exit(EXIT_CGROUP);
5094 }
5095 }
5096
5097 return 0;
5098 }
5099
5100 static void unit_update_dependency_mask(Unit *u, UnitDependency d, Unit *other, UnitDependencyInfo di) {
5101 assert(u);
5102 assert(d >= 0);
5103 assert(d < _UNIT_DEPENDENCY_MAX);
5104 assert(other);
5105
5106 if (di.origin_mask == 0 && di.destination_mask == 0) {
5107 /* No bit set anymore, let's drop the whole entry */
5108 assert_se(hashmap_remove(u->dependencies[d], other));
5109 log_unit_debug(u, "%s lost dependency %s=%s", u->id, unit_dependency_to_string(d), other->id);
5110 } else
5111 /* Mask was reduced, let's update the entry */
5112 assert_se(hashmap_update(u->dependencies[d], other, di.data) == 0);
5113 }
5114
5115 void unit_remove_dependencies(Unit *u, UnitDependencyMask mask) {
5116 UnitDependency d;
5117
5118 assert(u);
5119
5120 /* Removes all dependencies u has on other units marked for ownership by 'mask'. */
5121
5122 if (mask == 0)
5123 return;
5124
5125 for (d = 0; d < _UNIT_DEPENDENCY_MAX; d++) {
5126 bool done;
5127
5128 do {
5129 UnitDependencyInfo di;
5130 Unit *other;
5131 Iterator i;
5132
5133 done = true;
5134
5135 HASHMAP_FOREACH_KEY(di.data, other, u->dependencies[d], i) {
5136 UnitDependency q;
5137
5138 if ((di.origin_mask & ~mask) == di.origin_mask)
5139 continue;
5140 di.origin_mask &= ~mask;
5141 unit_update_dependency_mask(u, d, other, di);
5142
5143 /* We updated the dependency from our unit to the other unit now. But most dependencies
5144 * imply a reverse dependency. Hence, let's delete that one too. For that we go through
5145 * all dependency types on the other unit and delete all those which point to us and
5146 * have the right mask set. */
5147
5148 for (q = 0; q < _UNIT_DEPENDENCY_MAX; q++) {
5149 UnitDependencyInfo dj;
5150
5151 dj.data = hashmap_get(other->dependencies[q], u);
5152 if ((dj.destination_mask & ~mask) == dj.destination_mask)
5153 continue;
5154 dj.destination_mask &= ~mask;
5155
5156 unit_update_dependency_mask(other, q, u, dj);
5157 }
5158
5159 unit_add_to_gc_queue(other);
5160
5161 done = false;
5162 break;
5163 }
5164
5165 } while (!done);
5166 }
5167 }
5168
5169 static int unit_export_invocation_id(Unit *u) {
5170 const char *p;
5171 int r;
5172
5173 assert(u);
5174
5175 if (u->exported_invocation_id)
5176 return 0;
5177
5178 if (sd_id128_is_null(u->invocation_id))
5179 return 0;
5180
5181 p = strjoina("/run/systemd/units/invocation:", u->id);
5182 r = symlink_atomic(u->invocation_id_string, p);
5183 if (r < 0)
5184 return log_unit_debug_errno(u, r, "Failed to create invocation ID symlink %s: %m", p);
5185
5186 u->exported_invocation_id = true;
5187 return 0;
5188 }
5189
5190 static int unit_export_log_level_max(Unit *u, const ExecContext *c) {
5191 const char *p;
5192 char buf[2];
5193 int r;
5194
5195 assert(u);
5196 assert(c);
5197
5198 if (u->exported_log_level_max)
5199 return 0;
5200
5201 if (c->log_level_max < 0)
5202 return 0;
5203
5204 assert(c->log_level_max <= 7);
5205
5206 buf[0] = '0' + c->log_level_max;
5207 buf[1] = 0;
5208
5209 p = strjoina("/run/systemd/units/log-level-max:", u->id);
5210 r = symlink_atomic(buf, p);
5211 if (r < 0)
5212 return log_unit_debug_errno(u, r, "Failed to create maximum log level symlink %s: %m", p);
5213
5214 u->exported_log_level_max = true;
5215 return 0;
5216 }
5217
5218 static int unit_export_log_extra_fields(Unit *u, const ExecContext *c) {
5219 _cleanup_close_ int fd = -1;
5220 struct iovec *iovec;
5221 const char *p;
5222 char *pattern;
5223 le64_t *sizes;
5224 ssize_t n;
5225 size_t i;
5226 int r;
5227
5228 if (u->exported_log_extra_fields)
5229 return 0;
5230
5231 if (c->n_log_extra_fields <= 0)
5232 return 0;
5233
5234 sizes = newa(le64_t, c->n_log_extra_fields);
5235 iovec = newa(struct iovec, c->n_log_extra_fields * 2);
5236
5237 for (i = 0; i < c->n_log_extra_fields; i++) {
5238 sizes[i] = htole64(c->log_extra_fields[i].iov_len);
5239
5240 iovec[i*2] = IOVEC_MAKE(sizes + i, sizeof(le64_t));
5241 iovec[i*2+1] = c->log_extra_fields[i];
5242 }
5243
5244 p = strjoina("/run/systemd/units/log-extra-fields:", u->id);
5245 pattern = strjoina(p, ".XXXXXX");
5246
5247 fd = mkostemp_safe(pattern);
5248 if (fd < 0)
5249 return log_unit_debug_errno(u, fd, "Failed to create extra fields file %s: %m", p);
5250
5251 n = writev(fd, iovec, c->n_log_extra_fields*2);
5252 if (n < 0) {
5253 r = log_unit_debug_errno(u, errno, "Failed to write extra fields: %m");
5254 goto fail;
5255 }
5256
5257 (void) fchmod(fd, 0644);
5258
5259 if (rename(pattern, p) < 0) {
5260 r = log_unit_debug_errno(u, errno, "Failed to rename extra fields file: %m");
5261 goto fail;
5262 }
5263
5264 u->exported_log_extra_fields = true;
5265 return 0;
5266
5267 fail:
5268 (void) unlink(pattern);
5269 return r;
5270 }
5271
5272 void unit_export_state_files(Unit *u) {
5273 const ExecContext *c;
5274
5275 assert(u);
5276
5277 if (!u->id)
5278 return;
5279
5280 if (!MANAGER_IS_SYSTEM(u->manager))
5281 return;
5282
5283 if (MANAGER_IS_TEST_RUN(u->manager))
5284 return;
5285
5286 /* Exports a couple of unit properties to /run/systemd/units/, so that journald can quickly query this data
5287 * from there. Ideally, journald would use IPC to query this, like everybody else, but that's hard, as long as
5288 * the IPC system itself and PID 1 also log to the journal.
5289 *
5290 * Note that these files really shouldn't be considered API for anyone else, as use a runtime file system as
5291 * IPC replacement is not compatible with today's world of file system namespaces. However, this doesn't really
5292 * apply to communication between the journal and systemd, as we assume that these two daemons live in the same
5293 * namespace at least.
5294 *
5295 * Note that some of the "files" exported here are actually symlinks and not regular files. Symlinks work
5296 * better for storing small bits of data, in particular as we can write them with two system calls, and read
5297 * them with one. */
5298
5299 (void) unit_export_invocation_id(u);
5300
5301 c = unit_get_exec_context(u);
5302 if (c) {
5303 (void) unit_export_log_level_max(u, c);
5304 (void) unit_export_log_extra_fields(u, c);
5305 }
5306 }
5307
5308 void unit_unlink_state_files(Unit *u) {
5309 const char *p;
5310
5311 assert(u);
5312
5313 if (!u->id)
5314 return;
5315
5316 if (!MANAGER_IS_SYSTEM(u->manager))
5317 return;
5318
5319 /* Undoes the effect of unit_export_state() */
5320
5321 if (u->exported_invocation_id) {
5322 p = strjoina("/run/systemd/units/invocation:", u->id);
5323 (void) unlink(p);
5324
5325 u->exported_invocation_id = false;
5326 }
5327
5328 if (u->exported_log_level_max) {
5329 p = strjoina("/run/systemd/units/log-level-max:", u->id);
5330 (void) unlink(p);
5331
5332 u->exported_log_level_max = false;
5333 }
5334
5335 if (u->exported_log_extra_fields) {
5336 p = strjoina("/run/systemd/units/extra-fields:", u->id);
5337 (void) unlink(p);
5338
5339 u->exported_log_extra_fields = false;
5340 }
5341 }
5342
5343 int unit_prepare_exec(Unit *u) {
5344 int r;
5345
5346 assert(u);
5347
5348 /* Prepares everything so that we can fork of a process for this unit */
5349
5350 (void) unit_realize_cgroup(u);
5351
5352 if (u->reset_accounting) {
5353 (void) unit_reset_cpu_accounting(u);
5354 (void) unit_reset_ip_accounting(u);
5355 u->reset_accounting = false;
5356 }
5357
5358 unit_export_state_files(u);
5359
5360 r = unit_setup_exec_runtime(u);
5361 if (r < 0)
5362 return r;
5363
5364 r = unit_setup_dynamic_creds(u);
5365 if (r < 0)
5366 return r;
5367
5368 return 0;
5369 }
5370
5371 static void log_leftover(pid_t pid, int sig, void *userdata) {
5372 _cleanup_free_ char *comm = NULL;
5373
5374 (void) get_process_comm(pid, &comm);
5375
5376 if (comm && comm[0] == '(') /* Most likely our own helper process (PAM?), ignore */
5377 return;
5378
5379 log_unit_warning(userdata,
5380 "Found left-over process " PID_FMT " (%s) in control group while starting unit. Ignoring.\n"
5381 "This usually indicates unclean termination of a previous run, or service implementation deficiencies.",
5382 pid, strna(comm));
5383 }
5384
5385 void unit_warn_leftover_processes(Unit *u) {
5386 assert(u);
5387
5388 (void) unit_pick_cgroup_path(u);
5389
5390 if (!u->cgroup_path)
5391 return;
5392
5393 (void) cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, 0, 0, NULL, log_leftover, u);
5394 }
5395
5396 bool unit_needs_console(Unit *u) {
5397 ExecContext *ec;
5398 UnitActiveState state;
5399
5400 assert(u);
5401
5402 state = unit_active_state(u);
5403
5404 if (UNIT_IS_INACTIVE_OR_FAILED(state))
5405 return false;
5406
5407 if (UNIT_VTABLE(u)->needs_console)
5408 return UNIT_VTABLE(u)->needs_console(u);
5409
5410 /* If this unit type doesn't implement this call, let's use a generic fallback implementation: */
5411 ec = unit_get_exec_context(u);
5412 if (!ec)
5413 return false;
5414
5415 return exec_context_may_touch_console(ec);
5416 }
5417
5418 const char *unit_label_path(Unit *u) {
5419 const char *p;
5420
5421 /* Returns the file system path to use for MAC access decisions, i.e. the file to read the SELinux label off
5422 * when validating access checks. */
5423
5424 p = u->source_path ?: u->fragment_path;
5425 if (!p)
5426 return NULL;
5427
5428 /* If a unit is masked, then don't read the SELinux label of /dev/null, as that really makes no sense */
5429 if (path_equal(p, "/dev/null"))
5430 return NULL;
5431
5432 return p;
5433 }
5434
5435 int unit_pid_attachable(Unit *u, pid_t pid, sd_bus_error *error) {
5436 int r;
5437
5438 assert(u);
5439
5440 /* Checks whether the specified PID is generally good for attaching, i.e. a valid PID, not our manager itself,
5441 * and not a kernel thread either */
5442
5443 /* First, a simple range check */
5444 if (!pid_is_valid(pid))
5445 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Process identifier " PID_FMT " is not valid.", pid);
5446
5447 /* Some extra safety check */
5448 if (pid == 1 || pid == getpid_cached())
5449 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Process " PID_FMT " is a manager process, refusing.", pid);
5450
5451 /* Don't even begin to bother with kernel threads */
5452 r = is_kernel_thread(pid);
5453 if (r == -ESRCH)
5454 return sd_bus_error_setf(error, SD_BUS_ERROR_UNIX_PROCESS_ID_UNKNOWN, "Process with ID " PID_FMT " does not exist.", pid);
5455 if (r < 0)
5456 return sd_bus_error_set_errnof(error, r, "Failed to determine whether process " PID_FMT " is a kernel thread: %m", pid);
5457 if (r > 0)
5458 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Process " PID_FMT " is a kernel thread, refusing.", pid);
5459
5460 return 0;
5461 }
5462
5463 static const char* const collect_mode_table[_COLLECT_MODE_MAX] = {
5464 [COLLECT_INACTIVE] = "inactive",
5465 [COLLECT_INACTIVE_OR_FAILED] = "inactive-or-failed",
5466 };
5467
5468 DEFINE_STRING_TABLE_LOOKUP(collect_mode, CollectMode);
Unnamed repository; edit this file 'description' to name the repository.