]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/socket.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
core, shared: in deserializing, match same files reached via different paths
[thirdparty/systemd.git] / src / core / socket.c
CommitLineData
d6c9574f 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
5cb5a6ff 2
a7334b09
LP		 3/***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
a7334b09
LP		 11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 16 Lesser General Public License for more details.
a7334b09 17
5430f7f2 18 You should have received a copy of the GNU Lesser General Public License
a7334b09
LP		 19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
83c60c9f
LP		 22#include <sys/types.h>
23#include <sys/stat.h>
24#include <unistd.h>
25#include <errno.h>
26#include <fcntl.h>
f94ea366 27#include <sys/epoll.h>
034c6ed7 28#include <signal.h>
4f2d528d 29#include <arpa/inet.h>
718db961 30#include <netinet/tcp.h>
916abb21 31#include <mqueue.h>
d2edfae0 32#include <sys/xattr.h>
83c60c9f 33
718db961 34#include "sd-event.h"
83c60c9f 35#include "log.h"
23a177ef
LP		 36#include "load-dropin.h"
37#include "load-fragment.h"
9e2f7c11 38#include "strv.h"
49e942b2 39#include "mkdir.h"
9eb977db 40#include "path-util.h"
4f2d528d 41#include "unit-name.h"
41f9172f 42#include "unit-printf.h"
4fd5948e 43#include "missing.h"
a40eb732 44#include "special.h"
e51bc1a2 45#include "label.h"
9a57c629 46#include "exit-status.h"
f6a6225e 47#include "def.h"
5a045dad 48#include "smack-util.h"
718db961
LP		 49#include "bus-util.h"
50#include "bus-error.h"
d7b8eec7 51#include "selinux-util.h"
e821075a
LP		 52#include "dbus-socket.h"
53#include "unit.h"
54#include "socket.h"
83c60c9f 55
acbb0225 56static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
87f0e418
LP		 57 [SOCKET_DEAD] = UNIT_INACTIVE,
58 [SOCKET_START_PRE] = UNIT_ACTIVATING,
3900e5fd 59 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
87f0e418
LP		 60 [SOCKET_START_POST] = UNIT_ACTIVATING,
61 [SOCKET_LISTENING] = UNIT_ACTIVE,
62 [SOCKET_RUNNING] = UNIT_ACTIVE,
63 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
65 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
66 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
80876c20
LP		 67 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
68 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
fdf20a31 69 [SOCKET_FAILED] = UNIT_FAILED
83c60c9f 70};
5cb5a6ff 71
718db961
LP		 72static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
73static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
74
a16e1123
LP		 75static void socket_init(Unit *u) {
76 Socket *s = SOCKET(u);
77
78 assert(u);
ac155bb8 79 assert(u->load_state == UNIT_STUB);
a16e1123 80
a16e1123 81 s->backlog = SOMAXCONN;
1f19a534 82 s->timeout_usec = u->manager->default_timeout_start_usec;
a16e1123 83 s->directory_mode = 0755;
9131f660 84 s->socket_mode = 0666;
a16e1123 85
6cf6bbc2
LP		 86 s->max_connections = 64;
87
4fd5948e 88 s->priority = -1;
4fd5948e
LP		 89 s->ip_tos = -1;
90 s->ip_ttl = -1;
4fd5948e 91 s->mark = -1;
4fd5948e 92
ac155bb8
MS		 93 s->exec_context.std_output = u->manager->default_std_output;
94 s->exec_context.std_error = u->manager->default_std_error;
085afe36 95
a16e1123
LP		 96 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
97}
acbb0225 98
5e94833f
LP		 99static void socket_unwatch_control_pid(Socket *s) {
100 assert(s);
101
102 if (s->control_pid <= 0)
103 return;
104
105 unit_unwatch_pid(UNIT(s), s->control_pid);
106 s->control_pid = 0;
107}
108
74051b9b 109void socket_free_ports(Socket *s) {
034c6ed7
LP		 110 SocketPort *p;
111
112 assert(s);
113
114 while ((p = s->ports)) {
71fda00f 115 LIST_REMOVE(port, s->ports, p);
034c6ed7 116
718db961
LP		 117 sd_event_source_unref(p->event_source);
118
03e334a1 119 safe_close(p->fd);
034c6ed7
LP		 120 free(p->path);
121 free(p);
122 }
74051b9b
LP		 123}
124
125static void socket_done(Unit *u) {
126 Socket *s = SOCKET(u);
127
128 assert(s);
129
130 socket_free_ports(s);
034c6ed7 131
613b411c 132 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
e537352b 133 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
034c6ed7
LP		 134 s->control_command = NULL;
135
5e94833f 136 socket_unwatch_control_pid(s);
034c6ed7 137
57020a3a 138 unit_ref_unset(&s->service);
034c6ed7 139
cebf8b20
TT		 140 free(s->tcp_congestion);
141 s->tcp_congestion = NULL;
142
acbb0225 143 free(s->bind_to_device);
e537352b 144 s->bind_to_device = NULL;
acbb0225 145
0eb59ccf
AK		 146 free(s->smack);
147 free(s->smack_ip_in);
148 free(s->smack_ip_out);
149
811ba7a0
LP		 150 strv_free(s->symlinks);
151
3900e5fd
LP		 152 free(s->user);
153 free(s->group);
154
718db961
LP		 155 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
156}
157
158static int socket_arm_timer(Socket *s) {
159 int r;
160
161 assert(s);
162
163 if (s->timeout_usec <= 0) {
164 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
165 return 0;
166 }
167
168 if (s->timer_event_source) {
169 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
170 if (r < 0)
171 return r;
172
173 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
174 }
175
6a0f1f6d
LP		 176 return sd_event_add_time(
177 UNIT(s)->manager->event,
178 &s->timer_event_source,
179 CLOCK_MONOTONIC,
180 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
181 socket_dispatch_timer, s);
5cb5a6ff
LP		 182}
183
8b835fcc
ZJS		 184int socket_instantiate_service(Socket *s) {
185 _cleanup_free_ char *prefix = NULL, *name = NULL;
b15bdda8
LP		 186 int r;
187 Unit *u;
188
189 assert(s);
190
191 /* This fills in s->service if it isn't filled in yet. For
192 * Accept=yes sockets we create the next connection service
193 * here. For Accept=no this is mostly a NOP since the service
194 * is figured out at load time anyway. */
195
8b835fcc 196 if (UNIT_DEREF(s->service) || !s->accept)
b15bdda8
LP		 197 return 0;
198
315db1a8
ZJS		 199 prefix = unit_name_to_prefix(UNIT(s)->id);
200 if (!prefix)
b15bdda8
LP		 201 return -ENOMEM;
202
315db1a8 203 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
b15bdda8
LP		 204 return -ENOMEM;
205
1124fe6f 206 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
b15bdda8
LP		 207 if (r < 0)
208 return r;
209
ac155bb8 210 u->no_gc = true;
57020a3a
LP		 211 unit_ref_set(&s->service, u);
212
213 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
b15bdda8
LP		 214}
215
4f2d528d
LP		 216static bool have_non_accept_socket(Socket *s) {
217 SocketPort *p;
218
219 assert(s);
220
221 if (!s->accept)
222 return true;
223
dd5ad9d4
LP		 224 LIST_FOREACH(port, p, s->ports) {
225
226 if (p->type != SOCKET_SOCKET)
227 return true;
228
4f2d528d
LP		 229 if (!socket_address_can_accept(&p->address))
230 return true;
dd5ad9d4 231 }
4f2d528d
LP		 232
233 return false;
234}
235
a57f7e2c 236static int socket_add_mount_links(Socket *s) {
6e2ef85b 237 SocketPort *p;
6e2ef85b
LP		 238 int r;
239
240 assert(s);
6e2ef85b 241
a57f7e2c
LP		 242 LIST_FOREACH(port, p, s->ports) {
243 const char *path = NULL;
6e2ef85b 244
a57f7e2c
LP		 245 if (p->type == SOCKET_SOCKET)
246 path = socket_address_get_path(&p->address);
247 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
248 path = p->path;
6e2ef85b 249
a57f7e2c
LP		 250 if (!path)
251 continue;
6e2ef85b 252
a57f7e2c 253 r = unit_require_mounts_for(UNIT(s), path);
b87705cd 254 if (r < 0)
6e2ef85b 255 return r;
b87705cd 256 }
6e2ef85b
LP		 257
258 return 0;
259}
260
261static int socket_add_device_link(Socket *s) {
262 char *t;
6e2ef85b
LP		 263
264 assert(s);
265
7d0c710d 266 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
6e2ef85b
LP		 267 return 0;
268
63c372cb 269 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
e821075a 270 return unit_add_node_link(UNIT(s), t, false);
6e2ef85b
LP		 271}
272
a40eb732
LP		 273static int socket_add_default_dependencies(Socket *s) {
274 int r;
275 assert(s);
276
e3d84721
LP		 277 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
278 if (r < 0)
279 return r;
2a77d31d 280
e3d84721
LP		 281 if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
282 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
283 if (r < 0)
a40eb732 284 return r;
2a77d31d 285 }
a40eb732 286
ead8e478 287 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
a40eb732
LP		 288}
289
44a6b1b6 290_pure_ static bool socket_has_exec(Socket *s) {
4cfc6dbe
LP		 291 unsigned i;
292 assert(s);
293
294 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
295 if (s->exec_command[i])
296 return true;
297
298 return false;
299}
300
e821075a
LP		 301static int socket_add_extras(Socket *s) {
302 Unit *u = UNIT(s);
e537352b 303 int r;
44d8db9e 304
e821075a 305 assert(s);
57020a3a 306
e821075a 307 if (have_non_accept_socket(s)) {
23a177ef 308
e821075a
LP		 309 if (!UNIT_DEREF(s->service)) {
310 Unit *x;
57020a3a 311
e821075a 312 r = unit_load_related_unit(u, ".service", &x);
57020a3a 313 if (r < 0)
4f2d528d 314 return r;
e821075a
LP		 315
316 unit_ref_set(&s->service, x);
4f2d528d 317 }
44d8db9e 318
e821075a
LP		 319 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
320 if (r < 0)
6e2ef85b 321 return r;
e821075a 322 }
6e2ef85b 323
e821075a
LP		 324 r = socket_add_mount_links(s);
325 if (r < 0)
326 return r;
6e2ef85b 327
e821075a
LP		 328 r = socket_add_device_link(s);
329 if (r < 0)
330 return r;
331
598459ce 332 r = unit_patch_contexts(u);
e821075a
LP		 333 if (r < 0)
334 return r;
335
336 if (socket_has_exec(s)) {
337 r = unit_add_exec_dependencies(u, &s->exec_context);
338 if (r < 0)
339 return r;
23a177ef 340
598459ce 341 r = unit_add_default_slice(u, &s->cgroup_context);
a016b922
LP		 342 if (r < 0)
343 return r;
e821075a 344 }
a016b922 345
e821075a
LP		 346 if (u->default_dependencies) {
347 r = socket_add_default_dependencies(s);
348 if (r < 0)
349 return r;
350 }
351
352 return 0;
353}
354
811ba7a0
LP		 355static const char *socket_find_symlink_target(Socket *s) {
356 const char *found = NULL;
357 SocketPort *p;
358
359 LIST_FOREACH(port, p, s->ports) {
360 const char *f = NULL;
361
362 switch (p->type) {
363
364 case SOCKET_FIFO:
365 f = p->path;
366 break;
367
368 case SOCKET_SOCKET:
369 if (p->address.sockaddr.un.sun_path[0] != 0)
370 f = p->address.sockaddr.un.sun_path;
371 break;
372
373 default:
374 break;
375 }
376
377 if (f) {
378 if (found)
379 return NULL;
380
381 found = f;
382 }
383 }
384
385 return found;
386}
387
e821075a
LP		 388static int socket_verify(Socket *s) {
389 assert(s);
390
391 if (UNIT(s)->load_state != UNIT_LOADED)
392 return 0;
393
394 if (!s->ports) {
79008bdd 395 log_unit_error(UNIT(s)->id, "%s lacks Listen setting. Refusing.", UNIT(s)->id);
e821075a
LP		 396 return -EINVAL;
397 }
398
399 if (s->accept && have_non_accept_socket(s)) {
79008bdd 400 log_unit_error(UNIT(s)->id, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
e821075a
LP		 401 UNIT(s)->id);
402 return -EINVAL;
403 }
404
405 if (s->accept && s->max_connections <= 0) {
79008bdd 406 log_unit_error(UNIT(s)->id, "%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
e821075a
LP		 407 return -EINVAL;
408 }
e06c73cc 409
e821075a 410 if (s->accept && UNIT_DEREF(s->service)) {
79008bdd 411 log_unit_error(UNIT(s)->id, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
e821075a
LP		 412 return -EINVAL;
413 }
414
415 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
79008bdd 416 log_unit_error(UNIT(s)->id, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
e821075a
LP		 417 return -EINVAL;
418 }
419
811ba7a0 420 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
79008bdd 421 log_unit_error(UNIT(s)->id, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s)->id);
811ba7a0
LP		 422 return -EINVAL;
423 }
424
e821075a
LP		 425 return 0;
426}
427
428static int socket_load(Unit *u) {
429 Socket *s = SOCKET(u);
430 int r;
431
432 assert(u);
433 assert(u->load_state == UNIT_STUB);
434
435 r = unit_load_fragment_and_dropin(u);
436 if (r < 0)
437 return r;
438
439 if (u->load_state == UNIT_LOADED) {
440 /* This is a new unit? Then let's add in some extras */
441 r = socket_add_extras(s);
e06c73cc
LP		 442 if (r < 0)
443 return r;
23a177ef
LP		 444 }
445
4f2d528d 446 return socket_verify(s);
44d8db9e
LP		 447}
448
44a6b1b6 449_const_ static const char* listen_lookup(int family, int type) {
7a22745a
LP		 450
451 if (family == AF_NETLINK)
452 return "ListenNetlink";
542563ba
LP		 453
454 if (type == SOCK_STREAM)
455 return "ListenStream";
456 else if (type == SOCK_DGRAM)
457 return "ListenDatagram";
458 else if (type == SOCK_SEQPACKET)
459 return "ListenSequentialPacket";
460
034c6ed7 461 assert_not_reached("Unknown socket type");
542563ba
LP		 462 return NULL;
463}
464
87f0e418 465static void socket_dump(Unit *u, FILE *f, const char *prefix) {
209e9dcd 466 char time_string[FORMAT_TIMESPAN_MAX];
5cb5a6ff 467 SocketExecCommand c;
87f0e418 468 Socket *s = SOCKET(u);
542563ba 469 SocketPort *p;
82ba9f08 470 const char *prefix2;
5cb5a6ff
LP		 471
472 assert(s);
fa068367 473 assert(f);
5cb5a6ff 474
4c940960 475 prefix = strempty(prefix);
63c372cb 476 prefix2 = strjoina(prefix, "\t");
c43d20a0 477
5cb5a6ff
LP		 478 fprintf(f,
479 "%sSocket State: %s\n"
81a5c6d0 480 "%sResult: %s\n"
542563ba 481 "%sBindIPv6Only: %s\n"
b5a0699f
LP		 482 "%sBacklog: %u\n"
483 "%sSocketMode: %04o\n"
4fd5948e
LP		 484 "%sDirectoryMode: %04o\n"
485 "%sKeepAlive: %s\n"
4427c3f4 486 "%sNoDelay: %s\n"
cebf8b20 487 "%sFreeBind: %s\n"
6b6d2dee 488 "%sTransparent: %s\n"
ec6370a2 489 "%sBroadcast: %s\n"
ede3deb4 490 "%sPassCredentials: %s\n"
54ecda32 491 "%sPassSecurity: %s\n"
bd1fe7c7 492 "%sTCPCongestion: %s\n"
16115b0a
MS		 493 "%sRemoveOnStop: %s\n"
494 "%sSELinuxContextFromNet: %s\n",
a16e1123 495 prefix, socket_state_to_string(s->state),
81a5c6d0 496 prefix, socket_result_to_string(s->result),
c0120d99 497 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
b5a0699f
LP		 498 prefix, s->backlog,
499 prefix, s->socket_mode,
4fd5948e
LP		 500 prefix, s->directory_mode,
501 prefix, yes_no(s->keep_alive),
4427c3f4 502 prefix, yes_no(s->no_delay),
cebf8b20 503 prefix, yes_no(s->free_bind),
6b6d2dee 504 prefix, yes_no(s->transparent),
ec6370a2 505 prefix, yes_no(s->broadcast),
d68af586 506 prefix, yes_no(s->pass_cred),
54ecda32 507 prefix, yes_no(s->pass_sec),
bd1fe7c7 508 prefix, strna(s->tcp_congestion),
16115b0a
MS		 509 prefix, yes_no(s->remove_on_stop),
510 prefix, yes_no(s->selinux_context_from_net));
542563ba 511
70123e68
LP		 512 if (s->control_pid > 0)
513 fprintf(f,
de0671ee
ZJS		 514 "%sControl PID: "PID_FMT"\n",
515 prefix, s->control_pid);
70123e68 516
acbb0225
LP		 517 if (s->bind_to_device)
518 fprintf(f,
519 "%sBindToDevice: %s\n",
520 prefix, s->bind_to_device);
521
4f2d528d
LP		 522 if (s->accept)
523 fprintf(f,
6cf6bbc2
LP		 524 "%sAccepted: %u\n"
525 "%sNConnections: %u\n"
526 "%sMaxConnections: %u\n",
527 prefix, s->n_accepted,
528 prefix, s->n_connections,
529 prefix, s->max_connections);
4f2d528d 530
4fd5948e
LP		 531 if (s->priority >= 0)
532 fprintf(f,
533 "%sPriority: %i\n",
534 prefix, s->priority);
535
536 if (s->receive_buffer > 0)
537 fprintf(f,
538 "%sReceiveBuffer: %zu\n",
539 prefix, s->receive_buffer);
540
541 if (s->send_buffer > 0)
542 fprintf(f,
543 "%sSendBuffer: %zu\n",
544 prefix, s->send_buffer);
545
546 if (s->ip_tos >= 0)
547 fprintf(f,
548 "%sIPTOS: %i\n",
549 prefix, s->ip_tos);
550
551 if (s->ip_ttl >= 0)
552 fprintf(f,
553 "%sIPTTL: %i\n",
554 prefix, s->ip_ttl);
555
556 if (s->pipe_size > 0)
557 fprintf(f,
558 "%sPipeSize: %zu\n",
559 prefix, s->pipe_size);
560
561 if (s->mark >= 0)
562 fprintf(f,
563 "%sMark: %i\n",
564 prefix, s->mark);
565
916abb21
LP		 566 if (s->mq_maxmsg > 0)
567 fprintf(f,
568 "%sMessageQueueMaxMessages: %li\n",
569 prefix, s->mq_maxmsg);
570
571 if (s->mq_msgsize > 0)
572 fprintf(f,
573 "%sMessageQueueMessageSize: %li\n",
574 prefix, s->mq_msgsize);
575
718db961 576 if (s->reuse_port)
f7db7a69
SL		 577 fprintf(f,
578 "%sReusePort: %s\n",
718db961 579 prefix, yes_no(s->reuse_port));
f7db7a69 580
0eb59ccf
AK		 581 if (s->smack)
582 fprintf(f,
583 "%sSmackLabel: %s\n",
584 prefix, s->smack);
585
586 if (s->smack_ip_in)
587 fprintf(f,
588 "%sSmackLabelIPIn: %s\n",
589 prefix, s->smack_ip_in);
590
591 if (s->smack_ip_out)
592 fprintf(f,
593 "%sSmackLabelIPOut: %s\n",
594 prefix, s->smack_ip_out);
595
3900e5fd
LP		 596 if (!isempty(s->user) || !isempty(s->group))
597 fprintf(f,
598 "%sOwnerUser: %s\n"
599 "%sOwnerGroup: %s\n",
600 prefix, strna(s->user),
601 prefix, strna(s->group));
602
3cd761e4 603 if (s->keep_alive_time > 0)
209e9dcd 604 fprintf(f,
3cd761e4
LP		 605 "%sKeepAliveTimeSec: %s\n",
606 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
209e9dcd 607
3cd761e4 608 if (s->keep_alive_interval)
209e9dcd 609 fprintf(f,
3cd761e4
LP		 610 "%sKeepAliveIntervalSec: %s\n",
611 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
209e9dcd 612
3cd761e4 613 if (s->keep_alive_cnt)
209e9dcd
SS		 614 fprintf(f,
615 "%sKeepAliveProbes: %u\n",
616 prefix, s->keep_alive_cnt);
617
3cd761e4 618 if (s->defer_accept)
cc567c9b 619 fprintf(f,
3cd761e4
LP		 620 "%sDeferAcceptSec: %s\n",
621 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
cc567c9b 622
034c6ed7 623 LIST_FOREACH(port, p, s->ports) {
5cb5a6ff 624
542563ba
LP		 625 if (p->type == SOCKET_SOCKET) {
626 const char *t;
627 int r;
e364ad06 628 char *k = NULL;
542563ba
LP		 629
630 if ((r = socket_address_print(&p->address, &k)) < 0)
631 t = strerror(-r);
632 else
633 t = k;
634
7a22745a 635 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
542563ba 636 free(k);
b0a3f2bc
LP		 637 } else if (p->type == SOCKET_SPECIAL)
638 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
916abb21
LP		 639 else if (p->type == SOCKET_MQUEUE)
640 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
b0a3f2bc 641 else
542563ba
LP		 642 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
643 }
5cb5a6ff
LP		 644
645 exec_context_dump(&s->exec_context, f, prefix);
4819ff03 646 kill_context_dump(&s->kill_context, f, prefix);
5cb5a6ff 647
e537352b 648 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
c43d20a0
LP		 649 if (!s->exec_command[c])
650 continue;
5cb5a6ff 651
40d50879 652 fprintf(f, "%s-> %s:\n",
a16e1123 653 prefix, socket_exec_command_to_string(c));
c43d20a0
LP		 654
655 exec_command_dump_list(s->exec_command[c], f, prefix2);
5cb5a6ff
LP		 656 }
657}
658
4f2d528d
LP		 659static int instance_from_socket(int fd, unsigned nr, char **instance) {
660 socklen_t l;
661 char *r;
9d16d0c7 662 union sockaddr_union local, remote;
4f2d528d
LP		 663
664 assert(fd >= 0);
665 assert(instance);
666
667 l = sizeof(local);
668 if (getsockname(fd, &local.sa, &l) < 0)
669 return -errno;
670
671 l = sizeof(remote);
672 if (getpeername(fd, &remote.sa, &l) < 0)
673 return -errno;
674
675 switch (local.sa.sa_family) {
676
677 case AF_INET: {
678 uint32_t
679 a = ntohl(local.in.sin_addr.s_addr),
680 b = ntohl(remote.in.sin_addr.s_addr);
681
682 if (asprintf(&r,
77b088c2
LP		 683 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
684 nr,
4f2d528d
LP		 685 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
686 ntohs(local.in.sin_port),
687 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
688 ntohs(remote.in.sin_port)) < 0)
689 return -ENOMEM;
690
691 break;
692 }
693
694 case AF_INET6: {
c65a0b14 695 static const unsigned char ipv4_prefix[] = {
2b061f5a
LP		 696 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
697 };
698
699 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
700 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
701 const uint8_t
702 *a = local.in6.sin6_addr.s6_addr+12,
703 *b = remote.in6.sin6_addr.s6_addr+12;
704
705 if (asprintf(&r,
77b088c2
LP		 706 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
707 nr,
2b061f5a
LP		 708 a[0], a[1], a[2], a[3],
709 ntohs(local.in6.sin6_port),
710 b[0], b[1], b[2], b[3],
711 ntohs(remote.in6.sin6_port)) < 0)
712 return -ENOMEM;
713 } else {
714 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
715
716 if (asprintf(&r,
77b088c2
LP		 717 "%u-%s:%u-%s:%u",
718 nr,
2b061f5a
LP		 719 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
720 ntohs(local.in6.sin6_port),
721 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
722 ntohs(remote.in6.sin6_port)) < 0)
723 return -ENOMEM;
724 }
4f2d528d
LP		 725
726 break;
727 }
728
729 case AF_UNIX: {
730 struct ucred ucred;
eff05270 731 int k;
4f2d528d 732
eff05270 733 k = getpeercred(fd, &ucred);
d38f6e34
ZJS		 734 if (k >= 0) {
735 if (asprintf(&r,
736 "%u-"PID_FMT"-"UID_FMT,
737 nr, ucred.pid, ucred.uid) < 0)
738 return -ENOMEM;
739 } else if (k == -ENODATA) {
740 /* This handles the case where somebody is
741 * connecting from another pid/uid namespace
742 * (e.g. from outside of our container). */
743 if (asprintf(&r,
744 "%u-unknown",
745 nr) < 0)
746 return -ENOMEM;
747 } else
eff05270 748 return k;
2f20a8eb 749
2f20a8eb 750 break;
4f2d528d
LP		 751 }
752
753 default:
754 assert_not_reached("Unhandled socket type.");
755 }
756
757 *instance = r;
758 return 0;
759}
760
034c6ed7 761static void socket_close_fds(Socket *s) {
83c60c9f 762 SocketPort *p;
811ba7a0 763 char **i;
83c60c9f
LP		 764
765 assert(s);
766
034c6ed7 767 LIST_FOREACH(port, p, s->ports) {
718db961
LP		 768
769 p->event_source = sd_event_source_unref(p->event_source);
770
83c60c9f
LP		 771 if (p->fd < 0)
772 continue;
773
03e334a1 774 p->fd = safe_close(p->fd);
a16e1123 775
bd1fe7c7
LP		 776 /* One little note: we should normally not delete any
777 * sockets in the file system here! After all some
778 * other process we spawned might still have a
779 * reference of this fd and wants to continue to use
780 * it. Therefore we delete sockets in the file system
781 * before we create a new one, not after we stopped
782 * using one! */
783
784 if (s->remove_on_stop) {
785 switch (p->type) {
786
787 case SOCKET_FIFO:
788 unlink(p->path);
789 break;
790
791 case SOCKET_MQUEUE:
792 mq_unlink(p->path);
793 break;
794
795 case SOCKET_SOCKET:
796 socket_address_unlink(&p->address);
797 break;
798
799 default:
800 break;
801 }
802 }
83c60c9f 803 }
811ba7a0
LP		 804
805 if (s->remove_on_stop)
806 STRV_FOREACH(i, s->symlinks)
807 unlink(*i);
83c60c9f
LP		 808}
809
4fd5948e 810static void socket_apply_socket_options(Socket *s, int fd) {
d53e386d
LP		 811 int r;
812
4fd5948e
LP		 813 assert(s);
814 assert(fd >= 0);
815
816 if (s->keep_alive) {
817 int b = s->keep_alive;
818 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
79008bdd 819 log_unit_warning(UNIT(s)->id, "SO_KEEPALIVE failed: %m");
4fd5948e
LP		 820 }
821
209e9dcd
SS		 822 if (s->keep_alive_time) {
823 int value = s->keep_alive_time / USEC_PER_SEC;
824 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
79008bdd 825 log_unit_warning(UNIT(s)->id, "TCP_KEEPIDLE failed: %m");
209e9dcd
SS		 826 }
827
828 if (s->keep_alive_interval) {
829 int value = s->keep_alive_interval / USEC_PER_SEC;
830 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
79008bdd 831 log_unit_warning(UNIT(s)->id, "TCP_KEEPINTVL failed: %m");
209e9dcd
SS		 832 }
833
834 if (s->keep_alive_cnt) {
835 int value = s->keep_alive_cnt;
836 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
79008bdd 837 log_unit_warning(UNIT(s)->id, "TCP_KEEPCNT failed: %m");
209e9dcd
SS		 838 }
839
cc567c9b
SS		 840 if (s->defer_accept) {
841 int value = s->defer_accept / USEC_PER_SEC;
842 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
79008bdd 843 log_unit_warning(UNIT(s)->id, "TCP_DEFER_ACCEPT failed: %m");
cc567c9b
SS		 844 }
845
4427c3f4
SS		 846 if (s->no_delay) {
847 int b = s->no_delay;
848 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
79008bdd 849 log_unit_warning(UNIT(s)->id, "TCP_NODELAY failed: %m");
4427c3f4
SS		 850 }
851
ec6370a2
LP		 852 if (s->broadcast) {
853 int one = 1;
854 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
79008bdd 855 log_unit_warning(UNIT(s)->id, "SO_BROADCAST failed: %m");
ec6370a2
LP		 856 }
857
d68af586
MS		 858 if (s->pass_cred) {
859 int one = 1;
860 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
79008bdd 861 log_unit_warning(UNIT(s)->id, "SO_PASSCRED failed: %m");
d68af586
MS		 862 }
863
54ecda32
LP		 864 if (s->pass_sec) {
865 int one = 1;
866 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
79008bdd 867 log_unit_warning(UNIT(s)->id, "SO_PASSSEC failed: %m");
54ecda32
LP		 868 }
869
4fd5948e
LP		 870 if (s->priority >= 0)
871 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
79008bdd 872 log_unit_warning(UNIT(s)->id, "SO_PRIORITY failed: %m");
4fd5948e
LP		 873
874 if (s->receive_buffer > 0) {
875 int value = (int) s->receive_buffer;
7d9eaa84
LP		 876
877 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
878
b8cef44e 879 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 880 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
79008bdd 881 log_unit_warning(UNIT(s)->id, "SO_RCVBUF failed: %m");
4fd5948e
LP		 882 }
883
884 if (s->send_buffer > 0) {
885 int value = (int) s->send_buffer;
b8cef44e 886 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 887 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
79008bdd 888 log_unit_warning(UNIT(s)->id, "SO_SNDBUF failed: %m");
4fd5948e
LP		 889 }
890
891 if (s->mark >= 0)
892 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
79008bdd 893 log_unit_warning(UNIT(s)->id, "SO_MARK failed: %m");
4fd5948e
LP		 894
895 if (s->ip_tos >= 0)
896 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
79008bdd 897 log_unit_warning(UNIT(s)->id, "IP_TOS failed: %m");
4fd5948e 898
46925ac5 899 if (s->ip_ttl >= 0) {
d53e386d 900 int x;
46925ac5
LP		 901
902 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
5bfcc1c6
FF		 903
904 if (socket_ipv6_is_supported())
905 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
906 else {
907 x = -1;
908 errno = EAFNOSUPPORT;
909 }
46925ac5
LP		 910
911 if (r < 0 && x < 0)
79008bdd 912 log_unit_warning(UNIT(s)->id,
66870f90 913 "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
46925ac5 914 }
cebf8b20
TT		 915
916 if (s->tcp_congestion)
917 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
79008bdd 918 log_unit_warning(UNIT(s)->id, "TCP_CONGESTION failed: %m");
0eb59ccf 919
718db961
LP		 920 if (s->reuse_port) {
921 int b = s->reuse_port;
f0511bd7 922 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
79008bdd 923 log_unit_warning(UNIT(s)->id, "SO_REUSEPORT failed: %m");
f7db7a69
SL		 924 }
925
d53e386d
LP		 926 if (s->smack_ip_in) {
927 r = mac_smack_apply_ip_in_fd(fd, s->smack_ip_in);
928 if (r < 0)
31938a85 929 log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_ip_in_fd: %m");
d53e386d 930 }
9a4e038c 931
d53e386d
LP		 932 if (s->smack_ip_out) {
933 r = mac_smack_apply_ip_out_fd(fd, s->smack_ip_out);
934 if (r < 0)
31938a85 935 log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_ip_out_fd: %m");
d53e386d 936 }
4fd5948e
LP		 937}
938
b15bdda8 939static void socket_apply_fifo_options(Socket *s, int fd) {
d53e386d
LP		 940 int r;
941
4fd5948e
LP		 942 assert(s);
943 assert(fd >= 0);
944
945 if (s->pipe_size > 0)
946 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
79008bdd 947 log_unit_warning(UNIT(s)->id, "F_SETPIPE_SZ: %m");
0eb59ccf 948
d53e386d
LP		 949 if (s->smack) {
950 r = mac_smack_apply_fd(fd, s->smack);
951 if (r < 0)
31938a85 952 log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_fd: %m");
d53e386d 953 }
4fd5948e
LP		 954}
955
b15bdda8
LP		 956static int fifo_address_create(
957 const char *path,
958 mode_t directory_mode,
959 mode_t socket_mode,
b15bdda8
LP		 960 int *_fd) {
961
7a58bfa4 962 int fd = -1, r = 0;
b15bdda8
LP		 963 struct stat st;
964 mode_t old_mask;
965
966 assert(path);
967 assert(_fd);
968
d2e54fae 969 mkdir_parents_label(path, directory_mode);
b15bdda8 970
ecabcf8b 971 r = mac_selinux_create_file_prepare(path, S_IFIFO);
e9a5ef7c 972 if (r < 0)
56cf987f 973 goto fail;
b15bdda8
LP		 974
975 /* Enforce the right access mode for the fifo */
976 old_mask = umask(~ socket_mode);
977
978 /* Include the original umask in our mask */
979 umask(~socket_mode | old_mask);
980
981 r = mkfifo(path, socket_mode);
982 umask(old_mask);
983
94bc2731 984 if (r < 0 && errno != EEXIST) {
b15bdda8
LP		 985 r = -errno;
986 goto fail;
987 }
988
e4f44e73 989 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
b15bdda8
LP		 990 r = -errno;
991 goto fail;
992 }
993
ecabcf8b 994 mac_selinux_create_file_clear();
7a58bfa4 995
b15bdda8
LP		 996 if (fstat(fd, &st) < 0) {
997 r = -errno;
998 goto fail;
999 }
1000
1001 if (!S_ISFIFO(st.st_mode) ||
de0200fc 1002 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
e4f44e73
DR		 1003 st.st_uid != getuid() ||
1004 st.st_gid != getgid()) {
b15bdda8
LP		 1005
1006 r = -EEXIST;
1007 goto fail;
1008 }
1009
1010 *_fd = fd;
1011 return 0;
1012
1013fail:
ecabcf8b 1014 mac_selinux_create_file_clear();
03e334a1 1015 safe_close(fd);
b15bdda8
LP		 1016
1017 return r;
1018}
1019
b0a3f2bc
LP		 1020static int special_address_create(
1021 const char *path,
1022 int *_fd) {
1023
1024 int fd = -1, r = 0;
1025 struct stat st;
1026
1027 assert(path);
1028 assert(_fd);
1029
811ba7a0
LP		 1030 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1031 if (fd < 0) {
b0a3f2bc
LP		 1032 r = -errno;
1033 goto fail;
1034 }
1035
1036 if (fstat(fd, &st) < 0) {
1037 r = -errno;
1038 goto fail;
1039 }
1040
1041 /* Check whether this is a /proc, /sys or /dev file or char device */
1042 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1043 r = -EEXIST;
1044 goto fail;
1045 }
1046
1047 *_fd = fd;
1048 return 0;
1049
1050fail:
03e334a1 1051 safe_close(fd);
b0a3f2bc
LP		 1052
1053 return r;
1054}
1055
916abb21
LP		 1056static int mq_address_create(
1057 const char *path,
1058 mode_t mq_mode,
1059 long maxmsg,
1060 long msgsize,
1061 int *_fd) {
1062
1063 int fd = -1, r = 0;
1064 struct stat st;
1065 mode_t old_mask;
1066 struct mq_attr _attr, *attr = NULL;
1067
1068 assert(path);
1069 assert(_fd);
1070
1071 if (maxmsg > 0 && msgsize > 0) {
1072 zero(_attr);
1073 _attr.mq_flags = O_NONBLOCK;
1074 _attr.mq_maxmsg = maxmsg;
1075 _attr.mq_msgsize = msgsize;
1076 attr = &_attr;
1077 }
1078
1079 /* Enforce the right access mode for the mq */
1080 old_mask = umask(~ mq_mode);
1081
1082 /* Include the original umask in our mask */
1083 umask(~mq_mode | old_mask);
916abb21
LP		 1084 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1085 umask(old_mask);
1086
8ea913b2 1087 if (fd < 0) {
916abb21
LP		 1088 r = -errno;
1089 goto fail;
1090 }
1091
1092 if (fstat(fd, &st) < 0) {
1093 r = -errno;
1094 goto fail;
1095 }
1096
1097 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1098 st.st_uid != getuid() ||
1099 st.st_gid != getgid()) {
1100
1101 r = -EEXIST;
1102 goto fail;
1103 }
1104
1105 *_fd = fd;
1106 return 0;
1107
1108fail:
03e334a1 1109 safe_close(fd);
916abb21
LP		 1110 return r;
1111}
1112
811ba7a0
LP		 1113static int socket_symlink(Socket *s) {
1114 const char *p;
1115 char **i;
1116
1117 assert(s);
1118
1119 p = socket_find_symlink_target(s);
1120 if (!p)
1121 return 0;
1122
1123 STRV_FOREACH(i, s->symlinks)
43b133b4 1124 symlink_label(p, *i);
811ba7a0
LP		 1125
1126 return 0;
1127}
1128
034c6ed7 1129static int socket_open_fds(Socket *s) {
83c60c9f
LP		 1130 SocketPort *p;
1131 int r;
56cf987f 1132 char *label = NULL;
049f8642 1133 bool know_label = false;
83c60c9f
LP		 1134
1135 assert(s);
1136
034c6ed7 1137 LIST_FOREACH(port, p, s->ports) {
83c60c9f 1138
034c6ed7
LP		 1139 if (p->fd >= 0)
1140 continue;
83c60c9f
LP		 1141
1142 if (p->type == SOCKET_SOCKET) {
049f8642 1143
7f416dae
LP		 1144 if (!know_label) {
1145 /* Figure out label, if we don't it know
1146 * yet. We do it once, for the first
1147 * socket where we need this and
1148 * remember it for the rest. */
1149
1150 if (s->selinux_context_from_net) {
1151 /* Get it from the network label */
1152
1153 r = mac_selinux_get_our_label(&label);
75514a70 1154 if (r < 0 && r != -EOPNOTSUPP)
7f416dae 1155 goto rollback;
049f8642 1156
7f416dae
LP		 1157 } else {
1158 /* Get it from the executable we are about to start */
1159
1160 r = socket_instantiate_service(s);
1161 if (r < 0)
1162 goto rollback;
1163
1164 if (UNIT_ISSET(s->service) &&
1165 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1166 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
75514a70 1167 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
7f416dae
LP		 1168 goto rollback;
1169 }
189583d7 1170 }
049f8642
LP		 1171
1172 know_label = true;
1173 }
1174
175a3d25
LP		 1175 r = socket_address_listen(
1176 &p->address,
1177 SOCK_CLOEXEC|SOCK_NONBLOCK,
1178 s->backlog,
1179 s->bind_ipv6_only,
1180 s->bind_to_device,
1181 s->free_bind,
1182 s->transparent,
1183 s->directory_mode,
1184 s->socket_mode,
1185 label);
1186 if (r < 0)
83c60c9f
LP		 1187 goto rollback;
1188
175a3d25 1189 p->fd = r;
4fd5948e 1190 socket_apply_socket_options(s, p->fd);
811ba7a0 1191 socket_symlink(s);
4fd5948e 1192
b0a3f2bc
LP		 1193 } else if (p->type == SOCKET_SPECIAL) {
1194
175a3d25
LP		 1195 r = special_address_create(
1196 p->path,
1197 &p->fd);
1198 if (r < 0)
b0a3f2bc
LP		 1199 goto rollback;
1200
b15bdda8 1201 } else if (p->type == SOCKET_FIFO) {
83c60c9f 1202
175a3d25
LP		 1203 r = fifo_address_create(
1204 p->path,
1205 s->directory_mode,
1206 s->socket_mode,
1207 &p->fd);
1208 if (r < 0)
83c60c9f 1209 goto rollback;
83c60c9f 1210
b15bdda8 1211 socket_apply_fifo_options(s, p->fd);
811ba7a0
LP		 1212 socket_symlink(s);
1213
916abb21 1214 } else if (p->type == SOCKET_MQUEUE) {
83c60c9f 1215
175a3d25
LP		 1216 r = mq_address_create(
1217 p->path,
1218 s->socket_mode,
1219 s->mq_maxmsg,
1220 s->mq_msgsize,
1221 &p->fd);
1222 if (r < 0)
916abb21 1223 goto rollback;
b15bdda8
LP		 1224 } else
1225 assert_not_reached("Unknown port type");
034c6ed7
LP		 1226 }
1227
cc56fafe 1228 mac_selinux_free(label);
034c6ed7
LP		 1229 return 0;
1230
1231rollback:
1232 socket_close_fds(s);
cc56fafe 1233 mac_selinux_free(label);
7f416dae 1234
034c6ed7
LP		 1235 return r;
1236}
1237
1238static void socket_unwatch_fds(Socket *s) {
1239 SocketPort *p;
718db961 1240 int r;
9152c765 1241
034c6ed7
LP		 1242 assert(s);
1243
1244 LIST_FOREACH(port, p, s->ports) {
1245 if (p->fd < 0)
1246 continue;
1247
a4152e3f
LP		 1248 if (!p->event_source)
1249 continue;
1250
1251 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1252 if (r < 0)
79008bdd 1253 log_unit_debug(UNIT(s)->id, "Failed to disable event source.");
83c60c9f 1254 }
034c6ed7
LP		 1255}
1256
1257static int socket_watch_fds(Socket *s) {
1258 SocketPort *p;
1259 int r;
1260
1261 assert(s);
83c60c9f 1262
034c6ed7
LP		 1263 LIST_FOREACH(port, p, s->ports) {
1264 if (p->fd < 0)
1265 continue;
1266
718db961
LP		 1267 if (p->event_source)
1268 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1269 else
151b9b96 1270 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
4f2d528d 1271
718db961 1272 if (r < 0) {
31938a85 1273 log_unit_warning_errno(UNIT(s)->id, r, "Failed to watch listening fds: %m");
034c6ed7 1274 goto fail;
718db961 1275 }
034c6ed7 1276 }
83c60c9f 1277
542563ba 1278 return 0;
83c60c9f 1279
034c6ed7
LP		 1280fail:
1281 socket_unwatch_fds(s);
1282 return r;
1283}
1284
1285static void socket_set_state(Socket *s, SocketState state) {
1286 SocketState old_state;
1287 assert(s);
1288
1289 old_state = s->state;
1290 s->state = state;
1291
bd1fe7c7
LP		 1292 if (!IN_SET(state,
1293 SOCKET_START_PRE,
3900e5fd 1294 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1295 SOCKET_START_POST,
1296 SOCKET_STOP_PRE,
1297 SOCKET_STOP_PRE_SIGTERM,
1298 SOCKET_STOP_PRE_SIGKILL,
1299 SOCKET_STOP_POST,
1300 SOCKET_FINAL_SIGTERM,
1301 SOCKET_FINAL_SIGKILL)) {
718db961
LP		 1302
1303 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
5e94833f 1304 socket_unwatch_control_pid(s);
034c6ed7 1305 s->control_command = NULL;
a16e1123 1306 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
e537352b 1307 }
034c6ed7 1308
a16e1123
LP		 1309 if (state != SOCKET_LISTENING)
1310 socket_unwatch_fds(s);
1311
bd1fe7c7 1312 if (!IN_SET(state,
3900e5fd 1313 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1314 SOCKET_START_POST,
1315 SOCKET_LISTENING,
1316 SOCKET_RUNNING,
1317 SOCKET_STOP_PRE,
1318 SOCKET_STOP_PRE_SIGTERM,
1319 SOCKET_STOP_PRE_SIGKILL))
034c6ed7
LP		 1320 socket_close_fds(s);
1321
e537352b 1322 if (state != old_state)
79008bdd 1323 log_unit_debug(UNIT(s)->id, "%s changed %s -> %s",
e821075a 1324 UNIT(s)->id, socket_state_to_string(old_state), socket_state_to_string(state));
acbb0225 1325
e2f3b44c 1326 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
034c6ed7
LP		 1327}
1328
a16e1123
LP		 1329static int socket_coldplug(Unit *u) {
1330 Socket *s = SOCKET(u);
1331 int r;
1332
1333 assert(s);
1334 assert(s->state == SOCKET_DEAD);
1335
e821075a
LP		 1336 if (s->deserialized_state == s->state)
1337 return 0;
a16e1123 1338
3900e5fd
LP		 1339 if (IN_SET(s->deserialized_state,
1340 SOCKET_START_PRE,
1341 SOCKET_START_CHOWN,
1342 SOCKET_START_POST,
1343 SOCKET_STOP_PRE,
1344 SOCKET_STOP_PRE_SIGTERM,
1345 SOCKET_STOP_PRE_SIGKILL,
1346 SOCKET_STOP_POST,
1347 SOCKET_FINAL_SIGTERM,
1348 SOCKET_FINAL_SIGKILL)) {
a16e1123 1349
e821075a
LP		 1350 if (s->control_pid <= 0)
1351 return -EBADMSG;
a16e1123 1352
e821075a
LP		 1353 r = unit_watch_pid(UNIT(s), s->control_pid);
1354 if (r < 0)
1355 return r;
a16e1123 1356
e821075a
LP		 1357 r = socket_arm_timer(s);
1358 if (r < 0)
1359 return r;
1360 }
a16e1123 1361
3900e5fd
LP		 1362 if (IN_SET(s->deserialized_state,
1363 SOCKET_START_CHOWN,
1364 SOCKET_START_POST,
1365 SOCKET_LISTENING,
1366 SOCKET_RUNNING,
1367 SOCKET_STOP_PRE,
1368 SOCKET_STOP_PRE_SIGTERM,
1369 SOCKET_STOP_PRE_SIGKILL)) {
e821075a
LP		 1370 r = socket_open_fds(s);
1371 if (r < 0)
1372 return r;
1373 }
a16e1123 1374
e821075a
LP		 1375 if (s->deserialized_state == SOCKET_LISTENING) {
1376 r = socket_watch_fds(s);
1377 if (r < 0)
1378 return r;
a16e1123
LP		 1379 }
1380
e821075a 1381 socket_set_state(s, s->deserialized_state);
a16e1123
LP		 1382 return 0;
1383}
1384
e537352b 1385static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
3900e5fd 1386 _cleanup_free_ char **argv = NULL;
034c6ed7
LP		 1387 pid_t pid;
1388 int r;
9fa95f85
DM		 1389 ExecParameters exec_params = {
1390 .apply_permissions = true,
1391 .apply_chroot = true,
1392 .apply_tty_stdin = true,
1393 };
034c6ed7
LP		 1394
1395 assert(s);
1396 assert(c);
1397 assert(_pid);
1398
4ad49000
LP		 1399 unit_realize_cgroup(UNIT(s));
1400
613b411c
LP		 1401 r = unit_setup_exec_runtime(UNIT(s));
1402 if (r < 0)
1403 goto fail;
1404
718db961 1405 r = socket_arm_timer(s);
36697dc0 1406 if (r < 0)
e537352b 1407 goto fail;
034c6ed7 1408
19f6d710
LP		 1409 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1410 if (r < 0)
9e2f7c11 1411 goto fail;
9e2f7c11 1412
9fa95f85
DM		 1413 exec_params.argv = argv;
1414 exec_params.environment = UNIT(s)->manager->environment;
1415 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1416 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1417 exec_params.cgroup_path = UNIT(s)->cgroup_path;
a931ad47 1418 exec_params.cgroup_delegate = s->cgroup_context.delegate;
9fa95f85
DM		 1419 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1420 exec_params.unit_id = UNIT(s)->id;
1421
9e2f7c11 1422 r = exec_spawn(c,
9e2f7c11 1423 &s->exec_context,
9fa95f85 1424 &exec_params,
613b411c 1425 s->exec_runtime,
9e2f7c11 1426 &pid);
cee288ad
TA		 1427 if (r < 0)
1428 goto fail;
9e2f7c11 1429
3900e5fd 1430 r = unit_watch_pid(UNIT(s), pid);
9e2f7c11 1431 if (r < 0)
3900e5fd 1432 /* FIXME: we need to do something here */
034c6ed7
LP		 1433 goto fail;
1434
3900e5fd
LP		 1435 *_pid = pid;
1436 return 0;
1437
1438fail:
1439 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1440 return r;
1441}
1442
1443static int socket_chown(Socket *s, pid_t *_pid) {
1444 pid_t pid;
1445 int r;
1446
1447 r = socket_arm_timer(s);
1448 if (r < 0)
1449 goto fail;
1450
1451 /* We have to resolve the user names out-of-process, hence
1452 * let's fork here. It's messy, but well, what can we do? */
1453
1454 pid = fork();
1455 if (pid < 0)
1456 return -errno;
1457
1458 if (pid == 0) {
1459 SocketPort *p;
fed1e721
LP		 1460 uid_t uid = UID_INVALID;
1461 gid_t gid = GID_INVALID;
3900e5fd
LP		 1462 int ret;
1463
1464 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1465 ignore_signals(SIGPIPE, -1);
1466 log_forget_fds();
1467
1468 if (!isempty(s->user)) {
1469 const char *user = s->user;
1470
1471 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1472 if (r < 0) {
1473 ret = EXIT_USER;
1474 goto fail_child;
1475 }
1476 }
1477
1478 if (!isempty(s->group)) {
1479 const char *group = s->group;
1480
1481 r = get_group_creds(&group, &gid);
1482 if (r < 0) {
1483 ret = EXIT_GROUP;
1484 goto fail_child;
1485 }
1486 }
1487
1488 LIST_FOREACH(port, p, s->ports) {
e5a1c18d 1489 const char *path = NULL;
3900e5fd
LP		 1490
1491 if (p->type == SOCKET_SOCKET)
1492 path = socket_address_get_path(&p->address);
1493 else if (p->type == SOCKET_FIFO)
1494 path = p->path;
1495
1496 if (!path)
1497 continue;
1498
1499 if (chown(path, uid, gid) < 0) {
1500 r = -errno;
1501 ret = EXIT_CHOWN;
1502 goto fail_child;
1503 }
1504 }
1505
1506 _exit(0);
1507
1508 fail_child:
1509 log_open();
da927ba9 1510 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
3900e5fd
LP		 1511
1512 _exit(ret);
1513 }
1514
718db961
LP		 1515 r = unit_watch_pid(UNIT(s), pid);
1516 if (r < 0)
034c6ed7 1517 goto fail;
83c60c9f 1518
034c6ed7 1519 *_pid = pid;
034c6ed7
LP		 1520 return 0;
1521
1522fail:
718db961 1523 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
83c60c9f 1524 return r;
542563ba
LP		 1525}
1526
cfc4eb4c 1527static void socket_enter_dead(Socket *s, SocketResult f) {
034c6ed7
LP		 1528 assert(s);
1529
cfc4eb4c
LP		 1530 if (f != SOCKET_SUCCESS)
1531 s->result = f;
034c6ed7 1532
613b411c
LP		 1533 exec_runtime_destroy(s->exec_runtime);
1534 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1535
e66cf1a3
LP		 1536 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1537
cfc4eb4c 1538 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
034c6ed7
LP		 1539}
1540
cfc4eb4c 1541static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
80876c20 1542
cfc4eb4c 1543static void socket_enter_stop_post(Socket *s, SocketResult f) {
034c6ed7
LP		 1544 int r;
1545 assert(s);
1546
cfc4eb4c
LP		 1547 if (f != SOCKET_SUCCESS)
1548 s->result = f;
034c6ed7 1549
5e94833f 1550 socket_unwatch_control_pid(s);
a16e1123 1551 s->control_command_id = SOCKET_EXEC_STOP_POST;
3900e5fd 1552 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
a16e1123 1553
3900e5fd
LP		 1554 if (s->control_command) {
1555 r = socket_spawn(s, s->control_command, &s->control_pid);
1556 if (r < 0)
034c6ed7
LP		 1557 goto fail;
1558
80876c20
LP		 1559 socket_set_state(s, SOCKET_STOP_POST);
1560 } else
cfc4eb4c 1561 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
034c6ed7
LP		 1562
1563 return;
1564
1565fail:
79008bdd 1566 log_unit_warning(UNIT(s)->id,
66870f90
ZJS		 1567 "%s failed to run 'stop-post' task: %s",
1568 UNIT(s)->id, strerror(-r));
cfc4eb4c 1569 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1570}
1571
cfc4eb4c 1572static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
034c6ed7
LP		 1573 int r;
1574
1575 assert(s);
1576
cfc4eb4c
LP		 1577 if (f != SOCKET_SUCCESS)
1578 s->result = f;
034c6ed7 1579
cd2086fe
LP		 1580 r = unit_kill_context(
1581 UNIT(s),
1582 &s->kill_context,
db2cb23b
UTL		 1583 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1584 KILL_KILL : KILL_TERMINATE,
cd2086fe
LP		 1585 -1,
1586 s->control_pid,
1587 false);
1588 if (r < 0)
1589 goto fail;
034c6ed7 1590
cd2086fe 1591 if (r > 0) {
718db961 1592 r = socket_arm_timer(s);
36697dc0 1593 if (r < 0)
80876c20 1594 goto fail;
d6ea93e3 1595
80876c20 1596 socket_set_state(s, state);
ac84d1fb
LP		 1597 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1598 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1599 else if (state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1600 socket_enter_stop_post(s, SOCKET_SUCCESS);
ac84d1fb
LP		 1601 else if (state == SOCKET_FINAL_SIGTERM)
1602 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
80876c20 1603 else
cfc4eb4c 1604 socket_enter_dead(s, SOCKET_SUCCESS);
034c6ed7
LP		 1605
1606 return;
1607
1608fail:
31938a85 1609 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to kill processes: %m", UNIT(s)->id);
034c6ed7
LP		 1610
1611 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1612 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1613 else
cfc4eb4c 1614 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1615}
1616
cfc4eb4c 1617static void socket_enter_stop_pre(Socket *s, SocketResult f) {
034c6ed7
LP		 1618 int r;
1619 assert(s);
1620
cfc4eb4c
LP		 1621 if (f != SOCKET_SUCCESS)
1622 s->result = f;
034c6ed7 1623
5e94833f 1624 socket_unwatch_control_pid(s);
a16e1123 1625 s->control_command_id = SOCKET_EXEC_STOP_PRE;
3900e5fd 1626 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
a16e1123 1627
3900e5fd
LP		 1628 if (s->control_command) {
1629 r = socket_spawn(s, s->control_command, &s->control_pid);
1630 if (r < 0)
034c6ed7
LP		 1631 goto fail;
1632
80876c20
LP		 1633 socket_set_state(s, SOCKET_STOP_PRE);
1634 } else
cfc4eb4c 1635 socket_enter_stop_post(s, SOCKET_SUCCESS);
034c6ed7
LP		 1636
1637 return;
1638
1639fail:
31938a85 1640 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'stop-pre' task: %m", UNIT(s)->id);
cfc4eb4c 1641 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1642}
1643
e9af15c3
LP		 1644static void socket_enter_listening(Socket *s) {
1645 int r;
1646 assert(s);
1647
cfc4eb4c
LP		 1648 r = socket_watch_fds(s);
1649 if (r < 0) {
31938a85 1650 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to watch sockets: %m", UNIT(s)->id);
e9af15c3
LP		 1651 goto fail;
1652 }
1653
1654 socket_set_state(s, SOCKET_LISTENING);
1655 return;
1656
1657fail:
cfc4eb4c 1658 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
e9af15c3
LP		 1659}
1660
034c6ed7
LP		 1661static void socket_enter_start_post(Socket *s) {
1662 int r;
1663 assert(s);
1664
3900e5fd
LP		 1665 socket_unwatch_control_pid(s);
1666 s->control_command_id = SOCKET_EXEC_START_POST;
1667 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1668
1669 if (s->control_command) {
1670 r = socket_spawn(s, s->control_command, &s->control_pid);
1671 if (r < 0) {
31938a85 1672 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'start-post' task: %m", UNIT(s)->id);
3900e5fd
LP		 1673 goto fail;
1674 }
1675
1676 socket_set_state(s, SOCKET_START_POST);
1677 } else
1678 socket_enter_listening(s);
1679
1680 return;
1681
1682fail:
1683 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1684}
1685
1686static void socket_enter_start_chown(Socket *s) {
1687 int r;
1688
1689 assert(s);
1690
cfc4eb4c
LP		 1691 r = socket_open_fds(s);
1692 if (r < 0) {
31938a85 1693 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to listen on sockets: %m", UNIT(s)->id);
034c6ed7
LP		 1694 goto fail;
1695 }
1696
3900e5fd 1697 if (!isempty(s->user) || !isempty(s->group)) {
5e94833f 1698
3900e5fd
LP		 1699 socket_unwatch_control_pid(s);
1700 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1701 s->control_command = NULL;
a16e1123 1702
3900e5fd 1703 r = socket_chown(s, &s->control_pid);
cfc4eb4c 1704 if (r < 0) {
31938a85 1705 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to fork 'start-chown' task: %m", UNIT(s)->id);
034c6ed7
LP		 1706 goto fail;
1707 }
1708
3900e5fd 1709 socket_set_state(s, SOCKET_START_CHOWN);
80876c20 1710 } else
3900e5fd 1711 socket_enter_start_post(s);
034c6ed7
LP		 1712
1713 return;
1714
1715fail:
cfc4eb4c 1716 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1717}
1718
1719static void socket_enter_start_pre(Socket *s) {
1720 int r;
1721 assert(s);
1722
5e94833f 1723 socket_unwatch_control_pid(s);
a16e1123 1724 s->control_command_id = SOCKET_EXEC_START_PRE;
3900e5fd 1725 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
a16e1123 1726
3900e5fd 1727 if (s->control_command) {
e821075a 1728 r = socket_spawn(s, s->control_command, &s->control_pid);
3900e5fd 1729 if (r < 0) {
31938a85 1730 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'start-pre' task: %m", UNIT(s)->id);
034c6ed7 1731 goto fail;
3900e5fd 1732 }
034c6ed7 1733
80876c20
LP		 1734 socket_set_state(s, SOCKET_START_PRE);
1735 } else
3900e5fd 1736 socket_enter_start_chown(s);
034c6ed7
LP		 1737
1738 return;
1739
1740fail:
cfc4eb4c 1741 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1742}
1743
4f2d528d 1744static void socket_enter_running(Socket *s, int cfd) {
718db961 1745 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
034c6ed7
LP		 1746 int r;
1747
1748 assert(s);
1749
ba3e67a7
LP		 1750 /* We don't take connections anymore if we are supposed to
1751 * shut down anyway */
31afa0a4 1752 if (unit_stop_pending(UNIT(s))) {
e821075a 1753
79008bdd 1754 log_unit_debug(UNIT(s)->id, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
5d909e3e 1755
7c610628 1756 if (cfd >= 0)
03e334a1 1757 safe_close(cfd);
7c610628
LP		 1758 else {
1759 /* Flush all sockets by closing and reopening them */
1760 socket_close_fds(s);
1761
16ac4014
LP		 1762 r = socket_open_fds(s);
1763 if (r < 0) {
31938a85 1764 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to listen on sockets: %m", UNIT(s)->id);
16ac4014
LP		 1765 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1766 return;
1767 }
1768
1a710b43
MS		 1769 r = socket_watch_fds(s);
1770 if (r < 0) {
31938a85 1771 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to watch sockets: %m", UNIT(s)->id);
cfc4eb4c 1772 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
7c610628
LP		 1773 }
1774 }
1775
ba3e67a7
LP		 1776 return;
1777 }
1778
4f2d528d 1779 if (cfd < 0) {
57020a3a 1780 Iterator i;
e821075a 1781 Unit *other;
f976f3f6 1782 bool pending = false;
f976f3f6
LP		 1783
1784 /* If there's already a start pending don't bother to
1785 * do anything */
e821075a
LP		 1786 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1787 if (unit_active_or_pending(other)) {
57020a3a
LP		 1788 pending = true;
1789 break;
1790 }
f976f3f6 1791
1a710b43 1792 if (!pending) {
640ace4a 1793 if (!UNIT_ISSET(s->service)) {
79008bdd 1794 log_unit_error(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
640ace4a
LP		 1795 r = -ENOENT;
1796 goto fail;
1797 }
1798
1a710b43
MS		 1799 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1800 if (r < 0)
f976f3f6 1801 goto fail;
1a710b43 1802 }
4f2d528d
LP		 1803
1804 socket_set_state(s, SOCKET_RUNNING);
1805 } else {
e55001eb 1806 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
b15bdda8 1807 Service *service;
4f2d528d 1808
6cf6bbc2 1809 if (s->n_connections >= s->max_connections) {
79008bdd 1810 log_unit_warning(UNIT(s)->id, "%s: Too many incoming connections (%u)", UNIT(s)->id, s->n_connections);
03e334a1 1811 safe_close(cfd);
6cf6bbc2
LP		 1812 return;
1813 }
1814
1a710b43
MS		 1815 r = socket_instantiate_service(s);
1816 if (r < 0)
b15bdda8
LP		 1817 goto fail;
1818
1a710b43
MS		 1819 r = instance_from_socket(cfd, s->n_accepted, &instance);
1820 if (r < 0) {
1821 if (r != -ENOTCONN)
1822 goto fail;
1823
1824 /* ENOTCONN is legitimate if TCP RST was received.
1825 * This connection is over, but the socket unit lives on. */
03e334a1 1826 safe_close(cfd);
1a710b43
MS		 1827 return;
1828 }
4f2d528d 1829
1a710b43
MS		 1830 prefix = unit_name_to_prefix(UNIT(s)->id);
1831 if (!prefix) {
4f2d528d
LP		 1832 r = -ENOMEM;
1833 goto fail;
1834 }
1835
1836 name = unit_name_build(prefix, instance, ".service");
b6dbbe1c 1837 if (!name) {
4f2d528d 1838 r = -ENOMEM;
b6dbbe1c
LP		 1839 goto fail;
1840 }
4f2d528d 1841
1a710b43 1842 r = unit_add_name(UNIT_DEREF(s->service), name);
e55001eb 1843 if (r < 0)
4f2d528d 1844 goto fail;
b15bdda8 1845
57020a3a
LP		 1846 service = SERVICE(UNIT_DEREF(s->service));
1847 unit_ref_unset(&s->service);
b15bdda8 1848 s->n_accepted ++;
4f2d528d 1849
1124fe6f 1850 UNIT(service)->no_gc = false;
6c073082 1851
b15bdda8 1852 unit_choose_id(UNIT(service), name);
b15bdda8 1853
16115b0a 1854 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1a710b43 1855 if (r < 0)
4f2d528d
LP		 1856 goto fail;
1857
1858 cfd = -1;
6cf6bbc2
LP		 1859 s->n_connections ++;
1860
1a710b43
MS		 1861 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1862 if (r < 0)
4f2d528d 1863 goto fail;
c4e2ceae
LP		 1864
1865 /* Notify clients about changed counters */
1866 unit_add_to_dbus_queue(UNIT(s));
4f2d528d 1867 }
034c6ed7 1868
034c6ed7
LP		 1869 return;
1870
1871fail:
79008bdd 1872 log_unit_warning(UNIT(s)->id, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
e821075a 1873 UNIT(s)->id, cfd >= 0 ? "template" : "non-template",
718db961 1874 bus_error_message(&error, r));
e821075a 1875
60089004 1876 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
03e334a1 1877 safe_close(cfd);
034c6ed7
LP		 1878}
1879
cfc4eb4c 1880static void socket_run_next(Socket *s) {
034c6ed7
LP		 1881 int r;
1882
1883 assert(s);
1884 assert(s->control_command);
1885 assert(s->control_command->command_next);
1886
5e94833f
LP		 1887 socket_unwatch_control_pid(s);
1888
034c6ed7
LP		 1889 s->control_command = s->control_command->command_next;
1890
e821075a
LP		 1891 r = socket_spawn(s, s->control_command, &s->control_pid);
1892 if (r < 0)
034c6ed7
LP		 1893 goto fail;
1894
1895 return;
1896
1897fail:
31938a85 1898 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run next task: %m", UNIT(s)->id);
80876c20
LP		 1899
1900 if (s->state == SOCKET_START_POST)
cfc4eb4c 1901 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1902 else if (s->state == SOCKET_STOP_POST)
cfc4eb4c 1903 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1904 else
cfc4eb4c 1905 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1906}
1907
87f0e418
LP		 1908static int socket_start(Unit *u) {
1909 Socket *s = SOCKET(u);
83c60c9f
LP		 1910
1911 assert(s);
1912
034c6ed7
LP		 1913 /* We cannot fulfill this request right now, try again later
1914 * please! */
3900e5fd
LP		 1915 if (IN_SET(s->state,
1916 SOCKET_STOP_PRE,
1917 SOCKET_STOP_PRE_SIGKILL,
1918 SOCKET_STOP_PRE_SIGTERM,
1919 SOCKET_STOP_POST,
1920 SOCKET_FINAL_SIGTERM,
1921 SOCKET_FINAL_SIGKILL))
034c6ed7
LP		 1922 return -EAGAIN;
1923
a4152e3f 1924 /* Already on it! */
3900e5fd
LP		 1925 if (IN_SET(s->state,
1926 SOCKET_START_PRE,
1927 SOCKET_START_CHOWN,
1928 SOCKET_START_POST))
034c6ed7 1929 return 0;
83c60c9f 1930
034c6ed7 1931 /* Cannot run this without the service being around */
9444b1f2 1932 if (UNIT_ISSET(s->service)) {
57020a3a
LP		 1933 Service *service;
1934
1935 service = SERVICE(UNIT_DEREF(s->service));
1936
1124fe6f 1937 if (UNIT(service)->load_state != UNIT_LOADED) {
79008bdd 1938 log_unit_error(u->id, "Socket service %s not loaded, refusing.", UNIT(service)->id);
4f2d528d 1939 return -ENOENT;
4ac9236f 1940 }
4f2d528d 1941
35b8ca3a 1942 /* If the service is already active we cannot start the
4f2d528d 1943 * socket */
57020a3a
LP		 1944 if (service->state != SERVICE_DEAD &&
1945 service->state != SERVICE_FAILED &&
1946 service->state != SERVICE_AUTO_RESTART) {
79008bdd 1947 log_unit_error(u->id, "Socket service %s already active, refusing.", UNIT(service)->id);
4f2d528d 1948 return -EBUSY;
4ac9236f 1949 }
4f2d528d 1950 }
e537352b 1951
fdf20a31 1952 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
83c60c9f 1953
cfc4eb4c 1954 s->result = SOCKET_SUCCESS;
034c6ed7 1955 socket_enter_start_pre(s);
e821075a 1956
82a2b6bb 1957 return 1;
034c6ed7 1958}
83c60c9f 1959
87f0e418
LP		 1960static int socket_stop(Unit *u) {
1961 Socket *s = SOCKET(u);
034c6ed7
LP		 1962
1963 assert(s);
1964
e537352b 1965 /* Already on it */
3900e5fd
LP		 1966 if (IN_SET(s->state,
1967 SOCKET_STOP_PRE,
1968 SOCKET_STOP_PRE_SIGTERM,
1969 SOCKET_STOP_PRE_SIGKILL,
1970 SOCKET_STOP_POST,
1971 SOCKET_FINAL_SIGTERM,
1972 SOCKET_FINAL_SIGKILL))
e537352b
LP		 1973 return 0;
1974
3f6c78dc
LP		 1975 /* If there's already something running we go directly into
1976 * kill mode. */
3900e5fd
LP		 1977 if (IN_SET(s->state,
1978 SOCKET_START_PRE,
1979 SOCKET_START_CHOWN,
1980 SOCKET_START_POST)) {
cfc4eb4c 1981 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
3f6c78dc
LP		 1982 return -EAGAIN;
1983 }
1984
034c6ed7 1985 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
83c60c9f 1986
cfc4eb4c 1987 socket_enter_stop_pre(s, SOCKET_SUCCESS);
82a2b6bb 1988 return 1;
542563ba
LP		 1989}
1990
a16e1123
LP		 1991static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1992 Socket *s = SOCKET(u);
1993 SocketPort *p;
1994 int r;
1995
1996 assert(u);
1997 assert(f);
1998 assert(fds);
1999
2000 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
cfc4eb4c 2001 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
a16e1123
LP		 2002 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2003
2004 if (s->control_pid > 0)
de0671ee 2005 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
a16e1123
LP		 2006
2007 if (s->control_command_id >= 0)
2008 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2009
2010 LIST_FOREACH(port, p, s->ports) {
2011 int copy;
2012
2013 if (p->fd < 0)
2014 continue;
2015
613b411c
LP		 2016 copy = fdset_put_dup(fds, p->fd);
2017 if (copy < 0)
a16e1123
LP		 2018 return copy;
2019
2020 if (p->type == SOCKET_SOCKET) {
613b411c 2021 _cleanup_free_ char *t = NULL;
a16e1123 2022
ee092817
LP		 2023 r = socket_address_print(&p->address, &t);
2024 if (r < 0)
a16e1123
LP		 2025 return r;
2026
7a22745a
LP		 2027 if (socket_address_family(&p->address) == AF_NETLINK)
2028 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2029 else
2030 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
613b411c 2031
b0a3f2bc
LP		 2032 } else if (p->type == SOCKET_SPECIAL)
2033 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
ee092817
LP		 2034 else if (p->type == SOCKET_MQUEUE)
2035 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
b0a3f2bc 2036 else {
a16e1123
LP		 2037 assert(p->type == SOCKET_FIFO);
2038 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2039 }
2040 }
2041
2042 return 0;
2043}
2044
2045static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2046 Socket *s = SOCKET(u);
a16e1123
LP		 2047
2048 assert(u);
2049 assert(key);
2050 assert(value);
a16e1123
LP		 2051
2052 if (streq(key, "state")) {
2053 SocketState state;
2054
ee092817
LP		 2055 state = socket_state_from_string(value);
2056 if (state < 0)
79008bdd 2057 log_unit_debug(u->id, "Failed to parse state value %s", value);
a16e1123
LP		 2058 else
2059 s->deserialized_state = state;
cfc4eb4c
LP		 2060 } else if (streq(key, "result")) {
2061 SocketResult f;
a16e1123 2062
cfc4eb4c
LP		 2063 f = socket_result_from_string(value);
2064 if (f < 0)
79008bdd 2065 log_unit_debug(u->id, "Failed to parse result value %s", value);
cfc4eb4c
LP		 2066 else if (f != SOCKET_SUCCESS)
2067 s->result = f;
a16e1123
LP		 2068
2069 } else if (streq(key, "n-accepted")) {
2070 unsigned k;
2071
e364ad06 2072 if (safe_atou(value, &k) < 0)
79008bdd 2073 log_unit_debug(u->id, "Failed to parse n-accepted value %s", value);
a16e1123
LP		 2074 else
2075 s->n_accepted += k;
2076 } else if (streq(key, "control-pid")) {
5925dd3c 2077 pid_t pid;
a16e1123 2078
e364ad06 2079 if (parse_pid(value, &pid) < 0)
79008bdd 2080 log_unit_debug(u->id, "Failed to parse control-pid value %s", value);
a16e1123 2081 else
5925dd3c 2082 s->control_pid = pid;
a16e1123
LP		 2083 } else if (streq(key, "control-command")) {
2084 SocketExecCommand id;
2085
66870f90
ZJS		 2086 id = socket_exec_command_from_string(value);
2087 if (id < 0)
79008bdd 2088 log_unit_debug(u->id, "Failed to parse exec-command value %s", value);
a16e1123
LP		 2089 else {
2090 s->control_command_id = id;
2091 s->control_command = s->exec_command[id];
2092 }
2093 } else if (streq(key, "fifo")) {
2094 int fd, skip = 0;
2095 SocketPort *p;
2096
2097 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
79008bdd 2098 log_unit_debug(u->id, "Failed to parse fifo value %s", value);
a16e1123
LP		 2099 else {
2100
2101 LIST_FOREACH(port, p, s->ports)
b0a3f2bc 2102 if (p->type == SOCKET_FIFO &&
c78e47a6 2103 path_equal_or_files_same(p->path, value+skip))
b0a3f2bc
LP		 2104 break;
2105
2106 if (p) {
03e334a1 2107 safe_close(p->fd);
b0a3f2bc
LP		 2108 p->fd = fdset_remove(fds, fd);
2109 }
2110 }
2111
2112 } else if (streq(key, "special")) {
2113 int fd, skip = 0;
2114 SocketPort *p;
2115
2116 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
79008bdd 2117 log_unit_debug(u->id, "Failed to parse special value %s", value);
b0a3f2bc
LP		 2118 else {
2119
2120 LIST_FOREACH(port, p, s->ports)
2121 if (p->type == SOCKET_SPECIAL &&
c78e47a6 2122 path_equal_or_files_same(p->path, value+skip))
a16e1123
LP		 2123 break;
2124
2125 if (p) {
03e334a1 2126 safe_close(p->fd);
a16e1123
LP		 2127 p->fd = fdset_remove(fds, fd);
2128 }
2129 }
2130
ee092817
LP		 2131 } else if (streq(key, "mqueue")) {
2132 int fd, skip = 0;
2133 SocketPort *p;
2134
2135 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
79008bdd 2136 log_unit_debug(u->id, "Failed to parse mqueue value %s", value);
ee092817
LP		 2137 else {
2138
2139 LIST_FOREACH(port, p, s->ports)
2140 if (p->type == SOCKET_MQUEUE &&
c78e47a6 2141 streq(p->path, value+skip))
ee092817
LP		 2142 break;
2143
2144 if (p) {
03e334a1 2145 safe_close(p->fd);
ee092817
LP		 2146 p->fd = fdset_remove(fds, fd);
2147 }
2148 }
2149
a16e1123 2150 } else if (streq(key, "socket")) {
27ca8d7a 2151 int fd, type, skip = 0;
a16e1123
LP		 2152 SocketPort *p;
2153
27ca8d7a 2154 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
79008bdd 2155 log_unit_debug(u->id, "Failed to parse socket value %s", value);
a16e1123
LP		 2156 else {
2157
2158 LIST_FOREACH(port, p, s->ports)
27ca8d7a 2159 if (socket_address_is(&p->address, value+skip, type))
a16e1123
LP		 2160 break;
2161
2162 if (p) {
03e334a1 2163 safe_close(p->fd);
a16e1123
LP		 2164 p->fd = fdset_remove(fds, fd);
2165 }
2166 }
2167
7a22745a
LP		 2168 } else if (streq(key, "netlink")) {
2169 int fd, skip = 0;
2170 SocketPort *p;
2171
2172 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
79008bdd 2173 log_unit_debug(u->id, "Failed to parse socket value %s", value);
7a22745a
LP		 2174 else {
2175
2176 LIST_FOREACH(port, p, s->ports)
2177 if (socket_address_is_netlink(&p->address, value+skip))
2178 break;
2179
2180 if (p) {
03e334a1 2181 safe_close(p->fd);
7a22745a
LP		 2182 p->fd = fdset_remove(fds, fd);
2183 }
2184 }
a16e1123 2185 } else
79008bdd 2186 log_unit_debug(UNIT(s)->id, "Unknown serialization key '%s'", key);
a16e1123
LP		 2187
2188 return 0;
2189}
2190
01e10de3
LP		 2191static int socket_distribute_fds(Unit *u, FDSet *fds) {
2192 Socket *s = SOCKET(u);
2193 SocketPort *p;
2194
2195 assert(u);
2196
2197 LIST_FOREACH(port, p, s->ports) {
2198 Iterator i;
2199 int fd;
2200
2201 if (p->type != SOCKET_SOCKET)
2202 continue;
2203
2204 if (p->fd >= 0)
2205 continue;
2206
2207 FDSET_FOREACH(fd, fds, i) {
2208 if (socket_address_matches_fd(&p->address, fd)) {
2209 p->fd = fdset_remove(fds, fd);
2210 s->deserialized_state = SOCKET_LISTENING;
2211 break;
2212 }
2213 }
2214 }
2215
2216 return 0;
2217}
2218
44a6b1b6 2219_pure_ static UnitActiveState socket_active_state(Unit *u) {
87f0e418 2220 assert(u);
5cb5a6ff 2221
acbb0225 2222 return state_translation_table[SOCKET(u)->state];
5cb5a6ff
LP		 2223}
2224
44a6b1b6 2225_pure_ static const char *socket_sub_state_to_string(Unit *u) {
10a94420
LP		 2226 assert(u);
2227
a16e1123 2228 return socket_state_to_string(SOCKET(u)->state);
10a94420
LP		 2229}
2230
67419600
OS		 2231const char* socket_port_type_to_string(SocketPort *p) {
2232
2233 assert(p);
2234
2235 switch (p->type) {
718db961
LP		 2236
2237 case SOCKET_SOCKET:
2238
2239 switch (p->address.type) {
2240
2241 case SOCK_STREAM:
2242 return "Stream";
2243
2244 case SOCK_DGRAM:
2245 return "Datagram";
2246
2247 case SOCK_SEQPACKET:
2248 return "SequentialPacket";
2249
2250 case SOCK_RAW:
2251 if (socket_address_family(&p->address) == AF_NETLINK)
2252 return "Netlink";
2253
2254 default:
2255 return NULL;
2256 }
2257
2258 case SOCKET_SPECIAL:
2259 return "Special";
2260
2261 case SOCKET_MQUEUE:
2262 return "MessageQueue";
2263
2264 case SOCKET_FIFO:
2265 return "FIFO";
2266
2267 default:
2268 return NULL;
67419600
OS		 2269 }
2270}
2271
44a6b1b6 2272_pure_ static bool socket_check_gc(Unit *u) {
6cf6bbc2
LP		 2273 Socket *s = SOCKET(u);
2274
2275 assert(u);
2276
2277 return s->n_connections > 0;
2278}
2279
718db961
LP		 2280static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2281 SocketPort *p = userdata;
4f2d528d 2282 int cfd = -1;
9152c765 2283
718db961 2284 assert(p);
8d567588 2285 assert(fd >= 0);
9152c765 2286
718db961
LP		 2287 if (p->socket->state != SOCKET_LISTENING)
2288 return 0;
871d7de4 2289
79008bdd 2290 log_unit_debug(UNIT(p->socket)->id, "Incoming traffic on %s", UNIT(p->socket)->id);
9152c765 2291
718db961 2292 if (revents != EPOLLIN) {
641e01dc 2293
718db961 2294 if (revents & EPOLLHUP)
79008bdd 2295 log_unit_error(UNIT(p->socket)->id, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
718db961 2296 UNIT(p->socket)->id);
641e01dc 2297 else
79008bdd 2298 log_unit_error(UNIT(p->socket)->id, "%s: Got unexpected poll event (0x%x) on socket.",
718db961 2299 UNIT(p->socket)->id, revents);
641e01dc 2300
8d567588 2301 goto fail;
4f2d528d
LP		 2302 }
2303
718db961
LP		 2304 if (p->socket->accept &&
2305 p->type == SOCKET_SOCKET &&
2306 socket_address_can_accept(&p->address)) {
2307
4f2d528d
LP		 2308 for (;;) {
2309
b14eda96
LP		 2310 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2311 if (cfd < 0) {
4f2d528d
LP		 2312
2313 if (errno == EINTR)
2314 continue;
2315
79008bdd 2316 log_unit_error(UNIT(p->socket)->id,
66870f90 2317 "Failed to accept socket: %m");
8d567588 2318 goto fail;
4f2d528d
LP		 2319 }
2320
2321 break;
2322 }
4fd5948e 2323
718db961 2324 socket_apply_socket_options(p->socket, cfd);
4f2d528d 2325 }
9152c765 2326
718db961
LP		 2327 socket_enter_running(p->socket, cfd);
2328 return 0;
8d567588
LP		 2329
2330fail:
718db961
LP		 2331 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2332 return 0;
9152c765
LP		 2333}
2334
87f0e418
LP		 2335static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2336 Socket *s = SOCKET(u);
cfc4eb4c 2337 SocketResult f;
5cb5a6ff
LP		 2338
2339 assert(s);
034c6ed7 2340 assert(pid >= 0);
5cb5a6ff 2341
8c47c732
LP		 2342 if (pid != s->control_pid)
2343 return;
542563ba 2344
034c6ed7
LP		 2345 s->control_pid = 0;
2346
96342de6 2347 if (is_clean_exit(code, status, NULL))
cfc4eb4c
LP		 2348 f = SOCKET_SUCCESS;
2349 else if (code == CLD_EXITED)
2350 f = SOCKET_FAILURE_EXIT_CODE;
2351 else if (code == CLD_KILLED)
2352 f = SOCKET_FAILURE_SIGNAL;
2353 else if (code == CLD_DUMPED)
2354 f = SOCKET_FAILURE_CORE_DUMP;
2355 else
a4152e3f 2356 assert_not_reached("Unknown sigchld code");
8c47c732 2357
b708e7ce 2358 if (s->control_command) {
6ea832a2 2359 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
a16e1123 2360
b708e7ce 2361 if (s->control_command->ignore)
cfc4eb4c 2362 f = SOCKET_SUCCESS;
b708e7ce
LP		 2363 }
2364
79008bdd
LP		 2365 log_unit_full(u->id,
2366 f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
66870f90
ZJS		 2367 "%s control process exited, code=%s status=%i",
2368 u->id, sigchld_code_to_string(code), status);
034c6ed7 2369
cfc4eb4c
LP		 2370 if (f != SOCKET_SUCCESS)
2371 s->result = f;
2372
2373 if (s->control_command &&
2374 s->control_command->command_next &&
2375 f == SOCKET_SUCCESS) {
2376
79008bdd 2377 log_unit_debug(u->id,
66870f90
ZJS		 2378 "%s running next command for state %s",
2379 u->id, socket_state_to_string(s->state));
cfc4eb4c 2380 socket_run_next(s);
acbb0225 2381 } else {
a16e1123
LP		 2382 s->control_command = NULL;
2383 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2384
034c6ed7
LP		 2385 /* No further commands for this step, so let's figure
2386 * out what to do next */
5cb5a6ff 2387
79008bdd 2388 log_unit_debug(u->id,
66870f90
ZJS		 2389 "%s got final SIGCHLD for state %s",
2390 u->id, socket_state_to_string(s->state));
acbb0225 2391
034c6ed7
LP		 2392 switch (s->state) {
2393
2394 case SOCKET_START_PRE:
cfc4eb4c 2395 if (f == SOCKET_SUCCESS)
3900e5fd 2396 socket_enter_start_chown(s);
034c6ed7 2397 else
cfc4eb4c 2398 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
034c6ed7
LP		 2399 break;
2400
3900e5fd
LP		 2401 case SOCKET_START_CHOWN:
2402 if (f == SOCKET_SUCCESS)
2403 socket_enter_start_post(s);
2404 else
2405 socket_enter_stop_pre(s, f);
2406 break;
2407
034c6ed7 2408 case SOCKET_START_POST:
cfc4eb4c 2409 if (f == SOCKET_SUCCESS)
e9af15c3 2410 socket_enter_listening(s);
034c6ed7 2411 else
cfc4eb4c 2412 socket_enter_stop_pre(s, f);
034c6ed7
LP		 2413 break;
2414
2415 case SOCKET_STOP_PRE:
2416 case SOCKET_STOP_PRE_SIGTERM:
2417 case SOCKET_STOP_PRE_SIGKILL:
cfc4eb4c 2418 socket_enter_stop_post(s, f);
034c6ed7
LP		 2419 break;
2420
2421 case SOCKET_STOP_POST:
80876c20
LP		 2422 case SOCKET_FINAL_SIGTERM:
2423 case SOCKET_FINAL_SIGKILL:
cfc4eb4c 2424 socket_enter_dead(s, f);
034c6ed7
LP		 2425 break;
2426
2427 default:
2428 assert_not_reached("Uh, control process died at wrong time.");
2429 }
2430 }
c4e2ceae
LP		 2431
2432 /* Notify clients about changed exit status */
2433 unit_add_to_dbus_queue(u);
034c6ed7 2434}
5cb5a6ff 2435
718db961
LP		 2436static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2437 Socket *s = SOCKET(userdata);
5cb5a6ff 2438
034c6ed7 2439 assert(s);
718db961 2440 assert(s->timer_event_source == source);
034c6ed7
LP		 2441
2442 switch (s->state) {
2443
2444 case SOCKET_START_PRE:
79008bdd 2445 log_unit_warning(UNIT(s)->id, "%s starting timed out. Terminating.", UNIT(s)->id);
cfc4eb4c 2446 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
da19d5c1 2447 break;
80876c20 2448
3900e5fd 2449 case SOCKET_START_CHOWN:
034c6ed7 2450 case SOCKET_START_POST:
79008bdd 2451 log_unit_warning(UNIT(s)->id, "%s starting timed out. Stopping.", UNIT(s)->id);
cfc4eb4c 2452 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2453 break;
2454
2455 case SOCKET_STOP_PRE:
79008bdd 2456 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Terminating.", UNIT(s)->id);
cfc4eb4c 2457 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2458 break;
2459
2460 case SOCKET_STOP_PRE_SIGTERM:
4819ff03 2461 if (s->kill_context.send_sigkill) {
79008bdd 2462 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Killing.", UNIT(s)->id);
cfc4eb4c 2463 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2464 } else {
79008bdd 2465 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s)->id);
cfc4eb4c 2466 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2467 }
034c6ed7
LP		 2468 break;
2469
2470 case SOCKET_STOP_PRE_SIGKILL:
79008bdd 2471 log_unit_warning(UNIT(s)->id, "%s still around after SIGKILL. Ignoring.", UNIT(s)->id);
cfc4eb4c 2472 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2473 break;
2474
2475 case SOCKET_STOP_POST:
79008bdd 2476 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Terminating.", UNIT(s)->id);
cfc4eb4c 2477 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2478 break;
2479
80876c20 2480 case SOCKET_FINAL_SIGTERM:
4819ff03 2481 if (s->kill_context.send_sigkill) {
79008bdd 2482 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Killing.", UNIT(s)->id);
cfc4eb4c 2483 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2484 } else {
79008bdd 2485 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s)->id);
cfc4eb4c 2486 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2487 }
034c6ed7
LP		 2488 break;
2489
80876c20 2490 case SOCKET_FINAL_SIGKILL:
79008bdd 2491 log_unit_warning(UNIT(s)->id, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s)->id);
cfc4eb4c 2492 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2493 break;
2494
2495 default:
2496 assert_not_reached("Timeout at wrong time.");
2497 }
718db961
LP		 2498
2499 return 0;
5cb5a6ff
LP		 2500}
2501
44d8db9e
LP		 2502int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2503 int *rfds;
2504 unsigned rn_fds, k;
2505 SocketPort *p;
2506
2507 assert(s);
2508 assert(fds);
2509 assert(n_fds);
2510
2511 /* Called from the service code for requesting our fds */
2512
2513 rn_fds = 0;
2514 LIST_FOREACH(port, p, s->ports)
2515 if (p->fd >= 0)
2516 rn_fds++;
2517
de3756ab
LP		 2518 if (rn_fds <= 0) {
2519 *fds = NULL;
2520 *n_fds = 0;
2521 return 0;
2522 }
2523
e364ad06 2524 if (!(rfds = new(int, rn_fds)))
44d8db9e
LP		 2525 return -ENOMEM;
2526
2527 k = 0;
2528 LIST_FOREACH(port, p, s->ports)
2529 if (p->fd >= 0)
2530 rfds[k++] = p->fd;
2531
2532 assert(k == rn_fds);
2533
2534 *fds = rfds;
2535 *n_fds = rn_fds;
2536
2537 return 0;
2538}
2539
e821075a
LP		 2540static void socket_reset_failed(Unit *u) {
2541 Socket *s = SOCKET(u);
2542
2543 assert(s);
2544
2545 if (s->state == SOCKET_FAILED)
2546 socket_set_state(s, SOCKET_DEAD);
2547
2548 s->result = SOCKET_SUCCESS;
2549}
2550
d137a488 2551static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
ceee3d82
LP		 2552 assert(s);
2553
6cf6bbc2
LP		 2554 /* The service is dead. Dang!
2555 *
2556 * This is strictly for one-instance-for-all-connections
2557 * services. */
ceee3d82
LP		 2558
2559 if (s->state == SOCKET_RUNNING) {
79008bdd 2560 log_unit_debug(UNIT(s)->id, "%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
6bda96a0
LP		 2561 if (failed_permanent)
2562 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
c2f34808
MS		 2563 else
2564 socket_enter_listening(s);
ceee3d82
LP		 2565 }
2566}
2567
6cf6bbc2
LP		 2568void socket_connection_unref(Socket *s) {
2569 assert(s);
2570
2571 /* The service is dead. Yay!
2572 *
35b8ca3a 2573 * This is strictly for one-instance-per-connection
6cf6bbc2
LP		 2574 * services. */
2575
2576 assert(s->n_connections > 0);
2577 s->n_connections--;
2578
79008bdd 2579 log_unit_debug(UNIT(s)->id, "%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
5632e374
LP		 2580}
2581
d137a488
UTL		 2582static void socket_trigger_notify(Unit *u, Unit *other) {
2583 Socket *s = SOCKET(u);
e821075a 2584 Service *se;
d137a488
UTL		 2585
2586 assert(u);
2587 assert(other);
2588
2589 /* Don't propagate state changes from the service if we are
2590 already down or accepting connections */
2591 if ((s->state != SOCKET_RUNNING &&
2592 s->state != SOCKET_LISTENING) ||
2593 s->accept)
2594 return;
2595
2596 if (other->load_state != UNIT_LOADED ||
2597 other->type != UNIT_SERVICE)
2598 return;
2599
e821075a
LP		 2600 se = SERVICE(other);
2601
d137a488
UTL		 2602 if (se->state == SERVICE_FAILED)
2603 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2604
2605 if (se->state == SERVICE_DEAD ||
d137a488
UTL		 2606 se->state == SERVICE_FINAL_SIGTERM ||
2607 se->state == SERVICE_FINAL_SIGKILL ||
2608 se->state == SERVICE_AUTO_RESTART)
2609 socket_notify_service_dead(s, false);
2610
2611 if (se->state == SERVICE_RUNNING)
2612 socket_set_state(s, SOCKET_RUNNING);
2613}
2614
718db961 2615static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
814cc562 2616 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
8a0867d6
LP		 2617}
2618
68db7a3b
ZJS		 2619static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2620 Socket *s = SOCKET(u);
2621 int r;
2622
2623 if (!s->timer_event_source)
2624 return 0;
2625
2626 r = sd_event_source_get_time(s->timer_event_source, timeout);
2627 if (r < 0)
2628 return r;
2629
2630 return 1;
2631}
2632
a16e1123
LP		 2633static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2634 [SOCKET_DEAD] = "dead",
2635 [SOCKET_START_PRE] = "start-pre",
3900e5fd 2636 [SOCKET_START_CHOWN] = "start-chown",
a16e1123
LP		 2637 [SOCKET_START_POST] = "start-post",
2638 [SOCKET_LISTENING] = "listening",
2639 [SOCKET_RUNNING] = "running",
2640 [SOCKET_STOP_PRE] = "stop-pre",
2641 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2642 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2643 [SOCKET_STOP_POST] = "stop-post",
2644 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2645 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
fdf20a31 2646 [SOCKET_FAILED] = "failed"
a16e1123
LP		 2647};
2648
2649DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2650
2651static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2652 [SOCKET_EXEC_START_PRE] = "StartPre",
3900e5fd 2653 [SOCKET_EXEC_START_CHOWN] = "StartChown",
a16e1123
LP		 2654 [SOCKET_EXEC_START_POST] = "StartPost",
2655 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2656 [SOCKET_EXEC_STOP_POST] = "StopPost"
2657};
2658
2659DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2660
cfc4eb4c
LP		 2661static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2662 [SOCKET_SUCCESS] = "success",
2663 [SOCKET_FAILURE_RESOURCES] = "resources",
2664 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2665 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2666 [SOCKET_FAILURE_SIGNAL] = "signal",
c2f34808 2667 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
6bda96a0 2668 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
cfc4eb4c
LP		 2669};
2670
2671DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2672
87f0e418 2673const UnitVTable socket_vtable = {
7d17cfbc 2674 .object_size = sizeof(Socket),
718db961
LP		 2675 .exec_context_offset = offsetof(Socket, exec_context),
2676 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2677 .kill_context_offset = offsetof(Socket, kill_context),
613b411c 2678 .exec_runtime_offset = offsetof(Socket, exec_runtime),
3ef63c31 2679
f975e971
LP		 2680 .sections =
2681 "Unit\0"
2682 "Socket\0"
2683 "Install\0",
4ad49000 2684 .private_section = "Socket",
71645aca 2685
034c6ed7
LP		 2686 .init = socket_init,
2687 .done = socket_done,
a16e1123
LP		 2688 .load = socket_load,
2689
2690 .coldplug = socket_coldplug,
034c6ed7 2691
5cb5a6ff
LP		 2692 .dump = socket_dump,
2693
542563ba
LP		 2694 .start = socket_start,
2695 .stop = socket_stop,
5cb5a6ff 2696
718db961
LP		 2697 .kill = socket_kill,
2698
68db7a3b
ZJS		 2699 .get_timeout = socket_get_timeout,
2700
a16e1123
LP		 2701 .serialize = socket_serialize,
2702 .deserialize_item = socket_deserialize_item,
01e10de3 2703 .distribute_fds = socket_distribute_fds,
a16e1123 2704
5cb5a6ff 2705 .active_state = socket_active_state,
10a94420 2706 .sub_state_to_string = socket_sub_state_to_string,
5cb5a6ff 2707
6cf6bbc2
LP		 2708 .check_gc = socket_check_gc,
2709
034c6ed7 2710 .sigchld_event = socket_sigchld_event,
4139c1b2 2711
d137a488
UTL		 2712 .trigger_notify = socket_trigger_notify,
2713
fdf20a31 2714 .reset_failed = socket_reset_failed,
5632e374 2715
c4e2ceae 2716 .bus_interface = "org.freedesktop.systemd1.Socket",
718db961 2717 .bus_vtable = bus_socket_vtable,
74c964d3
LP		 2718 .bus_set_property = bus_socket_set_property,
2719 .bus_commit_properties = bus_socket_commit_properties,
c6918296
MS		 2720
2721 .status_message_formats = {
2722 /*.starting_stopping = {
2723 [0] = "Starting socket %s...",
2724 [1] = "Stopping socket %s...",
2725 },*/
2726 .finished_start_job = {
2727 [JOB_DONE] = "Listening on %s.",
2728 [JOB_FAILED] = "Failed to listen on %s.",
2729 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2730 [JOB_TIMEOUT] = "Timed out starting %s.",
2731 },
2732 .finished_stop_job = {
2733 [JOB_DONE] = "Closed %s.",
2734 [JOB_FAILED] = "Failed stopping %s.",
2735 [JOB_TIMEOUT] = "Timed out stopping %s.",
2736 },
2737 },
5cb5a6ff 2738};
Unnamed repository; edit this file 'description' to name the repository.