]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
4ad49000 LP |
2 | /*** |
3 | This file is part of systemd. | |
4 | ||
5 | Copyright 2013 Lennart Poettering | |
6 | ||
7 | systemd is free software; you can redistribute it and/or modify it | |
8 | under the terms of the GNU Lesser General Public License as published by | |
9 | the Free Software Foundation; either version 2.1 of the License, or | |
10 | (at your option) any later version. | |
11 | ||
12 | systemd is distributed in the hope that it will be useful, but | |
13 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
15 | Lesser General Public License for more details. | |
16 | ||
17 | You should have received a copy of the GNU Lesser General Public License | |
18 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
19 | ***/ | |
20 | ||
3dc5ca97 | 21 | #include <arpa/inet.h> |
0d536673 | 22 | #include <stdio_ext.h> |
3dc5ca97 LP |
23 | |
24 | #include "af-list.h" | |
b5efdb8a | 25 | #include "alloc-util.h" |
078ba556 | 26 | #include "bpf-firewall.h" |
718db961 | 27 | #include "bus-util.h" |
718db961 LP |
28 | #include "cgroup-util.h" |
29 | #include "cgroup.h" | |
4ad49000 | 30 | #include "dbus-cgroup.h" |
3ffd4af2 | 31 | #include "fd-util.h" |
0d39fa9c | 32 | #include "fileio.h" |
3ffd4af2 | 33 | #include "path-util.h" |
4ad49000 | 34 | |
718db961 LP |
35 | static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_cgroup_device_policy, cgroup_device_policy, CGroupDevicePolicy); |
36 | ||
02638280 LP |
37 | static int property_get_delegate_controllers( |
38 | sd_bus *bus, | |
39 | const char *path, | |
40 | const char *interface, | |
41 | const char *property, | |
42 | sd_bus_message *reply, | |
43 | void *userdata, | |
44 | sd_bus_error *error) { | |
45 | ||
46 | CGroupContext *c = userdata; | |
47 | CGroupController cc; | |
48 | int r; | |
49 | ||
50 | assert(bus); | |
51 | assert(reply); | |
52 | assert(c); | |
53 | ||
54 | if (!c->delegate) | |
55 | return sd_bus_message_append(reply, "as", 0); | |
56 | ||
57 | r = sd_bus_message_open_container(reply, 'a', "s"); | |
58 | if (r < 0) | |
59 | return r; | |
60 | ||
61 | for (cc = 0; cc < _CGROUP_CONTROLLER_MAX; cc++) { | |
62 | if ((c->delegate_controllers & CGROUP_CONTROLLER_TO_MASK(cc)) == 0) | |
63 | continue; | |
64 | ||
65 | r = sd_bus_message_append(reply, "s", cgroup_controller_to_string(cc)); | |
66 | if (r < 0) | |
67 | return r; | |
68 | } | |
69 | ||
70 | return sd_bus_message_close_container(reply); | |
71 | } | |
72 | ||
13c31542 TH |
73 | static int property_get_io_device_weight( |
74 | sd_bus *bus, | |
75 | const char *path, | |
76 | const char *interface, | |
77 | const char *property, | |
78 | sd_bus_message *reply, | |
79 | void *userdata, | |
80 | sd_bus_error *error) { | |
81 | ||
82 | CGroupContext *c = userdata; | |
83 | CGroupIODeviceWeight *w; | |
84 | int r; | |
85 | ||
86 | assert(bus); | |
87 | assert(reply); | |
88 | assert(c); | |
89 | ||
90 | r = sd_bus_message_open_container(reply, 'a', "(st)"); | |
91 | if (r < 0) | |
92 | return r; | |
93 | ||
94 | LIST_FOREACH(device_weights, w, c->io_device_weights) { | |
95 | r = sd_bus_message_append(reply, "(st)", w->path, w->weight); | |
96 | if (r < 0) | |
97 | return r; | |
98 | } | |
99 | ||
100 | return sd_bus_message_close_container(reply); | |
101 | } | |
102 | ||
103 | static int property_get_io_device_limits( | |
104 | sd_bus *bus, | |
105 | const char *path, | |
106 | const char *interface, | |
107 | const char *property, | |
108 | sd_bus_message *reply, | |
109 | void *userdata, | |
110 | sd_bus_error *error) { | |
111 | ||
112 | CGroupContext *c = userdata; | |
113 | CGroupIODeviceLimit *l; | |
114 | int r; | |
115 | ||
116 | assert(bus); | |
117 | assert(reply); | |
118 | assert(c); | |
119 | ||
120 | r = sd_bus_message_open_container(reply, 'a', "(st)"); | |
121 | if (r < 0) | |
122 | return r; | |
123 | ||
124 | LIST_FOREACH(device_limits, l, c->io_device_limits) { | |
9be57249 | 125 | CGroupIOLimitType type; |
13c31542 | 126 | |
9be57249 TH |
127 | type = cgroup_io_limit_type_from_string(property); |
128 | if (type < 0 || l->limits[type] == cgroup_io_limit_defaults[type]) | |
13c31542 TH |
129 | continue; |
130 | ||
9be57249 | 131 | r = sd_bus_message_append(reply, "(st)", l->path, l->limits[type]); |
13c31542 TH |
132 | if (r < 0) |
133 | return r; | |
134 | } | |
135 | ||
136 | return sd_bus_message_close_container(reply); | |
137 | } | |
138 | ||
718db961 LP |
139 | static int property_get_blockio_device_weight( |
140 | sd_bus *bus, | |
141 | const char *path, | |
142 | const char *interface, | |
143 | const char *property, | |
144 | sd_bus_message *reply, | |
ebcf1f97 LP |
145 | void *userdata, |
146 | sd_bus_error *error) { | |
4ad49000 | 147 | |
718db961 | 148 | CGroupContext *c = userdata; |
4ad49000 | 149 | CGroupBlockIODeviceWeight *w; |
718db961 | 150 | int r; |
4ad49000 | 151 | |
718db961 LP |
152 | assert(bus); |
153 | assert(reply); | |
4ad49000 LP |
154 | assert(c); |
155 | ||
718db961 LP |
156 | r = sd_bus_message_open_container(reply, 'a', "(st)"); |
157 | if (r < 0) | |
158 | return r; | |
4ad49000 LP |
159 | |
160 | LIST_FOREACH(device_weights, w, c->blockio_device_weights) { | |
718db961 LP |
161 | r = sd_bus_message_append(reply, "(st)", w->path, w->weight); |
162 | if (r < 0) | |
163 | return r; | |
4ad49000 LP |
164 | } |
165 | ||
718db961 | 166 | return sd_bus_message_close_container(reply); |
4ad49000 LP |
167 | } |
168 | ||
718db961 LP |
169 | static int property_get_blockio_device_bandwidths( |
170 | sd_bus *bus, | |
171 | const char *path, | |
172 | const char *interface, | |
173 | const char *property, | |
174 | sd_bus_message *reply, | |
ebcf1f97 LP |
175 | void *userdata, |
176 | sd_bus_error *error) { | |
718db961 LP |
177 | |
178 | CGroupContext *c = userdata; | |
4ad49000 | 179 | CGroupBlockIODeviceBandwidth *b; |
718db961 | 180 | int r; |
4ad49000 | 181 | |
718db961 LP |
182 | assert(bus); |
183 | assert(reply); | |
4ad49000 LP |
184 | assert(c); |
185 | ||
718db961 LP |
186 | r = sd_bus_message_open_container(reply, 'a', "(st)"); |
187 | if (r < 0) | |
188 | return r; | |
4ad49000 LP |
189 | |
190 | LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths) { | |
979d0311 | 191 | uint64_t v; |
4ad49000 | 192 | |
979d0311 TH |
193 | if (streq(property, "BlockIOReadBandwidth")) |
194 | v = b->rbps; | |
195 | else | |
196 | v = b->wbps; | |
197 | ||
198 | if (v == CGROUP_LIMIT_MAX) | |
4ad49000 LP |
199 | continue; |
200 | ||
979d0311 | 201 | r = sd_bus_message_append(reply, "(st)", b->path, v); |
718db961 LP |
202 | if (r < 0) |
203 | return r; | |
4ad49000 LP |
204 | } |
205 | ||
718db961 | 206 | return sd_bus_message_close_container(reply); |
4ad49000 LP |
207 | } |
208 | ||
718db961 LP |
209 | static int property_get_device_allow( |
210 | sd_bus *bus, | |
211 | const char *path, | |
212 | const char *interface, | |
213 | const char *property, | |
214 | sd_bus_message *reply, | |
ebcf1f97 LP |
215 | void *userdata, |
216 | sd_bus_error *error) { | |
718db961 LP |
217 | |
218 | CGroupContext *c = userdata; | |
4ad49000 | 219 | CGroupDeviceAllow *a; |
718db961 | 220 | int r; |
4ad49000 | 221 | |
718db961 LP |
222 | assert(bus); |
223 | assert(reply); | |
4ad49000 LP |
224 | assert(c); |
225 | ||
718db961 LP |
226 | r = sd_bus_message_open_container(reply, 'a', "(ss)"); |
227 | if (r < 0) | |
228 | return r; | |
4ad49000 LP |
229 | |
230 | LIST_FOREACH(device_allow, a, c->device_allow) { | |
4ad49000 | 231 | unsigned k = 0; |
718db961 | 232 | char rwm[4]; |
4ad49000 LP |
233 | |
234 | if (a->r) | |
718db961 | 235 | rwm[k++] = 'r'; |
4ad49000 | 236 | if (a->w) |
718db961 | 237 | rwm[k++] = 'w'; |
4ad49000 | 238 | if (a->m) |
718db961 | 239 | rwm[k++] = 'm'; |
4ad49000 | 240 | |
718db961 | 241 | rwm[k] = 0; |
4ad49000 | 242 | |
718db961 LP |
243 | r = sd_bus_message_append(reply, "(ss)", a->path, rwm); |
244 | if (r < 0) | |
245 | return r; | |
4ad49000 LP |
246 | } |
247 | ||
718db961 | 248 | return sd_bus_message_close_container(reply); |
4ad49000 LP |
249 | } |
250 | ||
3dc5ca97 LP |
251 | static int property_get_ip_address_access( |
252 | sd_bus *bus, | |
253 | const char *path, | |
254 | const char *interface, | |
255 | const char *property, | |
256 | sd_bus_message *reply, | |
257 | void *userdata, | |
258 | sd_bus_error *error) { | |
259 | ||
260 | IPAddressAccessItem** items = userdata, *i; | |
261 | int r; | |
262 | ||
263 | r = sd_bus_message_open_container(reply, 'a', "(iayu)"); | |
264 | if (r < 0) | |
265 | return r; | |
266 | ||
267 | LIST_FOREACH(items, i, *items) { | |
268 | ||
269 | r = sd_bus_message_open_container(reply, 'r', "iayu"); | |
270 | if (r < 0) | |
271 | return r; | |
272 | ||
273 | r = sd_bus_message_append(reply, "i", i->family); | |
274 | if (r < 0) | |
275 | return r; | |
276 | ||
277 | r = sd_bus_message_append_array(reply, 'y', &i->address, FAMILY_ADDRESS_SIZE(i->family)); | |
278 | if (r < 0) | |
279 | return r; | |
280 | ||
281 | r = sd_bus_message_append(reply, "u", (uint32_t) i->prefixlen); | |
282 | if (r < 0) | |
283 | return r; | |
284 | ||
285 | r = sd_bus_message_close_container(reply); | |
286 | if (r < 0) | |
287 | return r; | |
288 | } | |
289 | ||
290 | return sd_bus_message_close_container(reply); | |
291 | } | |
292 | ||
718db961 LP |
293 | const sd_bus_vtable bus_cgroup_vtable[] = { |
294 | SD_BUS_VTABLE_START(0), | |
a931ad47 | 295 | SD_BUS_PROPERTY("Delegate", "b", bus_property_get_bool, offsetof(CGroupContext, delegate), 0), |
02638280 | 296 | SD_BUS_PROPERTY("DelegateControllers", "as", property_get_delegate_controllers, 0, 0), |
610f780c | 297 | SD_BUS_PROPERTY("CPUAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, cpu_accounting), 0), |
66ebf6c0 TH |
298 | SD_BUS_PROPERTY("CPUWeight", "t", NULL, offsetof(CGroupContext, cpu_weight), 0), |
299 | SD_BUS_PROPERTY("StartupCPUWeight", "t", NULL, offsetof(CGroupContext, startup_cpu_weight), 0), | |
d53d9474 LP |
300 | SD_BUS_PROPERTY("CPUShares", "t", NULL, offsetof(CGroupContext, cpu_shares), 0), |
301 | SD_BUS_PROPERTY("StartupCPUShares", "t", NULL, offsetof(CGroupContext, startup_cpu_shares), 0), | |
ee26bcc0 | 302 | SD_BUS_PROPERTY("CPUQuotaPerSecUSec", "t", bus_property_get_usec, offsetof(CGroupContext, cpu_quota_per_sec_usec), 0), |
13c31542 TH |
303 | SD_BUS_PROPERTY("IOAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, io_accounting), 0), |
304 | SD_BUS_PROPERTY("IOWeight", "t", NULL, offsetof(CGroupContext, io_weight), 0), | |
305 | SD_BUS_PROPERTY("StartupIOWeight", "t", NULL, offsetof(CGroupContext, startup_io_weight), 0), | |
306 | SD_BUS_PROPERTY("IODeviceWeight", "a(st)", property_get_io_device_weight, 0, 0), | |
307 | SD_BUS_PROPERTY("IOReadBandwidthMax", "a(st)", property_get_io_device_limits, 0, 0), | |
308 | SD_BUS_PROPERTY("IOWriteBandwidthMax", "a(st)", property_get_io_device_limits, 0, 0), | |
ac06a0cf TH |
309 | SD_BUS_PROPERTY("IOReadIOPSMax", "a(st)", property_get_io_device_limits, 0, 0), |
310 | SD_BUS_PROPERTY("IOWriteIOPSMax", "a(st)", property_get_io_device_limits, 0, 0), | |
610f780c | 311 | SD_BUS_PROPERTY("BlockIOAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, blockio_accounting), 0), |
d53d9474 LP |
312 | SD_BUS_PROPERTY("BlockIOWeight", "t", NULL, offsetof(CGroupContext, blockio_weight), 0), |
313 | SD_BUS_PROPERTY("StartupBlockIOWeight", "t", NULL, offsetof(CGroupContext, startup_blockio_weight), 0), | |
610f780c LP |
314 | SD_BUS_PROPERTY("BlockIODeviceWeight", "a(st)", property_get_blockio_device_weight, 0, 0), |
315 | SD_BUS_PROPERTY("BlockIOReadBandwidth", "a(st)", property_get_blockio_device_bandwidths, 0, 0), | |
316 | SD_BUS_PROPERTY("BlockIOWriteBandwidth", "a(st)", property_get_blockio_device_bandwidths, 0, 0), | |
317 | SD_BUS_PROPERTY("MemoryAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, memory_accounting), 0), | |
da4d897e TH |
318 | SD_BUS_PROPERTY("MemoryLow", "t", NULL, offsetof(CGroupContext, memory_low), 0), |
319 | SD_BUS_PROPERTY("MemoryHigh", "t", NULL, offsetof(CGroupContext, memory_high), 0), | |
320 | SD_BUS_PROPERTY("MemoryMax", "t", NULL, offsetof(CGroupContext, memory_max), 0), | |
96e131ea | 321 | SD_BUS_PROPERTY("MemorySwapMax", "t", NULL, offsetof(CGroupContext, memory_swap_max), 0), |
610f780c LP |
322 | SD_BUS_PROPERTY("MemoryLimit", "t", NULL, offsetof(CGroupContext, memory_limit), 0), |
323 | SD_BUS_PROPERTY("DevicePolicy", "s", property_get_cgroup_device_policy, offsetof(CGroupContext, device_policy), 0), | |
324 | SD_BUS_PROPERTY("DeviceAllow", "a(ss)", property_get_device_allow, 0, 0), | |
03a7b521 LP |
325 | SD_BUS_PROPERTY("TasksAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, tasks_accounting), 0), |
326 | SD_BUS_PROPERTY("TasksMax", "t", NULL, offsetof(CGroupContext, tasks_max), 0), | |
3dc5ca97 LP |
327 | SD_BUS_PROPERTY("IPAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, ip_accounting), 0), |
328 | SD_BUS_PROPERTY("IPAddressAllow", "a(iayu)", property_get_ip_address_access, offsetof(CGroupContext, ip_address_allow), 0), | |
329 | SD_BUS_PROPERTY("IPAddressDeny", "a(iayu)", property_get_ip_address_access, offsetof(CGroupContext, ip_address_deny), 0), | |
718db961 | 330 | SD_BUS_VTABLE_END |
4ad49000 | 331 | }; |
8e2af478 | 332 | |
a931ad47 LP |
333 | static int bus_cgroup_set_transient_property( |
334 | Unit *u, | |
335 | CGroupContext *c, | |
336 | const char *name, | |
337 | sd_bus_message *message, | |
2e59b241 | 338 | UnitWriteFlags flags, |
a931ad47 LP |
339 | sd_bus_error *error) { |
340 | ||
341 | int r; | |
342 | ||
343 | assert(u); | |
344 | assert(c); | |
345 | assert(name); | |
346 | assert(message); | |
347 | ||
2e59b241 LP |
348 | flags |= UNIT_PRIVATE; |
349 | ||
a931ad47 LP |
350 | if (streq(name, "Delegate")) { |
351 | int b; | |
352 | ||
353 | r = sd_bus_message_read(message, "b", &b); | |
354 | if (r < 0) | |
355 | return r; | |
356 | ||
2e59b241 | 357 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
a931ad47 | 358 | c->delegate = b; |
02638280 LP |
359 | c->delegate_controllers = b ? _CGROUP_MASK_ALL : 0; |
360 | ||
2e59b241 | 361 | unit_write_settingf(u, flags, name, "Delegate=%s", yes_no(b)); |
a931ad47 LP |
362 | } |
363 | ||
02638280 LP |
364 | return 1; |
365 | ||
366 | } else if (streq(name, "DelegateControllers")) { | |
367 | CGroupMask mask = 0; | |
368 | ||
369 | r = sd_bus_message_enter_container(message, 'a', "s"); | |
370 | if (r < 0) | |
371 | return r; | |
372 | ||
373 | for (;;) { | |
374 | CGroupController cc; | |
375 | const char *t; | |
376 | ||
377 | r = sd_bus_message_read(message, "s", &t); | |
378 | if (r < 0) | |
379 | return r; | |
380 | if (r == 0) | |
381 | break; | |
382 | ||
383 | cc = cgroup_controller_from_string(t); | |
384 | if (cc < 0) | |
e74f76ca | 385 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unknown cgroup contoller '%s'", t); |
02638280 LP |
386 | |
387 | mask |= CGROUP_CONTROLLER_TO_MASK(cc); | |
388 | } | |
389 | ||
390 | r = sd_bus_message_exit_container(message); | |
391 | if (r < 0) | |
392 | return r; | |
393 | ||
2e59b241 | 394 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
02638280 LP |
395 | _cleanup_free_ char *t = NULL; |
396 | ||
397 | r = cg_mask_to_string(mask, &t); | |
398 | if (r < 0) | |
399 | return r; | |
400 | ||
401 | c->delegate = true; | |
1bdfc7b9 YW |
402 | if (mask == 0) |
403 | c->delegate_controllers = 0; | |
404 | else | |
405 | c->delegate_controllers |= mask; | |
02638280 | 406 | |
2e59b241 | 407 | unit_write_settingf(u, flags, name, "Delegate=%s", strempty(t)); |
02638280 LP |
408 | } |
409 | ||
a931ad47 LP |
410 | return 1; |
411 | } | |
412 | ||
413 | return 0; | |
414 | } | |
415 | ||
8e2af478 LP |
416 | int bus_cgroup_set_property( |
417 | Unit *u, | |
418 | CGroupContext *c, | |
419 | const char *name, | |
718db961 | 420 | sd_bus_message *message, |
2e59b241 | 421 | UnitWriteFlags flags, |
718db961 LP |
422 | sd_bus_error *error) { |
423 | ||
9be57249 | 424 | CGroupIOLimitType iol_type; |
718db961 | 425 | int r; |
8e2af478 | 426 | |
8e2af478 LP |
427 | assert(u); |
428 | assert(c); | |
718db961 LP |
429 | assert(name); |
430 | assert(message); | |
8e2af478 | 431 | |
2e59b241 LP |
432 | flags |= UNIT_PRIVATE; |
433 | ||
8e2af478 | 434 | if (streq(name, "CPUAccounting")) { |
718db961 | 435 | int b; |
8e2af478 | 436 | |
718db961 LP |
437 | r = sd_bus_message_read(message, "b", &b); |
438 | if (r < 0) | |
439 | return r; | |
8e2af478 | 440 | |
2e59b241 | 441 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
8e2af478 | 442 | c->cpu_accounting = b; |
e7ab4d1a | 443 | unit_invalidate_cgroup(u, CGROUP_MASK_CPUACCT|CGROUP_MASK_CPU); |
2e59b241 | 444 | unit_write_settingf(u, flags, name, "CPUAccounting=%s", yes_no(b)); |
b42defe3 LP |
445 | } |
446 | ||
447 | return 1; | |
448 | ||
13ec20d4 | 449 | } else if (STR_IN_SET(name, "CPUWeight", "StartupCPUWeight")) { |
66ebf6c0 TH |
450 | uint64_t weight; |
451 | ||
452 | r = sd_bus_message_read(message, "t", &weight); | |
453 | if (r < 0) | |
454 | return r; | |
455 | ||
456 | if (!CGROUP_WEIGHT_IS_OK(weight)) | |
13ec20d4 | 457 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= value out of range", name); |
66ebf6c0 | 458 | |
2e59b241 | 459 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
13ec20d4 YW |
460 | if (streq(name, "CPUWeight")) |
461 | c->cpu_weight = weight; | |
462 | else /* "StartupCPUWeight" */ | |
463 | c->startup_cpu_weight = weight; | |
66ebf6c0 | 464 | |
66ebf6c0 TH |
465 | unit_invalidate_cgroup(u, CGROUP_MASK_CPU); |
466 | ||
13ec20d4 YW |
467 | if (weight == CGROUP_WEIGHT_INVALID) |
468 | unit_write_settingf(u, flags, name, "%s=", name); | |
66ebf6c0 | 469 | else |
13ec20d4 | 470 | unit_write_settingf(u, flags, name, "%s=%" PRIu64, name, weight); |
66ebf6c0 TH |
471 | } |
472 | ||
473 | return 1; | |
474 | ||
13ec20d4 | 475 | } else if (STR_IN_SET(name, "CPUShares", "StartupCPUShares")) { |
d53d9474 | 476 | uint64_t shares; |
b42defe3 | 477 | |
d53d9474 | 478 | r = sd_bus_message_read(message, "t", &shares); |
718db961 LP |
479 | if (r < 0) |
480 | return r; | |
b42defe3 | 481 | |
d53d9474 | 482 | if (!CGROUP_CPU_SHARES_IS_OK(shares)) |
13ec20d4 | 483 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= value out of range", name); |
b42defe3 | 484 | |
2e59b241 | 485 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
13ec20d4 YW |
486 | if (streq(name, "CPUShares")) |
487 | c->cpu_shares = shares; | |
488 | else /* "StartupCPUShares" */ | |
489 | c->startup_cpu_shares = shares; | |
95ae05c0 | 490 | |
e7ab4d1a | 491 | unit_invalidate_cgroup(u, CGROUP_MASK_CPU); |
d53d9474 LP |
492 | |
493 | if (shares == CGROUP_CPU_SHARES_INVALID) | |
13ec20d4 | 494 | unit_write_settingf(u, flags, name, "%s=", name); |
d53d9474 | 495 | else |
13ec20d4 | 496 | unit_write_settingf(u, flags, name, "%s=%" PRIu64, name, shares); |
95ae05c0 WC |
497 | } |
498 | ||
499 | return 1; | |
500 | ||
b2f8b02e LP |
501 | } else if (streq(name, "CPUQuotaPerSecUSec")) { |
502 | uint64_t u64; | |
503 | ||
504 | r = sd_bus_message_read(message, "t", &u64); | |
505 | if (r < 0) | |
506 | return r; | |
507 | ||
508 | if (u64 <= 0) | |
e74f76ca | 509 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "CPUQuotaPerSecUSec= value out of range"); |
b2f8b02e | 510 | |
2e59b241 | 511 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
b2f8b02e | 512 | c->cpu_quota_per_sec_usec = u64; |
e7ab4d1a | 513 | unit_invalidate_cgroup(u, CGROUP_MASK_CPU); |
2e59b241 | 514 | |
d4bf82fc | 515 | if (c->cpu_quota_per_sec_usec == USEC_INFINITY) |
2e59b241 | 516 | unit_write_setting(u, flags, "CPUQuota", "CPUQuota="); |
d4bf82fc | 517 | else |
2e59b241 LP |
518 | /* config_parse_cpu_quota() requires an integer, so truncating division is used on |
519 | * purpose here. */ | |
520 | unit_write_settingf(u, flags, "CPUQuota", | |
521 | "CPUQuota=%0.f%%", | |
522 | (double) (c->cpu_quota_per_sec_usec / 10000)); | |
b2f8b02e LP |
523 | } |
524 | ||
525 | return 1; | |
526 | ||
13c31542 TH |
527 | } else if (streq(name, "IOAccounting")) { |
528 | int b; | |
529 | ||
530 | r = sd_bus_message_read(message, "b", &b); | |
531 | if (r < 0) | |
532 | return r; | |
533 | ||
2e59b241 | 534 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
13c31542 TH |
535 | c->io_accounting = b; |
536 | unit_invalidate_cgroup(u, CGROUP_MASK_IO); | |
2e59b241 | 537 | unit_write_settingf(u, flags, name, "IOAccounting=%s", yes_no(b)); |
13c31542 TH |
538 | } |
539 | ||
540 | return 1; | |
541 | ||
13ec20d4 | 542 | } else if (STR_IN_SET(name, "IOWeight", "StartupIOWeight")) { |
13c31542 TH |
543 | uint64_t weight; |
544 | ||
545 | r = sd_bus_message_read(message, "t", &weight); | |
546 | if (r < 0) | |
547 | return r; | |
548 | ||
549 | if (!CGROUP_WEIGHT_IS_OK(weight)) | |
13ec20d4 | 550 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= value out of range", name); |
13c31542 | 551 | |
2e59b241 | 552 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
13ec20d4 YW |
553 | if (streq(name, "IOWeight")) |
554 | c->io_weight = weight; | |
555 | else /* "StartupIOWeight" */ | |
556 | c->startup_io_weight = weight; | |
13c31542 | 557 | |
13c31542 TH |
558 | unit_invalidate_cgroup(u, CGROUP_MASK_IO); |
559 | ||
560 | if (weight == CGROUP_WEIGHT_INVALID) | |
13ec20d4 | 561 | unit_write_settingf(u, flags, name, "%s=", name); |
13c31542 | 562 | else |
13ec20d4 | 563 | unit_write_settingf(u, flags, name, "%s=%" PRIu64, name, weight); |
13c31542 TH |
564 | } |
565 | ||
566 | return 1; | |
567 | ||
9be57249 | 568 | } else if ((iol_type = cgroup_io_limit_type_from_string(name)) >= 0) { |
13c31542 | 569 | const char *path; |
13c31542 TH |
570 | unsigned n = 0; |
571 | uint64_t u64; | |
572 | ||
13c31542 TH |
573 | r = sd_bus_message_enter_container(message, 'a', "(st)"); |
574 | if (r < 0) | |
575 | return r; | |
576 | ||
577 | while ((r = sd_bus_message_read(message, "(st)", &path, &u64)) > 0) { | |
578 | ||
32048f54 YW |
579 | if (!path_startswith(path, "/dev") && |
580 | !path_startswith(path, "/run/systemd/inaccessible/")) | |
d9f7305f YW |
581 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path %s specified in %s= is not a device file in /dev", name, path); |
582 | ||
2e59b241 | 583 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
13c31542 TH |
584 | CGroupIODeviceLimit *a = NULL, *b; |
585 | ||
586 | LIST_FOREACH(device_limits, b, c->io_device_limits) { | |
587 | if (path_equal(path, b->path)) { | |
588 | a = b; | |
589 | break; | |
590 | } | |
591 | } | |
592 | ||
593 | if (!a) { | |
9be57249 TH |
594 | CGroupIOLimitType type; |
595 | ||
13c31542 TH |
596 | a = new0(CGroupIODeviceLimit, 1); |
597 | if (!a) | |
598 | return -ENOMEM; | |
599 | ||
600 | a->path = strdup(path); | |
601 | if (!a->path) { | |
602 | free(a); | |
603 | return -ENOMEM; | |
604 | } | |
605 | ||
9be57249 TH |
606 | for (type = 0; type < _CGROUP_IO_LIMIT_TYPE_MAX; type++) |
607 | a->limits[type] = cgroup_io_limit_defaults[type]; | |
13c31542 TH |
608 | |
609 | LIST_PREPEND(device_limits, c->io_device_limits, a); | |
610 | } | |
611 | ||
9be57249 | 612 | a->limits[iol_type] = u64; |
13c31542 TH |
613 | } |
614 | ||
615 | n++; | |
616 | } | |
617 | if (r < 0) | |
618 | return r; | |
619 | ||
620 | r = sd_bus_message_exit_container(message); | |
621 | if (r < 0) | |
622 | return r; | |
623 | ||
2e59b241 | 624 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
13c31542 TH |
625 | CGroupIODeviceLimit *a; |
626 | _cleanup_free_ char *buf = NULL; | |
627 | _cleanup_fclose_ FILE *f = NULL; | |
628 | size_t size = 0; | |
629 | ||
630 | if (n == 0) { | |
631 | LIST_FOREACH(device_limits, a, c->io_device_limits) | |
9be57249 | 632 | a->limits[iol_type] = cgroup_io_limit_defaults[iol_type]; |
13c31542 TH |
633 | } |
634 | ||
635 | unit_invalidate_cgroup(u, CGROUP_MASK_IO); | |
636 | ||
637 | f = open_memstream(&buf, &size); | |
638 | if (!f) | |
639 | return -ENOMEM; | |
640 | ||
0d536673 LP |
641 | (void) __fsetlocking(f, FSETLOCKING_BYCALLER); |
642 | ||
9be57249 TH |
643 | fprintf(f, "%s=\n", name); |
644 | LIST_FOREACH(device_limits, a, c->io_device_limits) | |
645 | if (a->limits[iol_type] != cgroup_io_limit_defaults[iol_type]) | |
646 | fprintf(f, "%s=%s %" PRIu64 "\n", name, a->path, a->limits[iol_type]); | |
13c31542 TH |
647 | |
648 | r = fflush_and_check(f); | |
649 | if (r < 0) | |
650 | return r; | |
2e59b241 | 651 | unit_write_setting(u, flags, name, buf); |
13c31542 TH |
652 | } |
653 | ||
654 | return 1; | |
655 | ||
656 | } else if (streq(name, "IODeviceWeight")) { | |
657 | const char *path; | |
658 | uint64_t weight; | |
659 | unsigned n = 0; | |
660 | ||
661 | r = sd_bus_message_enter_container(message, 'a', "(st)"); | |
662 | if (r < 0) | |
663 | return r; | |
664 | ||
665 | while ((r = sd_bus_message_read(message, "(st)", &path, &weight)) > 0) { | |
666 | ||
32048f54 YW |
667 | if (!path_startswith(path, "/dev") && |
668 | !path_startswith(path, "/run/systemd/inaccessible/")) | |
d9f7305f YW |
669 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path %s specified in %s= is not a device file in /dev", name, path); |
670 | ||
13c31542 | 671 | if (!CGROUP_WEIGHT_IS_OK(weight) || weight == CGROUP_WEIGHT_INVALID) |
e74f76ca | 672 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "IODeviceWeight= value out of range"); |
13c31542 | 673 | |
2e59b241 | 674 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
13c31542 TH |
675 | CGroupIODeviceWeight *a = NULL, *b; |
676 | ||
677 | LIST_FOREACH(device_weights, b, c->io_device_weights) { | |
678 | if (path_equal(b->path, path)) { | |
679 | a = b; | |
680 | break; | |
681 | } | |
682 | } | |
683 | ||
684 | if (!a) { | |
685 | a = new0(CGroupIODeviceWeight, 1); | |
686 | if (!a) | |
687 | return -ENOMEM; | |
688 | ||
689 | a->path = strdup(path); | |
690 | if (!a->path) { | |
691 | free(a); | |
692 | return -ENOMEM; | |
693 | } | |
fffbc1dc | 694 | LIST_PREPEND(device_weights, c->io_device_weights, a); |
13c31542 TH |
695 | } |
696 | ||
697 | a->weight = weight; | |
698 | } | |
699 | ||
700 | n++; | |
701 | } | |
702 | ||
703 | r = sd_bus_message_exit_container(message); | |
704 | if (r < 0) | |
705 | return r; | |
706 | ||
2e59b241 | 707 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
13c31542 TH |
708 | _cleanup_free_ char *buf = NULL; |
709 | _cleanup_fclose_ FILE *f = NULL; | |
710 | CGroupIODeviceWeight *a; | |
711 | size_t size = 0; | |
712 | ||
713 | if (n == 0) { | |
714 | while (c->io_device_weights) | |
715 | cgroup_context_free_io_device_weight(c, c->io_device_weights); | |
716 | } | |
717 | ||
718 | unit_invalidate_cgroup(u, CGROUP_MASK_IO); | |
719 | ||
720 | f = open_memstream(&buf, &size); | |
721 | if (!f) | |
722 | return -ENOMEM; | |
723 | ||
0d536673 LP |
724 | (void) __fsetlocking(f, FSETLOCKING_BYCALLER); |
725 | ||
726 | fputs("IODeviceWeight=\n", f); | |
13c31542 TH |
727 | LIST_FOREACH(device_weights, a, c->io_device_weights) |
728 | fprintf(f, "IODeviceWeight=%s %" PRIu64 "\n", a->path, a->weight); | |
729 | ||
730 | r = fflush_and_check(f); | |
731 | if (r < 0) | |
732 | return r; | |
2e59b241 | 733 | unit_write_setting(u, flags, name, buf); |
13c31542 TH |
734 | } |
735 | ||
736 | return 1; | |
737 | ||
8e2af478 | 738 | } else if (streq(name, "BlockIOAccounting")) { |
718db961 | 739 | int b; |
8e2af478 | 740 | |
718db961 LP |
741 | r = sd_bus_message_read(message, "b", &b); |
742 | if (r < 0) | |
743 | return r; | |
8e2af478 | 744 | |
2e59b241 | 745 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
8e2af478 | 746 | c->blockio_accounting = b; |
e7ab4d1a | 747 | unit_invalidate_cgroup(u, CGROUP_MASK_BLKIO); |
2e59b241 | 748 | unit_write_settingf(u, flags, name, "BlockIOAccounting=%s", yes_no(b)); |
8e2af478 LP |
749 | } |
750 | ||
751 | return 1; | |
b42defe3 | 752 | |
13ec20d4 | 753 | } else if (STR_IN_SET(name, "BlockIOWeight", "StartupBlockIOWeight")) { |
d53d9474 | 754 | uint64_t weight; |
b42defe3 | 755 | |
d53d9474 | 756 | r = sd_bus_message_read(message, "t", &weight); |
718db961 LP |
757 | if (r < 0) |
758 | return r; | |
b42defe3 | 759 | |
d53d9474 | 760 | if (!CGROUP_BLKIO_WEIGHT_IS_OK(weight)) |
13ec20d4 | 761 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= value out of range", name); |
b42defe3 | 762 | |
2e59b241 | 763 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
13ec20d4 YW |
764 | if (streq(name, "BlockIOWeight")) |
765 | c->blockio_weight = weight; | |
766 | else /* "StartupBlockIOWeight" */ | |
767 | c->startup_blockio_weight = weight; | |
95ae05c0 | 768 | |
e7ab4d1a | 769 | unit_invalidate_cgroup(u, CGROUP_MASK_BLKIO); |
d53d9474 LP |
770 | |
771 | if (weight == CGROUP_BLKIO_WEIGHT_INVALID) | |
13ec20d4 | 772 | unit_write_settingf(u, flags, name, "%s=", name); |
d53d9474 | 773 | else |
13ec20d4 | 774 | unit_write_settingf(u, flags, name, "%s=%" PRIu64, name, weight); |
95ae05c0 WC |
775 | } |
776 | ||
777 | return 1; | |
b42defe3 | 778 | |
cd0a7a8e | 779 | } else if (STR_IN_SET(name, "BlockIOReadBandwidth", "BlockIOWriteBandwidth")) { |
718db961 | 780 | const char *path; |
f004c2ca | 781 | bool read = true; |
718db961 LP |
782 | unsigned n = 0; |
783 | uint64_t u64; | |
f004c2ca G |
784 | |
785 | if (streq(name, "BlockIOWriteBandwidth")) | |
786 | read = false; | |
787 | ||
718db961 LP |
788 | r = sd_bus_message_enter_container(message, 'a', "(st)"); |
789 | if (r < 0) | |
790 | return r; | |
f004c2ca | 791 | |
718db961 | 792 | while ((r = sd_bus_message_read(message, "(st)", &path, &u64)) > 0) { |
f004c2ca | 793 | |
32048f54 YW |
794 | if (!path_startswith(path, "/dev") && |
795 | !path_startswith(path, "/run/systemd/inaccessible/")) | |
d9f7305f YW |
796 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path %s specified in %s= is not a device file in /dev", name, path); |
797 | ||
2e59b241 | 798 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
718db961 | 799 | CGroupBlockIODeviceBandwidth *a = NULL, *b; |
f004c2ca G |
800 | |
801 | LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths) { | |
979d0311 | 802 | if (path_equal(path, b->path)) { |
f004c2ca | 803 | a = b; |
f004c2ca G |
804 | break; |
805 | } | |
806 | } | |
807 | ||
718db961 | 808 | if (!a) { |
f004c2ca G |
809 | a = new0(CGroupBlockIODeviceBandwidth, 1); |
810 | if (!a) | |
811 | return -ENOMEM; | |
812 | ||
979d0311 TH |
813 | a->rbps = CGROUP_LIMIT_MAX; |
814 | a->wbps = CGROUP_LIMIT_MAX; | |
f004c2ca G |
815 | a->path = strdup(path); |
816 | if (!a->path) { | |
817 | free(a); | |
818 | return -ENOMEM; | |
819 | } | |
718db961 LP |
820 | |
821 | LIST_PREPEND(device_bandwidths, c->blockio_device_bandwidths, a); | |
f004c2ca G |
822 | } |
823 | ||
979d0311 TH |
824 | if (read) |
825 | a->rbps = u64; | |
826 | else | |
827 | a->wbps = u64; | |
f004c2ca G |
828 | } |
829 | ||
830 | n++; | |
f004c2ca | 831 | } |
718db961 LP |
832 | if (r < 0) |
833 | return r; | |
f004c2ca | 834 | |
9c96019d LP |
835 | r = sd_bus_message_exit_container(message); |
836 | if (r < 0) | |
837 | return r; | |
838 | ||
2e59b241 | 839 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
979d0311 | 840 | CGroupBlockIODeviceBandwidth *a; |
f004c2ca G |
841 | _cleanup_free_ char *buf = NULL; |
842 | _cleanup_fclose_ FILE *f = NULL; | |
f004c2ca G |
843 | size_t size = 0; |
844 | ||
845 | if (n == 0) { | |
979d0311 TH |
846 | LIST_FOREACH(device_bandwidths, a, c->blockio_device_bandwidths) { |
847 | if (read) | |
848 | a->rbps = CGROUP_LIMIT_MAX; | |
849 | else | |
850 | a->wbps = CGROUP_LIMIT_MAX; | |
851 | } | |
f004c2ca G |
852 | } |
853 | ||
e7ab4d1a | 854 | unit_invalidate_cgroup(u, CGROUP_MASK_BLKIO); |
3051f187 | 855 | |
f004c2ca G |
856 | f = open_memstream(&buf, &size); |
857 | if (!f) | |
858 | return -ENOMEM; | |
859 | ||
0d536673 LP |
860 | (void) __fsetlocking(f, FSETLOCKING_BYCALLER); |
861 | ||
7d6884b6 | 862 | if (read) { |
0d536673 | 863 | fputs("BlockIOReadBandwidth=\n", f); |
7d6884b6 | 864 | LIST_FOREACH(device_bandwidths, a, c->blockio_device_bandwidths) |
979d0311 TH |
865 | if (a->rbps != CGROUP_LIMIT_MAX) |
866 | fprintf(f, "BlockIOReadBandwidth=%s %" PRIu64 "\n", a->path, a->rbps); | |
f004c2ca | 867 | } else { |
0d536673 | 868 | fputs("BlockIOWriteBandwidth=\n", f); |
f004c2ca | 869 | LIST_FOREACH(device_bandwidths, a, c->blockio_device_bandwidths) |
979d0311 TH |
870 | if (a->wbps != CGROUP_LIMIT_MAX) |
871 | fprintf(f, "BlockIOWriteBandwidth=%s %" PRIu64 "\n", a->path, a->wbps); | |
f004c2ca G |
872 | } |
873 | ||
1f2f874c NC |
874 | r = fflush_and_check(f); |
875 | if (r < 0) | |
876 | return r; | |
2e59b241 LP |
877 | |
878 | unit_write_setting(u, flags, name, buf); | |
6f68ecb4 G |
879 | } |
880 | ||
881 | return 1; | |
882 | ||
883 | } else if (streq(name, "BlockIODeviceWeight")) { | |
718db961 | 884 | const char *path; |
d53d9474 | 885 | uint64_t weight; |
6f68ecb4 G |
886 | unsigned n = 0; |
887 | ||
718db961 LP |
888 | r = sd_bus_message_enter_container(message, 'a', "(st)"); |
889 | if (r < 0) | |
890 | return r; | |
6f68ecb4 | 891 | |
d53d9474 | 892 | while ((r = sd_bus_message_read(message, "(st)", &path, &weight)) > 0) { |
6f68ecb4 | 893 | |
32048f54 YW |
894 | if (!path_startswith(path, "/dev") && |
895 | !path_startswith(path, "/run/systemd/inaccessible/")) | |
d9f7305f YW |
896 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path %s specified in %s= is not a device file in /dev", name, path); |
897 | ||
d53d9474 | 898 | if (!CGROUP_BLKIO_WEIGHT_IS_OK(weight) || weight == CGROUP_BLKIO_WEIGHT_INVALID) |
e74f76ca | 899 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "BlockIODeviceWeight= out of range"); |
6f68ecb4 | 900 | |
2e59b241 | 901 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
718db961 | 902 | CGroupBlockIODeviceWeight *a = NULL, *b; |
6f68ecb4 G |
903 | |
904 | LIST_FOREACH(device_weights, b, c->blockio_device_weights) { | |
905 | if (path_equal(b->path, path)) { | |
906 | a = b; | |
6f68ecb4 G |
907 | break; |
908 | } | |
909 | } | |
910 | ||
718db961 | 911 | if (!a) { |
6f68ecb4 G |
912 | a = new0(CGroupBlockIODeviceWeight, 1); |
913 | if (!a) | |
914 | return -ENOMEM; | |
915 | ||
916 | a->path = strdup(path); | |
917 | if (!a->path) { | |
918 | free(a); | |
919 | return -ENOMEM; | |
920 | } | |
fffbc1dc | 921 | LIST_PREPEND(device_weights, c->blockio_device_weights, a); |
6f68ecb4 G |
922 | } |
923 | ||
d53d9474 | 924 | a->weight = weight; |
6f68ecb4 G |
925 | } |
926 | ||
927 | n++; | |
6f68ecb4 G |
928 | } |
929 | ||
9c96019d LP |
930 | r = sd_bus_message_exit_container(message); |
931 | if (r < 0) | |
932 | return r; | |
933 | ||
2e59b241 | 934 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
6f68ecb4 G |
935 | _cleanup_free_ char *buf = NULL; |
936 | _cleanup_fclose_ FILE *f = NULL; | |
937 | CGroupBlockIODeviceWeight *a; | |
938 | size_t size = 0; | |
939 | ||
940 | if (n == 0) { | |
941 | while (c->blockio_device_weights) | |
942 | cgroup_context_free_blockio_device_weight(c, c->blockio_device_weights); | |
943 | } | |
944 | ||
e7ab4d1a | 945 | unit_invalidate_cgroup(u, CGROUP_MASK_BLKIO); |
3051f187 | 946 | |
6f68ecb4 G |
947 | f = open_memstream(&buf, &size); |
948 | if (!f) | |
949 | return -ENOMEM; | |
950 | ||
0d536673 LP |
951 | (void) __fsetlocking(f, FSETLOCKING_BYCALLER); |
952 | ||
953 | fputs("BlockIODeviceWeight=\n", f); | |
6f68ecb4 | 954 | LIST_FOREACH(device_weights, a, c->blockio_device_weights) |
d53d9474 | 955 | fprintf(f, "BlockIODeviceWeight=%s %" PRIu64 "\n", a->path, a->weight); |
6f68ecb4 | 956 | |
1f2f874c NC |
957 | r = fflush_and_check(f); |
958 | if (r < 0) | |
959 | return r; | |
2e59b241 LP |
960 | |
961 | unit_write_setting(u, flags, name, buf); | |
f004c2ca G |
962 | } |
963 | ||
964 | return 1; | |
965 | ||
8e2af478 | 966 | } else if (streq(name, "MemoryAccounting")) { |
718db961 | 967 | int b; |
8e2af478 | 968 | |
718db961 LP |
969 | r = sd_bus_message_read(message, "b", &b); |
970 | if (r < 0) | |
971 | return r; | |
8e2af478 | 972 | |
2e59b241 | 973 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
b42defe3 | 974 | c->memory_accounting = b; |
e7ab4d1a | 975 | unit_invalidate_cgroup(u, CGROUP_MASK_MEMORY); |
2e59b241 | 976 | unit_write_settingf(u, flags, name, "MemoryAccounting=%s", yes_no(b)); |
8e2af478 LP |
977 | } |
978 | ||
979 | return 1; | |
8e2af478 | 980 | |
13ec20d4 | 981 | } else if (STR_IN_SET(name, "MemoryLow", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryLimit")) { |
da4d897e TH |
982 | uint64_t v; |
983 | ||
984 | r = sd_bus_message_read(message, "t", &v); | |
985 | if (r < 0) | |
986 | return r; | |
cd0a7a8e | 987 | if (v <= 0) |
e74f76ca | 988 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= is too small", name); |
da4d897e | 989 | |
2e59b241 | 990 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
da4d897e TH |
991 | if (streq(name, "MemoryLow")) |
992 | c->memory_low = v; | |
993 | else if (streq(name, "MemoryHigh")) | |
994 | c->memory_high = v; | |
96e131ea WC |
995 | else if (streq(name, "MemorySwapMax")) |
996 | c->memory_swap_max = v; | |
13ec20d4 | 997 | else if (streq(name, "MemoryMax")) |
da4d897e | 998 | c->memory_max = v; |
13ec20d4 YW |
999 | else /* "MemoryLimit" */ |
1000 | c->memory_limit = v; | |
da4d897e TH |
1001 | |
1002 | unit_invalidate_cgroup(u, CGROUP_MASK_MEMORY); | |
1003 | ||
1004 | if (v == CGROUP_LIMIT_MAX) | |
2e59b241 | 1005 | unit_write_settingf(u, flags, name, "%s=infinity", name); |
da4d897e | 1006 | else |
2e59b241 | 1007 | unit_write_settingf(u, flags, name, "%s=%" PRIu64, name, v); |
da4d897e TH |
1008 | } |
1009 | ||
1010 | return 1; | |
1011 | ||
13ec20d4 | 1012 | } else if (STR_IN_SET(name, "MemoryLowScale", "MemoryHighScale", "MemoryMaxScale", "MemorySwapMaxScale", "MemoryLimitScale")) { |
d58d600e LP |
1013 | uint32_t raw; |
1014 | uint64_t v; | |
1015 | ||
1016 | r = sd_bus_message_read(message, "u", &raw); | |
1017 | if (r < 0) | |
1018 | return r; | |
1019 | ||
1020 | v = physical_memory_scale(raw, UINT32_MAX); | |
1021 | if (v <= 0 || v == UINT64_MAX) | |
e74f76ca | 1022 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= is out of range", name); |
d58d600e | 1023 | |
2e59b241 | 1024 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
d58d600e LP |
1025 | const char *e; |
1026 | ||
1027 | /* Chop off suffix */ | |
f7903e8d | 1028 | assert_se(e = endswith(name, "Scale")); |
d58d600e LP |
1029 | name = strndupa(name, e - name); |
1030 | ||
1031 | if (streq(name, "MemoryLow")) | |
1032 | c->memory_low = v; | |
1033 | else if (streq(name, "MemoryHigh")) | |
1034 | c->memory_high = v; | |
13ec20d4 | 1035 | else if (streq(name, "MemorySwapMax")) |
66a892ae | 1036 | c->memory_swap_max = v; |
13ec20d4 | 1037 | else if (streq(name, "MemoryMax")) |
d58d600e | 1038 | c->memory_max = v; |
13ec20d4 YW |
1039 | else /* "MemoryLimit" */ |
1040 | c->memory_limit = v; | |
d58d600e LP |
1041 | |
1042 | unit_invalidate_cgroup(u, CGROUP_MASK_MEMORY); | |
2e59b241 LP |
1043 | unit_write_settingf(u, flags, name, "%s=%" PRIu32 "%%", name, |
1044 | (uint32_t) (DIV_ROUND_UP((uint64_t) raw * 100U, (uint64_t) UINT32_MAX))); | |
d58d600e LP |
1045 | } |
1046 | ||
1047 | return 1; | |
1048 | ||
7041efe9 LP |
1049 | } else if (streq(name, "DevicePolicy")) { |
1050 | const char *policy; | |
1051 | CGroupDevicePolicy p; | |
1052 | ||
718db961 LP |
1053 | r = sd_bus_message_read(message, "s", &policy); |
1054 | if (r < 0) | |
1055 | return r; | |
7041efe9 | 1056 | |
7041efe9 LP |
1057 | p = cgroup_device_policy_from_string(policy); |
1058 | if (p < 0) | |
1059 | return -EINVAL; | |
1060 | ||
2e59b241 | 1061 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
7041efe9 | 1062 | c->device_policy = p; |
e7ab4d1a | 1063 | unit_invalidate_cgroup(u, CGROUP_MASK_DEVICES); |
2e59b241 | 1064 | unit_write_settingf(u, flags, name, "DevicePolicy=%s", policy); |
7041efe9 LP |
1065 | } |
1066 | ||
1067 | return 1; | |
1068 | ||
1069 | } else if (streq(name, "DeviceAllow")) { | |
718db961 | 1070 | const char *path, *rwm; |
7041efe9 LP |
1071 | unsigned n = 0; |
1072 | ||
718db961 LP |
1073 | r = sd_bus_message_enter_container(message, 'a', "(ss)"); |
1074 | if (r < 0) | |
1075 | return r; | |
7041efe9 | 1076 | |
718db961 | 1077 | while ((r = sd_bus_message_read(message, "(ss)", &path, &rwm)) > 0) { |
7041efe9 | 1078 | |
d9f7305f YW |
1079 | if ((!is_deviceallow_pattern(path) && |
1080 | !path_startswith(path, "/run/systemd/inaccessible/")) || | |
90060676 | 1081 | strpbrk(path, WHITESPACE)) |
e74f76ca | 1082 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "DeviceAllow= requires device node"); |
7041efe9 LP |
1083 | |
1084 | if (isempty(rwm)) | |
1085 | rwm = "rwm"; | |
1086 | ||
718db961 | 1087 | if (!in_charset(rwm, "rwm")) |
e74f76ca | 1088 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "DeviceAllow= requires combination of rwm flags"); |
7041efe9 | 1089 | |
2e59b241 | 1090 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
718db961 | 1091 | CGroupDeviceAllow *a = NULL, *b; |
ad7bfffd G |
1092 | |
1093 | LIST_FOREACH(device_allow, b, c->device_allow) { | |
06eb4e3b | 1094 | if (path_equal(b->path, path)) { |
ad7bfffd | 1095 | a = b; |
ad7bfffd G |
1096 | break; |
1097 | } | |
1098 | } | |
1099 | ||
718db961 | 1100 | if (!a) { |
ad7bfffd G |
1101 | a = new0(CGroupDeviceAllow, 1); |
1102 | if (!a) | |
1103 | return -ENOMEM; | |
1104 | ||
1105 | a->path = strdup(path); | |
1106 | if (!a->path) { | |
1107 | free(a); | |
1108 | return -ENOMEM; | |
1109 | } | |
718db961 LP |
1110 | |
1111 | LIST_PREPEND(device_allow, c->device_allow, a); | |
7041efe9 LP |
1112 | } |
1113 | ||
1114 | a->r = !!strchr(rwm, 'r'); | |
1115 | a->w = !!strchr(rwm, 'w'); | |
1116 | a->m = !!strchr(rwm, 'm'); | |
7041efe9 LP |
1117 | } |
1118 | ||
c2756a68 | 1119 | n++; |
7041efe9 | 1120 | } |
43a99a7a LP |
1121 | if (r < 0) |
1122 | return r; | |
7041efe9 | 1123 | |
9c96019d LP |
1124 | r = sd_bus_message_exit_container(message); |
1125 | if (r < 0) | |
1126 | return r; | |
1127 | ||
2e59b241 | 1128 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
7041efe9 LP |
1129 | _cleanup_free_ char *buf = NULL; |
1130 | _cleanup_fclose_ FILE *f = NULL; | |
1131 | CGroupDeviceAllow *a; | |
1132 | size_t size = 0; | |
1133 | ||
1134 | if (n == 0) { | |
1135 | while (c->device_allow) | |
1136 | cgroup_context_free_device_allow(c, c->device_allow); | |
1137 | } | |
1138 | ||
e7ab4d1a | 1139 | unit_invalidate_cgroup(u, CGROUP_MASK_DEVICES); |
3051f187 | 1140 | |
7041efe9 LP |
1141 | f = open_memstream(&buf, &size); |
1142 | if (!f) | |
1143 | return -ENOMEM; | |
1144 | ||
0d536673 LP |
1145 | (void) __fsetlocking(f, FSETLOCKING_BYCALLER); |
1146 | ||
1147 | fputs("DeviceAllow=\n", f); | |
7041efe9 LP |
1148 | LIST_FOREACH(device_allow, a, c->device_allow) |
1149 | fprintf(f, "DeviceAllow=%s %s%s%s\n", a->path, a->r ? "r" : "", a->w ? "w" : "", a->m ? "m" : ""); | |
1150 | ||
1f2f874c NC |
1151 | r = fflush_and_check(f); |
1152 | if (r < 0) | |
1153 | return r; | |
2e59b241 | 1154 | unit_write_setting(u, flags, name, buf); |
7041efe9 LP |
1155 | } |
1156 | ||
b42defe3 | 1157 | return 1; |
a931ad47 | 1158 | |
03a7b521 LP |
1159 | } else if (streq(name, "TasksAccounting")) { |
1160 | int b; | |
1161 | ||
1162 | r = sd_bus_message_read(message, "b", &b); | |
1163 | if (r < 0) | |
1164 | return r; | |
1165 | ||
2e59b241 | 1166 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
03a7b521 | 1167 | c->tasks_accounting = b; |
e7ab4d1a | 1168 | unit_invalidate_cgroup(u, CGROUP_MASK_PIDS); |
2e59b241 | 1169 | unit_write_settingf(u, flags, name, "TasksAccounting=%s", yes_no(b)); |
03a7b521 LP |
1170 | } |
1171 | ||
1172 | return 1; | |
1173 | ||
1174 | } else if (streq(name, "TasksMax")) { | |
1175 | uint64_t limit; | |
1176 | ||
1177 | r = sd_bus_message_read(message, "t", &limit); | |
1178 | if (r < 0) | |
1179 | return r; | |
83f8e808 | 1180 | if (limit <= 0) |
e74f76ca | 1181 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= is too small", name); |
03a7b521 | 1182 | |
2e59b241 | 1183 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
03a7b521 | 1184 | c->tasks_max = limit; |
e7ab4d1a | 1185 | unit_invalidate_cgroup(u, CGROUP_MASK_PIDS); |
03a7b521 LP |
1186 | |
1187 | if (limit == (uint64_t) -1) | |
2e59b241 | 1188 | unit_write_setting(u, flags, name, "TasksMax=infinity"); |
03a7b521 | 1189 | else |
2e59b241 | 1190 | unit_write_settingf(u, flags, name, "TasksMax=%" PRIu64, limit); |
03a7b521 LP |
1191 | } |
1192 | ||
83f8e808 | 1193 | return 1; |
3dc5ca97 | 1194 | |
83f8e808 LP |
1195 | } else if (streq(name, "TasksMaxScale")) { |
1196 | uint64_t limit; | |
1197 | uint32_t raw; | |
1198 | ||
1199 | r = sd_bus_message_read(message, "u", &raw); | |
1200 | if (r < 0) | |
1201 | return r; | |
1202 | ||
1203 | limit = system_tasks_max_scale(raw, UINT32_MAX); | |
1204 | if (limit <= 0 || limit >= UINT64_MAX) | |
e74f76ca | 1205 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= is out of range", name); |
83f8e808 | 1206 | |
2e59b241 | 1207 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
83f8e808 LP |
1208 | c->tasks_max = limit; |
1209 | unit_invalidate_cgroup(u, CGROUP_MASK_PIDS); | |
2e59b241 LP |
1210 | unit_write_settingf(u, flags, name, "TasksMax=%" PRIu32 "%%", |
1211 | (uint32_t) (DIV_ROUND_UP((uint64_t) raw * 100U, (uint64_t) UINT32_MAX))); | |
83f8e808 LP |
1212 | } |
1213 | ||
3dc5ca97 LP |
1214 | return 1; |
1215 | ||
1216 | } else if (streq(name, "IPAccounting")) { | |
1217 | int b; | |
1218 | ||
1219 | r = sd_bus_message_read(message, "b", &b); | |
1220 | if (r < 0) | |
1221 | return r; | |
1222 | ||
2e59b241 | 1223 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
3dc5ca97 LP |
1224 | c->ip_accounting = b; |
1225 | ||
1226 | unit_invalidate_cgroup_bpf(u); | |
2e59b241 | 1227 | unit_write_settingf(u, flags, name, "IPAccounting=%s", yes_no(b)); |
3dc5ca97 LP |
1228 | } |
1229 | ||
1230 | return 1; | |
1231 | ||
1232 | } else if (STR_IN_SET(name, "IPAddressAllow", "IPAddressDeny")) { | |
1233 | IPAddressAccessItem **list; | |
1234 | size_t n = 0; | |
1235 | ||
1236 | list = streq(name, "IPAddressAllow") ? &c->ip_address_allow : &c->ip_address_deny; | |
1237 | ||
1238 | r = sd_bus_message_enter_container(message, 'a', "(iayu)"); | |
1239 | if (r < 0) | |
1240 | return r; | |
1241 | ||
1242 | for (;;) { | |
1243 | const void *ap; | |
1244 | int32_t family; | |
1245 | uint32_t prefixlen; | |
1246 | size_t an; | |
1247 | ||
1248 | r = sd_bus_message_enter_container(message, 'r', "iayu"); | |
1249 | if (r < 0) | |
1250 | return r; | |
1251 | if (r == 0) | |
1252 | break; | |
1253 | ||
1254 | r = sd_bus_message_read(message, "i", &family); | |
1255 | if (r < 0) | |
1256 | return r; | |
1257 | ||
1258 | if (!IN_SET(family, AF_INET, AF_INET6)) | |
e74f76ca | 1259 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects IPv4 or IPv6 addresses only.", name); |
3dc5ca97 LP |
1260 | |
1261 | r = sd_bus_message_read_array(message, 'y', &ap, &an); | |
1262 | if (r < 0) | |
1263 | return r; | |
1264 | ||
1265 | if (an != FAMILY_ADDRESS_SIZE(family)) | |
e74f76ca | 1266 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "IP address has wrong size for family (%s, expected %zu, got %zu)", |
3dc5ca97 LP |
1267 | af_to_name(family), FAMILY_ADDRESS_SIZE(family), an); |
1268 | ||
1269 | r = sd_bus_message_read(message, "u", &prefixlen); | |
1270 | if (r < 0) | |
1271 | return r; | |
1272 | ||
1273 | if (prefixlen > FAMILY_ADDRESS_SIZE(family)*8) | |
e74f76ca | 1274 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Prefix length %" PRIu32 " too large for address family %s.", prefixlen, af_to_name(family)); |
3dc5ca97 | 1275 | |
2e59b241 | 1276 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
3dc5ca97 LP |
1277 | IPAddressAccessItem *item; |
1278 | ||
1279 | item = new0(IPAddressAccessItem, 1); | |
1280 | if (!item) | |
1281 | return -ENOMEM; | |
1282 | ||
1283 | item->family = family; | |
1284 | item->prefixlen = prefixlen; | |
1285 | memcpy(&item->address, ap, an); | |
1286 | ||
1287 | LIST_PREPEND(items, *list, item); | |
1288 | } | |
1289 | ||
1290 | r = sd_bus_message_exit_container(message); | |
1291 | if (r < 0) | |
1292 | return r; | |
1293 | ||
1294 | n++; | |
1295 | } | |
1296 | ||
1297 | r = sd_bus_message_exit_container(message); | |
1298 | if (r < 0) | |
1299 | return r; | |
1300 | ||
1274b6c6 LP |
1301 | *list = ip_address_access_reduce(*list); |
1302 | ||
2e59b241 | 1303 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
3dc5ca97 LP |
1304 | _cleanup_free_ char *buf = NULL; |
1305 | _cleanup_fclose_ FILE *f = NULL; | |
1306 | IPAddressAccessItem *item; | |
1307 | size_t size = 0; | |
1308 | ||
1309 | if (n == 0) | |
1310 | *list = ip_address_access_free_all(*list); | |
1311 | ||
1312 | unit_invalidate_cgroup_bpf(u); | |
1313 | f = open_memstream(&buf, &size); | |
1314 | if (!f) | |
1315 | return -ENOMEM; | |
1316 | ||
0d536673 LP |
1317 | (void) __fsetlocking(f, FSETLOCKING_BYCALLER); |
1318 | ||
1319 | fputs(name, f); | |
1320 | fputs("=\n", f); | |
3dc5ca97 LP |
1321 | |
1322 | LIST_FOREACH(items, item, *list) { | |
1323 | char buffer[CONST_MAX(INET_ADDRSTRLEN, INET6_ADDRSTRLEN)]; | |
1324 | ||
1325 | errno = 0; | |
1326 | if (!inet_ntop(item->family, &item->address, buffer, sizeof(buffer))) | |
1327 | return errno > 0 ? -errno : -EINVAL; | |
1328 | ||
1329 | fprintf(f, "%s=%s/%u\n", name, buffer, item->prefixlen); | |
1330 | } | |
1331 | ||
1332 | r = fflush_and_check(f); | |
1333 | if (r < 0) | |
1334 | return r; | |
2e59b241 LP |
1335 | |
1336 | unit_write_setting(u, flags, name, buf); | |
078ba556 LP |
1337 | |
1338 | if (*list) { | |
1339 | r = bpf_firewall_supported(); | |
1340 | if (r < 0) | |
1341 | return r; | |
ab8519c2 LP |
1342 | if (r == 0) { |
1343 | static bool warned = false; | |
1344 | ||
1345 | log_full(warned ? LOG_DEBUG : LOG_WARNING, | |
1346 | "Transient unit %s configures an IP firewall, but the local system does not support BPF/cgroup firewalling.\n" | |
1347 | "Proceeding WITHOUT firewalling in effect! (This warning is only shown for the first started transient unit using IP firewalling.)", u->id); | |
1348 | ||
1349 | warned = true; | |
1350 | } | |
078ba556 | 1351 | } |
3dc5ca97 LP |
1352 | } |
1353 | ||
03a7b521 | 1354 | return 1; |
a931ad47 LP |
1355 | } |
1356 | ||
13ec20d4 YW |
1357 | if (u->transient && u->load_state == UNIT_STUB) |
1358 | return bus_cgroup_set_transient_property(u, c, name, message, flags, error); | |
8e2af478 LP |
1359 | |
1360 | return 0; | |
1361 | } |