such).
```
+✓ RuntimeMaxSec=
✓ TimeoutStopSec=
```
<listitem><para>Sets unit <varname>IOWeight=</varname>.</para></listitem>
</varlistentry>
+
+ <varlistentry>
+ <term><varname>systemd.runtime_max_sec</varname></term>
+
+ <listitem><para>Sets unit <varname>RuntimeMaxSec=</varname>.</para></listitem>
+ </varlistentry>
</variablelist>
<para>Example data as can be provided from an another PAM module:
pam_set_data(handle, "systemd.tasks_max", (void *)"50", cleanup);
pam_set_data(handle, "systemd.cpu_weight", (void *)"100", cleanup);
pam_set_data(handle, "systemd.io_weight", (void *)"340", cleanup);
+pam_set_data(handle, "systemd.runtime_max_sec", (void *)"3600", cleanup);
</programlisting>
</para>
</refsect2>
</refsect1>
+ <refsect1>
+ <title>Options</title>
+
+ <para>Scope files may include a <literal>[Scope]</literal>
+ section, which carries information about the scope and the
+ units it contains. A number of options that may be used in
+ this section are shared with other unit types. These options are
+ documented in
+ <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ and
+ <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+ The options specific to the <literal>[Scope]</literal> section
+ of scope units are the following:</para>
+
+ <variablelist class='unit-directives'>
+ <varlistentry>
+ <term><varname>RuntimeMaxSec=</varname></term>
+
+ <listitem><para>Configures a maximum time for the scope to run. If this is used and the scope has been
+ active for longer than the specified time it is terminated and put into a failure state. Pass
+ <literal>infinity</literal> (the default) to configure no runtime limit.</para></listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
<refsect1>
<title>See Also</title>
<para>
SD_BUS_PROPERTY("Controller", "s", NULL, offsetof(Scope, controller), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
SD_BUS_PROPERTY("TimeoutStopUSec", "t", bus_property_get_usec, offsetof(Scope, timeout_stop_usec), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("Result", "s", property_get_result, offsetof(Scope, result), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+ SD_BUS_PROPERTY("RuntimeMaxUSec", "t", bus_property_get_usec, offsetof(Scope, runtime_max_usec), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_SIGNAL("RequestStop", NULL, 0),
SD_BUS_METHOD("Abandon", NULL, NULL, bus_scope_method_abandon, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_VTABLE_END
UnitWriteFlags flags,
sd_bus_error *error) {
+ Unit *u = UNIT(s);
int r;
assert(s);
flags |= UNIT_PRIVATE;
if (streq(name, "TimeoutStopUSec"))
- return bus_set_transient_usec(UNIT(s), name, &s->timeout_stop_usec, message, flags, error);
+ return bus_set_transient_usec(u, name, &s->timeout_stop_usec, message, flags, error);
+
+ if (streq(name, "RuntimeMaxUSec"))
+ return bus_set_transient_usec(u, name, &s->runtime_max_usec, message, flags, error);
if (streq(name, "PIDs")) {
_cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
} else
pid = (uid_t) upid;
- r = unit_pid_attachable(UNIT(s), pid, error);
+ r = unit_pid_attachable(u, pid, error);
if (r < 0)
return r;
if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
- r = unit_watch_pid(UNIT(s), pid, false);
+ r = unit_watch_pid(u, pid, false);
if (r < 0 && r != -EEXIST)
return r;
}
/* We can't support direct connections with this, as direct connections know no service or unique name
* concept, but the Controller field stores exactly that. */
- if (sd_bus_message_get_bus(message) != UNIT(s)->manager->api_bus)
+ if (sd_bus_message_get_bus(message) != u->manager->api_bus)
return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Sorry, Controller= logic only supported via the bus.");
r = sd_bus_message_read(message, "s", &controller);
m4_dnl
CGROUP_CONTEXT_CONFIG_ITEMS(Scope)m4_dnl
KILL_CONTEXT_CONFIG_ITEMS(Scope)m4_dnl
+Scope.RuntimeMaxSec, config_parse_sec, 0, offsetof(Scope, runtime_max_usec)
Scope.TimeoutStopSec, config_parse_sec, 0, offsetof(Scope, timeout_stop_usec)
m4_dnl The [Install] section is ignored here.
Install.Alias, NULL, 0, 0
assert(u);
assert(u->load_state == UNIT_STUB);
+ s->runtime_max_usec = USEC_INFINITY;
s->timeout_stop_usec = u->manager->default_timeout_stop_usec;
u->ignore_on_isolate = true;
}
return scope_verify(s);
}
+static usec_t scope_coldplug_timeout(Scope *s) {
+ assert(s);
+
+ switch (s->deserialized_state) {
+
+ case SCOPE_RUNNING:
+ return usec_add(UNIT(s)->active_enter_timestamp.monotonic, s->runtime_max_usec);
+
+ case SCOPE_STOP_SIGKILL:
+ case SCOPE_STOP_SIGTERM:
+ return usec_add(UNIT(s)->state_change_timestamp.monotonic, s->timeout_stop_usec);
+
+ default:
+ return USEC_INFINITY;
+ }
+}
+
static int scope_coldplug(Unit *u) {
Scope *s = SCOPE(u);
int r;
if (s->deserialized_state == s->state)
return 0;
- if (IN_SET(s->deserialized_state, SCOPE_STOP_SIGKILL, SCOPE_STOP_SIGTERM)) {
- r = scope_arm_timer(s, usec_add(u->state_change_timestamp.monotonic, s->timeout_stop_usec));
- if (r < 0)
- return r;
- }
+ r = scope_arm_timer(s, scope_coldplug_timeout(s));
+ if (r < 0)
+ return r;
if (!IN_SET(s->deserialized_state, SCOPE_DEAD, SCOPE_FAILED))
(void) unit_enqueue_rewatch_pids(u);
static void scope_dump(Unit *u, FILE *f, const char *prefix) {
Scope *s = SCOPE(u);
+ char buf_runtime[FORMAT_TIMESPAN_MAX];
assert(s);
assert(f);
fprintf(f,
"%sScope State: %s\n"
- "%sResult: %s\n",
+ "%sResult: %s\n"
+ "%sRuntimeMaxSec: %s\n",
prefix, scope_state_to_string(s->state),
- prefix, scope_result_to_string(s->result));
+ prefix, scope_result_to_string(s->result),
+ prefix, format_timespan(buf_runtime, sizeof(buf_runtime), s->runtime_max_usec, USEC_PER_SEC));
cgroup_context_dump(UNIT(s), f, prefix);
kill_context_dump(&s->kill_context, f, prefix);
scope_set_state(s, SCOPE_RUNNING);
+ /* Set the maximum runtime timeout. */
+ scope_arm_timer(s, usec_add(UNIT(s)->active_enter_timestamp.monotonic, s->runtime_max_usec));
+
/* Start watching the PIDs currently in the scope */
(void) unit_enqueue_rewatch_pids(u);
return 1;
switch (s->state) {
+ case SCOPE_RUNNING:
+ log_unit_warning(UNIT(s), "Scope reached runtime time limit. Stopping.");
+ scope_enter_signal(s, SCOPE_STOP_SIGTERM, SCOPE_FAILURE_TIMEOUT);
+ break;
+
case SCOPE_STOP_SIGTERM:
if (s->kill_context.send_sigkill) {
log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
ScopeState state, deserialized_state;
ScopeResult result;
+ usec_t runtime_max_usec;
usec_t timeout_stop_usec;
char *controller;
return 0;
}
+static int append_session_runtime_max_sec(pam_handle_t *handle, sd_bus_message *m, const char *limit) {
+ usec_t val;
+ int r;
+
+ /* No need to parse "infinity" here, it will be set by default later in scope_init() */
+ if (isempty(limit) || streq(limit, "infinity"))
+ return 0;
+
+ r = parse_sec(limit, &val);
+ if (r >= 0) {
+ r = sd_bus_message_append(m, "(sv)", "RuntimeMaxUSec", "t", (uint64_t) val);
+ if (r < 0) {
+ pam_syslog(handle, LOG_ERR, "Failed to append to bus message: %s", strerror_safe(r));
+ return r;
+ }
+ } else
+ pam_syslog(handle, LOG_WARNING, "Failed to parse systemd.runtime_max_sec: %s, ignoring.", limit);
+
+ return 0;
+}
+
static int append_session_tasks_max(pam_handle_t *handle, sd_bus_message *m, const char *limit) {
uint64_t val;
int r;
*seat = NULL,
*type = NULL, *class = NULL,
*class_pam = NULL, *type_pam = NULL, *cvtnr = NULL, *desktop = NULL, *desktop_pam = NULL,
- *memory_max = NULL, *tasks_max = NULL, *cpu_weight = NULL, *io_weight = NULL;
+ *memory_max = NULL, *tasks_max = NULL, *cpu_weight = NULL, *io_weight = NULL, *runtime_max_sec = NULL;
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
int session_fd = -1, existing, r;
bool debug = false, remote;
(void) pam_get_data(handle, "systemd.tasks_max", (const void **)&tasks_max);
(void) pam_get_data(handle, "systemd.cpu_weight", (const void **)&cpu_weight);
(void) pam_get_data(handle, "systemd.io_weight", (const void **)&io_weight);
+ (void) pam_get_data(handle, "systemd.runtime_max_sec", (const void **)&runtime_max_sec);
/* Talk to logind over the message bus */
strempty(seat), vtnr, strempty(tty), strempty(display),
yes_no(remote), strempty(remote_user), strempty(remote_host));
pam_syslog(handle, LOG_DEBUG, "Session limits: "
- "memory_max=%s tasks_max=%s cpu_weight=%s io_weight=%s",
- strna(memory_max), strna(tasks_max), strna(cpu_weight), strna(io_weight));
+ "memory_max=%s tasks_max=%s cpu_weight=%s io_weight=%s runtime_max_sec=%s",
+ strna(memory_max), strna(tasks_max), strna(cpu_weight), strna(io_weight), strna(runtime_max_sec));
}
r = sd_bus_message_new_method_call(
if (r < 0)
return PAM_SESSION_ERR;
+ r = append_session_runtime_max_sec(handle, m, runtime_max_sec);
+ if (r < 0)
+ return PAM_SESSION_ERR;
+
r = append_session_tasks_max(handle, m, tasks_max);
if (r < 0)
return PAM_SESSION_ERR;
return 0;
}
+static int bus_append_scope_property(sd_bus_message *m, const char *field, const char *eq) {
+ if (streq(field, "RuntimeMaxSec"))
+
+ return bus_append_parse_sec_rename(m, field, eq);
+
+ if (streq(field, "TimeoutStopSec"))
+
+ return bus_append_parse_sec_rename(m, field, eq);
+
+ return 0;
+}
+
static int bus_append_service_property(sd_bus_message *m, const char *field, const char *eq) {
int r;
break;
case UNIT_SCOPE:
-
- if (streq(field, "TimeoutStopSec"))
- return bus_append_parse_sec_rename(m, field, eq);
-
r = bus_append_cgroup_property(m, field, eq);
if (r != 0)
return r;
r = bus_append_kill_property(m, field, eq);
+ if (r != 0)
+ return r;
+
+ r = bus_append_scope_property(m, field, eq);
if (r != 0)
return r;
break;
ELAPSED=$(($END_SEC-$START_SEC))
[[ "$ELAPSED" -ge 5 ]] && [[ "$ELAPSED" -le 7 ]] || exit 1
+# Test time-limited scopes
+START_SEC=$(date -u '+%s')
+set +e
+systemd-run --scope --property=RuntimeMaxSec=3s sleep 10
+RESULT=$?
+END_SEC=$(date -u '+%s')
+ELAPSED=$(($END_SEC-$START_SEC))
+[[ "$ELAPSED" -ge 3 ]] && [[ "$ELAPSED" -le 5 ]] || exit 1
+[[ "$RESULT" -ne 0 ]] || exit 1
+
touch /testok
--- /dev/null
+scope
+RuntimeMaxSec=
projects / thirdparty / systemd.git / commitdiff
