]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/manager.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tree-wide: be more careful with the type of array sizes
[thirdparty/systemd.git] / src / core / manager.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 /***
3 This file is part of systemd.
4
5 Copyright 2010 Lennart Poettering
6 ***/
7
8 #include <errno.h>
9 #include <fcntl.h>
10 #include <linux/kd.h>
11 #include <signal.h>
12 #include <stdio_ext.h>
13 #include <string.h>
14 #include <sys/epoll.h>
15 #include <sys/inotify.h>
16 #include <sys/ioctl.h>
17 #include <sys/reboot.h>
18 #include <sys/timerfd.h>
19 #include <sys/wait.h>
20 #include <unistd.h>
21
22 #if HAVE_AUDIT
23 #include <libaudit.h>
24 #endif
25
26 #include "sd-daemon.h"
27 #include "sd-messages.h"
28 #include "sd-path.h"
29
30 #include "alloc-util.h"
31 #include "audit-fd.h"
32 #include "boot-timestamps.h"
33 #include "bus-common-errors.h"
34 #include "bus-error.h"
35 #include "bus-kernel.h"
36 #include "bus-util.h"
37 #include "clean-ipc.h"
38 #include "clock-util.h"
39 #include "dbus-job.h"
40 #include "dbus-manager.h"
41 #include "dbus-unit.h"
42 #include "dbus.h"
43 #include "dirent-util.h"
44 #include "env-util.h"
45 #include "escape.h"
46 #include "exec-util.h"
47 #include "execute.h"
48 #include "exit-status.h"
49 #include "fd-util.h"
50 #include "fileio.h"
51 #include "fs-util.h"
52 #include "hashmap.h"
53 #include "io-util.h"
54 #include "label.h"
55 #include "locale-setup.h"
56 #include "log.h"
57 #include "macro.h"
58 #include "manager.h"
59 #include "missing.h"
60 #include "mkdir.h"
61 #include "parse-util.h"
62 #include "path-lookup.h"
63 #include "path-util.h"
64 #include "process-util.h"
65 #include "ratelimit.h"
66 #include "rm-rf.h"
67 #include "signal-util.h"
68 #include "special.h"
69 #include "stat-util.h"
70 #include "string-table.h"
71 #include "string-util.h"
72 #include "strv.h"
73 #include "strxcpyx.h"
74 #include "terminal-util.h"
75 #include "time-util.h"
76 #include "transaction.h"
77 #include "umask-util.h"
78 #include "unit-name.h"
79 #include "user-util.h"
80 #include "util.h"
81 #include "virt.h"
82 #include "watchdog.h"
83
84 #define NOTIFY_RCVBUF_SIZE (8*1024*1024)
85 #define CGROUPS_AGENT_RCVBUF_SIZE (8*1024*1024)
86
87 /* Initial delay and the interval for printing status messages about running jobs */
88 #define JOBS_IN_PROGRESS_WAIT_USEC (5*USEC_PER_SEC)
89 #define JOBS_IN_PROGRESS_PERIOD_USEC (USEC_PER_SEC / 3)
90 #define JOBS_IN_PROGRESS_PERIOD_DIVISOR 3
91
92 /* If there are more than 1K bus messages queue across our API and direct busses, then let's not add more on top until
93 * the queue gets more empty. */
94 #define MANAGER_BUS_BUSY_THRESHOLD 1024LU
95
96 /* How many units and jobs to process of the bus queue before returning to the event loop. */
97 #define MANAGER_BUS_MESSAGE_BUDGET 100U
98
99 static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
100 static int manager_dispatch_cgroups_agent_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
101 static int manager_dispatch_signal_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
102 static int manager_dispatch_time_change_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
103 static int manager_dispatch_idle_pipe_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
104 static int manager_dispatch_user_lookup_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
105 static int manager_dispatch_jobs_in_progress(sd_event_source *source, usec_t usec, void *userdata);
106 static int manager_dispatch_run_queue(sd_event_source *source, void *userdata);
107 static int manager_dispatch_sigchld(sd_event_source *source, void *userdata);
108 static int manager_run_environment_generators(Manager *m);
109 static int manager_run_generators(Manager *m);
110
111 static void manager_watch_jobs_in_progress(Manager *m) {
112 usec_t next;
113 int r;
114
115 assert(m);
116
117 /* We do not want to show the cylon animation if the user
118 * needs to confirm service executions otherwise confirmation
119 * messages will be screwed by the cylon animation. */
120 if (!manager_is_confirm_spawn_disabled(m))
121 return;
122
123 if (m->jobs_in_progress_event_source)
124 return;
125
126 next = now(CLOCK_MONOTONIC) + JOBS_IN_PROGRESS_WAIT_USEC;
127 r = sd_event_add_time(
128 m->event,
129 &m->jobs_in_progress_event_source,
130 CLOCK_MONOTONIC,
131 next, 0,
132 manager_dispatch_jobs_in_progress, m);
133 if (r < 0)
134 return;
135
136 (void) sd_event_source_set_description(m->jobs_in_progress_event_source, "manager-jobs-in-progress");
137 }
138
139 #define CYLON_BUFFER_EXTRA (2*STRLEN(ANSI_RED) + STRLEN(ANSI_HIGHLIGHT_RED) + 2*STRLEN(ANSI_NORMAL))
140
141 static void draw_cylon(char buffer[], size_t buflen, unsigned width, unsigned pos) {
142 char *p = buffer;
143
144 assert(buflen >= CYLON_BUFFER_EXTRA + width + 1);
145 assert(pos <= width+1); /* 0 or width+1 mean that the center light is behind the corner */
146
147 if (pos > 1) {
148 if (pos > 2)
149 p = mempset(p, ' ', pos-2);
150 if (log_get_show_color())
151 p = stpcpy(p, ANSI_RED);
152 *p++ = '*';
153 }
154
155 if (pos > 0 && pos <= width) {
156 if (log_get_show_color())
157 p = stpcpy(p, ANSI_HIGHLIGHT_RED);
158 *p++ = '*';
159 }
160
161 if (log_get_show_color())
162 p = stpcpy(p, ANSI_NORMAL);
163
164 if (pos < width) {
165 if (log_get_show_color())
166 p = stpcpy(p, ANSI_RED);
167 *p++ = '*';
168 if (pos < width-1)
169 p = mempset(p, ' ', width-1-pos);
170 if (log_get_show_color())
171 strcpy(p, ANSI_NORMAL);
172 }
173 }
174
175 void manager_flip_auto_status(Manager *m, bool enable) {
176 assert(m);
177
178 if (enable) {
179 if (m->show_status == SHOW_STATUS_AUTO)
180 manager_set_show_status(m, SHOW_STATUS_TEMPORARY);
181 } else {
182 if (m->show_status == SHOW_STATUS_TEMPORARY)
183 manager_set_show_status(m, SHOW_STATUS_AUTO);
184 }
185 }
186
187 static void manager_print_jobs_in_progress(Manager *m) {
188 _cleanup_free_ char *job_of_n = NULL;
189 Iterator i;
190 Job *j;
191 unsigned counter = 0, print_nr;
192 char cylon[6 + CYLON_BUFFER_EXTRA + 1];
193 unsigned cylon_pos;
194 char time[FORMAT_TIMESPAN_MAX], limit[FORMAT_TIMESPAN_MAX] = "no limit";
195 uint64_t x;
196
197 assert(m);
198 assert(m->n_running_jobs > 0);
199
200 manager_flip_auto_status(m, true);
201
202 print_nr = (m->jobs_in_progress_iteration / JOBS_IN_PROGRESS_PERIOD_DIVISOR) % m->n_running_jobs;
203
204 HASHMAP_FOREACH(j, m->jobs, i)
205 if (j->state == JOB_RUNNING && counter++ == print_nr)
206 break;
207
208 /* m->n_running_jobs must be consistent with the contents of m->jobs,
209 * so the above loop must have succeeded in finding j. */
210 assert(counter == print_nr + 1);
211 assert(j);
212
213 cylon_pos = m->jobs_in_progress_iteration % 14;
214 if (cylon_pos >= 8)
215 cylon_pos = 14 - cylon_pos;
216 draw_cylon(cylon, sizeof(cylon), 6, cylon_pos);
217
218 m->jobs_in_progress_iteration++;
219
220 if (m->n_running_jobs > 1) {
221 if (asprintf(&job_of_n, "(%u of %u) ", counter, m->n_running_jobs) < 0)
222 job_of_n = NULL;
223 }
224
225 format_timespan(time, sizeof(time), now(CLOCK_MONOTONIC) - j->begin_usec, 1*USEC_PER_SEC);
226 if (job_get_timeout(j, &x) > 0)
227 format_timespan(limit, sizeof(limit), x - j->begin_usec, 1*USEC_PER_SEC);
228
229 manager_status_printf(m, STATUS_TYPE_EPHEMERAL, cylon,
230 "%sA %s job is running for %s (%s / %s)",
231 strempty(job_of_n),
232 job_type_to_string(j->type),
233 unit_description(j->unit),
234 time, limit);
235 }
236
237 static int have_ask_password(void) {
238 _cleanup_closedir_ DIR *dir;
239 struct dirent *de;
240
241 dir = opendir("/run/systemd/ask-password");
242 if (!dir) {
243 if (errno == ENOENT)
244 return false;
245 else
246 return -errno;
247 }
248
249 FOREACH_DIRENT_ALL(de, dir, return -errno) {
250 if (startswith(de->d_name, "ask."))
251 return true;
252 }
253 return false;
254 }
255
256 static int manager_dispatch_ask_password_fd(sd_event_source *source,
257 int fd, uint32_t revents, void *userdata) {
258 Manager *m = userdata;
259
260 assert(m);
261
262 (void) flush_fd(fd);
263
264 m->have_ask_password = have_ask_password();
265 if (m->have_ask_password < 0)
266 /* Log error but continue. Negative have_ask_password
267 * is treated as unknown status. */
268 log_error_errno(m->have_ask_password, "Failed to list /run/systemd/ask-password: %m");
269
270 return 0;
271 }
272
273 static void manager_close_ask_password(Manager *m) {
274 assert(m);
275
276 m->ask_password_event_source = sd_event_source_unref(m->ask_password_event_source);
277 m->ask_password_inotify_fd = safe_close(m->ask_password_inotify_fd);
278 m->have_ask_password = -EINVAL;
279 }
280
281 static int manager_check_ask_password(Manager *m) {
282 int r;
283
284 assert(m);
285
286 if (!m->ask_password_event_source) {
287 assert(m->ask_password_inotify_fd < 0);
288
289 mkdir_p_label("/run/systemd/ask-password", 0755);
290
291 m->ask_password_inotify_fd = inotify_init1(IN_NONBLOCK|IN_CLOEXEC);
292 if (m->ask_password_inotify_fd < 0)
293 return log_error_errno(errno, "inotify_init1() failed: %m");
294
295 if (inotify_add_watch(m->ask_password_inotify_fd, "/run/systemd/ask-password", IN_CREATE|IN_DELETE|IN_MOVE) < 0) {
296 log_error_errno(errno, "Failed to add watch on /run/systemd/ask-password: %m");
297 manager_close_ask_password(m);
298 return -errno;
299 }
300
301 r = sd_event_add_io(m->event, &m->ask_password_event_source,
302 m->ask_password_inotify_fd, EPOLLIN,
303 manager_dispatch_ask_password_fd, m);
304 if (r < 0) {
305 log_error_errno(errno, "Failed to add event source for /run/systemd/ask-password: %m");
306 manager_close_ask_password(m);
307 return -errno;
308 }
309
310 (void) sd_event_source_set_description(m->ask_password_event_source, "manager-ask-password");
311
312 /* Queries might have been added meanwhile... */
313 manager_dispatch_ask_password_fd(m->ask_password_event_source,
314 m->ask_password_inotify_fd, EPOLLIN, m);
315 }
316
317 return m->have_ask_password;
318 }
319
320 static int manager_watch_idle_pipe(Manager *m) {
321 int r;
322
323 assert(m);
324
325 if (m->idle_pipe_event_source)
326 return 0;
327
328 if (m->idle_pipe[2] < 0)
329 return 0;
330
331 r = sd_event_add_io(m->event, &m->idle_pipe_event_source, m->idle_pipe[2], EPOLLIN, manager_dispatch_idle_pipe_fd, m);
332 if (r < 0)
333 return log_error_errno(r, "Failed to watch idle pipe: %m");
334
335 (void) sd_event_source_set_description(m->idle_pipe_event_source, "manager-idle-pipe");
336
337 return 0;
338 }
339
340 static void manager_close_idle_pipe(Manager *m) {
341 assert(m);
342
343 m->idle_pipe_event_source = sd_event_source_unref(m->idle_pipe_event_source);
344
345 safe_close_pair(m->idle_pipe);
346 safe_close_pair(m->idle_pipe + 2);
347 }
348
349 static int manager_setup_time_change(Manager *m) {
350 int r;
351
352 /* We only care for the cancellation event, hence we set the
353 * timeout to the latest possible value. */
354 struct itimerspec its = {
355 .it_value.tv_sec = TIME_T_MAX,
356 };
357
358 assert(m);
359 assert_cc(sizeof(time_t) == sizeof(TIME_T_MAX));
360
361 if (m->test_run_flags)
362 return 0;
363
364 /* Uses TFD_TIMER_CANCEL_ON_SET to get notifications whenever
365 * CLOCK_REALTIME makes a jump relative to CLOCK_MONOTONIC */
366
367 m->time_change_fd = timerfd_create(CLOCK_REALTIME, TFD_NONBLOCK|TFD_CLOEXEC);
368 if (m->time_change_fd < 0)
369 return log_error_errno(errno, "Failed to create timerfd: %m");
370
371 if (timerfd_settime(m->time_change_fd, TFD_TIMER_ABSTIME|TFD_TIMER_CANCEL_ON_SET, &its, NULL) < 0) {
372 log_debug_errno(errno, "Failed to set up TFD_TIMER_CANCEL_ON_SET, ignoring: %m");
373 m->time_change_fd = safe_close(m->time_change_fd);
374 return 0;
375 }
376
377 r = sd_event_add_io(m->event, &m->time_change_event_source, m->time_change_fd, EPOLLIN, manager_dispatch_time_change_fd, m);
378 if (r < 0)
379 return log_error_errno(r, "Failed to create time change event source: %m");
380
381 (void) sd_event_source_set_description(m->time_change_event_source, "manager-time-change");
382
383 log_debug("Set up TFD_TIMER_CANCEL_ON_SET timerfd.");
384
385 return 0;
386 }
387
388 static int enable_special_signals(Manager *m) {
389 _cleanup_close_ int fd = -1;
390
391 assert(m);
392
393 if (m->test_run_flags)
394 return 0;
395
396 /* Enable that we get SIGINT on control-alt-del. In containers
397 * this will fail with EPERM (older) or EINVAL (newer), so
398 * ignore that. */
399 if (reboot(RB_DISABLE_CAD) < 0 && !IN_SET(errno, EPERM, EINVAL))
400 log_warning_errno(errno, "Failed to enable ctrl-alt-del handling: %m");
401
402 fd = open_terminal("/dev/tty0", O_RDWR|O_NOCTTY|O_CLOEXEC);
403 if (fd < 0) {
404 /* Support systems without virtual console */
405 if (fd != -ENOENT)
406 log_warning_errno(errno, "Failed to open /dev/tty0: %m");
407 } else {
408 /* Enable that we get SIGWINCH on kbrequest */
409 if (ioctl(fd, KDSIGACCEPT, SIGWINCH) < 0)
410 log_warning_errno(errno, "Failed to enable kbrequest handling: %m");
411 }
412
413 return 0;
414 }
415
416 #define RTSIG_IF_AVAILABLE(signum) (signum <= SIGRTMAX ? signum : -1)
417
418 static int manager_setup_signals(Manager *m) {
419 struct sigaction sa = {
420 .sa_handler = SIG_DFL,
421 .sa_flags = SA_NOCLDSTOP|SA_RESTART,
422 };
423 sigset_t mask;
424 int r;
425
426 assert(m);
427
428 assert_se(sigaction(SIGCHLD, &sa, NULL) == 0);
429
430 /* We make liberal use of realtime signals here. On
431 * Linux/glibc we have 30 of them (with the exception of Linux
432 * on hppa, see below), between SIGRTMIN+0 ... SIGRTMIN+30
433 * (aka SIGRTMAX). */
434
435 assert_se(sigemptyset(&mask) == 0);
436 sigset_add_many(&mask,
437 SIGCHLD, /* Child died */
438 SIGTERM, /* Reexecute daemon */
439 SIGHUP, /* Reload configuration */
440 SIGUSR1, /* systemd/upstart: reconnect to D-Bus */
441 SIGUSR2, /* systemd: dump status */
442 SIGINT, /* Kernel sends us this on control-alt-del */
443 SIGWINCH, /* Kernel sends us this on kbrequest (alt-arrowup) */
444 SIGPWR, /* Some kernel drivers and upsd send us this on power failure */
445
446 SIGRTMIN+0, /* systemd: start default.target */
447 SIGRTMIN+1, /* systemd: isolate rescue.target */
448 SIGRTMIN+2, /* systemd: isolate emergency.target */
449 SIGRTMIN+3, /* systemd: start halt.target */
450 SIGRTMIN+4, /* systemd: start poweroff.target */
451 SIGRTMIN+5, /* systemd: start reboot.target */
452 SIGRTMIN+6, /* systemd: start kexec.target */
453
454 /* ... space for more special targets ... */
455
456 SIGRTMIN+13, /* systemd: Immediate halt */
457 SIGRTMIN+14, /* systemd: Immediate poweroff */
458 SIGRTMIN+15, /* systemd: Immediate reboot */
459 SIGRTMIN+16, /* systemd: Immediate kexec */
460
461 /* ... space for more immediate system state changes ... */
462
463 SIGRTMIN+20, /* systemd: enable status messages */
464 SIGRTMIN+21, /* systemd: disable status messages */
465 SIGRTMIN+22, /* systemd: set log level to LOG_DEBUG */
466 SIGRTMIN+23, /* systemd: set log level to LOG_INFO */
467 SIGRTMIN+24, /* systemd: Immediate exit (--user only) */
468
469 /* .. one free signal here ... */
470
471 /* Apparently Linux on hppa had fewer RT signals until v3.18,
472 * SIGRTMAX was SIGRTMIN+25, and then SIGRTMIN was lowered,
473 * see commit v3.17-7614-g1f25df2eff.
474 *
475 * We cannot unconditionally make use of those signals here,
476 * so let's use a runtime check. Since these commands are
477 * accessible by different means and only really a safety
478 * net, the missing functionality on hppa shouldn't matter.
479 */
480
481 RTSIG_IF_AVAILABLE(SIGRTMIN+26), /* systemd: set log target to journal-or-kmsg */
482 RTSIG_IF_AVAILABLE(SIGRTMIN+27), /* systemd: set log target to console */
483 RTSIG_IF_AVAILABLE(SIGRTMIN+28), /* systemd: set log target to kmsg */
484 RTSIG_IF_AVAILABLE(SIGRTMIN+29), /* systemd: set log target to syslog-or-kmsg (obsolete) */
485
486 /* ... one free signal here SIGRTMIN+30 ... */
487 -1);
488 assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);
489
490 m->signal_fd = signalfd(-1, &mask, SFD_NONBLOCK|SFD_CLOEXEC);
491 if (m->signal_fd < 0)
492 return -errno;
493
494 r = sd_event_add_io(m->event, &m->signal_event_source, m->signal_fd, EPOLLIN, manager_dispatch_signal_fd, m);
495 if (r < 0)
496 return r;
497
498 (void) sd_event_source_set_description(m->signal_event_source, "manager-signal");
499
500 /* Process signals a bit earlier than the rest of things, but later than notify_fd processing, so that the
501 * notify processing can still figure out to which process/service a message belongs, before we reap the
502 * process. Also, process this before handling cgroup notifications, so that we always collect child exit
503 * status information before detecting that there's no process in a cgroup. */
504 r = sd_event_source_set_priority(m->signal_event_source, SD_EVENT_PRIORITY_NORMAL-6);
505 if (r < 0)
506 return r;
507
508 if (MANAGER_IS_SYSTEM(m))
509 return enable_special_signals(m);
510
511 return 0;
512 }
513
514 static void manager_sanitize_environment(Manager *m) {
515 assert(m);
516
517 /* Let's remove some environment variables that we need ourselves to communicate with our clients */
518 strv_env_unset_many(
519 m->environment,
520 "EXIT_CODE",
521 "EXIT_STATUS",
522 "INVOCATION_ID",
523 "JOURNAL_STREAM",
524 "LISTEN_FDNAMES",
525 "LISTEN_FDS",
526 "LISTEN_PID",
527 "MAINPID",
528 "MANAGERPID",
529 "NOTIFY_SOCKET",
530 "REMOTE_ADDR",
531 "REMOTE_PORT",
532 "SERVICE_RESULT",
533 "WATCHDOG_PID",
534 "WATCHDOG_USEC",
535 NULL);
536
537 /* Let's order the environment alphabetically, just to make it pretty */
538 strv_sort(m->environment);
539 }
540
541 static int manager_default_environment(Manager *m) {
542 assert(m);
543
544 if (MANAGER_IS_SYSTEM(m)) {
545 /* The system manager always starts with a clean
546 * environment for its children. It does not import
547 * the kernel's or the parents' exported variables.
548 *
549 * The initial passed environment is untouched to keep
550 * /proc/self/environ valid; it is used for tagging
551 * the init process inside containers. */
552 m->environment = strv_new("PATH=" DEFAULT_PATH,
553 NULL);
554
555 /* Import locale variables LC_*= from configuration */
556 locale_setup(&m->environment);
557 } else
558 /* The user manager passes its own environment
559 * along to its children. */
560 m->environment = strv_copy(environ);
561
562 if (!m->environment)
563 return -ENOMEM;
564
565 manager_sanitize_environment(m);
566
567 return 0;
568 }
569
570 static int manager_setup_prefix(Manager *m) {
571 struct table_entry {
572 uint64_t type;
573 const char *suffix;
574 };
575
576 static const struct table_entry paths_system[_EXEC_DIRECTORY_TYPE_MAX] = {
577 [EXEC_DIRECTORY_RUNTIME] = { SD_PATH_SYSTEM_RUNTIME, NULL },
578 [EXEC_DIRECTORY_STATE] = { SD_PATH_SYSTEM_STATE_PRIVATE, NULL },
579 [EXEC_DIRECTORY_CACHE] = { SD_PATH_SYSTEM_STATE_CACHE, NULL },
580 [EXEC_DIRECTORY_LOGS] = { SD_PATH_SYSTEM_STATE_LOGS, NULL },
581 [EXEC_DIRECTORY_CONFIGURATION] = { SD_PATH_SYSTEM_CONFIGURATION, NULL },
582 };
583
584 static const struct table_entry paths_user[_EXEC_DIRECTORY_TYPE_MAX] = {
585 [EXEC_DIRECTORY_RUNTIME] = { SD_PATH_USER_RUNTIME, NULL },
586 [EXEC_DIRECTORY_STATE] = { SD_PATH_USER_CONFIGURATION, NULL },
587 [EXEC_DIRECTORY_CACHE] = { SD_PATH_USER_STATE_CACHE, NULL },
588 [EXEC_DIRECTORY_LOGS] = { SD_PATH_USER_CONFIGURATION, "log" },
589 [EXEC_DIRECTORY_CONFIGURATION] = { SD_PATH_USER_CONFIGURATION, NULL },
590 };
591
592 const struct table_entry *p;
593 ExecDirectoryType i;
594 int r;
595
596 assert(m);
597
598 if (MANAGER_IS_SYSTEM(m))
599 p = paths_system;
600 else
601 p = paths_user;
602
603 for (i = 0; i < _EXEC_DIRECTORY_TYPE_MAX; i++) {
604 r = sd_path_home(p[i].type, p[i].suffix, &m->prefix[i]);
605 if (r < 0)
606 return r;
607 }
608
609 return 0;
610 }
611
612 static int manager_setup_run_queue(Manager *m) {
613 int r;
614
615 assert(m);
616 assert(!m->run_queue_event_source);
617
618 r = sd_event_add_defer(m->event, &m->run_queue_event_source, manager_dispatch_run_queue, m);
619 if (r < 0)
620 return r;
621
622 r = sd_event_source_set_priority(m->run_queue_event_source, SD_EVENT_PRIORITY_IDLE);
623 if (r < 0)
624 return r;
625
626 r = sd_event_source_set_enabled(m->run_queue_event_source, SD_EVENT_OFF);
627 if (r < 0)
628 return r;
629
630 (void) sd_event_source_set_description(m->run_queue_event_source, "manager-run-queue");
631
632 return 0;
633 }
634
635 static int manager_setup_sigchld_event_source(Manager *m) {
636 int r;
637
638 assert(m);
639 assert(!m->sigchld_event_source);
640
641 r = sd_event_add_defer(m->event, &m->sigchld_event_source, manager_dispatch_sigchld, m);
642 if (r < 0)
643 return r;
644
645 r = sd_event_source_set_priority(m->sigchld_event_source, SD_EVENT_PRIORITY_NORMAL-7);
646 if (r < 0)
647 return r;
648
649 r = sd_event_source_set_enabled(m->sigchld_event_source, SD_EVENT_OFF);
650 if (r < 0)
651 return r;
652
653 (void) sd_event_source_set_description(m->sigchld_event_source, "manager-sigchld");
654
655 return 0;
656 }
657
658 int manager_new(UnitFileScope scope, unsigned test_run_flags, Manager **_m) {
659 _cleanup_(manager_freep) Manager *m = NULL;
660 int r;
661
662 assert(_m);
663 assert(IN_SET(scope, UNIT_FILE_SYSTEM, UNIT_FILE_USER));
664
665 m = new0(Manager, 1);
666 if (!m)
667 return -ENOMEM;
668
669 m->unit_file_scope = scope;
670 m->exit_code = _MANAGER_EXIT_CODE_INVALID;
671 m->default_timer_accuracy_usec = USEC_PER_MINUTE;
672 m->default_memory_accounting = MEMORY_ACCOUNTING_DEFAULT;
673 m->default_tasks_accounting = true;
674 m->default_tasks_max = UINT64_MAX;
675 m->default_timeout_start_usec = DEFAULT_TIMEOUT_USEC;
676 m->default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC;
677 m->default_restart_usec = DEFAULT_RESTART_USEC;
678
679 #if ENABLE_EFI
680 if (MANAGER_IS_SYSTEM(m) && detect_container() <= 0)
681 boot_timestamps(m->timestamps + MANAGER_TIMESTAMP_USERSPACE,
682 m->timestamps + MANAGER_TIMESTAMP_FIRMWARE,
683 m->timestamps + MANAGER_TIMESTAMP_LOADER);
684 #endif
685
686 /* Prepare log fields we can use for structured logging */
687 if (MANAGER_IS_SYSTEM(m)) {
688 m->unit_log_field = "UNIT=";
689 m->unit_log_format_string = "UNIT=%s";
690
691 m->invocation_log_field = "INVOCATION_ID=";
692 m->invocation_log_format_string = "INVOCATION_ID=%s";
693 } else {
694 m->unit_log_field = "USER_UNIT=";
695 m->unit_log_format_string = "USER_UNIT=%s";
696
697 m->invocation_log_field = "USER_INVOCATION_ID=";
698 m->invocation_log_format_string = "USER_INVOCATION_ID=%s";
699 }
700
701 m->idle_pipe[0] = m->idle_pipe[1] = m->idle_pipe[2] = m->idle_pipe[3] = -1;
702
703 m->pin_cgroupfs_fd = m->notify_fd = m->cgroups_agent_fd = m->signal_fd = m->time_change_fd =
704 m->dev_autofs_fd = m->private_listen_fd = m->cgroup_inotify_fd =
705 m->ask_password_inotify_fd = -1;
706
707 m->user_lookup_fds[0] = m->user_lookup_fds[1] = -1;
708
709 m->current_job_id = 1; /* start as id #1, so that we can leave #0 around as "null-like" value */
710
711 m->have_ask_password = -EINVAL; /* we don't know */
712 m->first_boot = -1;
713
714 m->test_run_flags = test_run_flags;
715
716 /* Reboot immediately if the user hits C-A-D more often than 7x per 2s */
717 RATELIMIT_INIT(m->ctrl_alt_del_ratelimit, 2 * USEC_PER_SEC, 7);
718
719 r = manager_default_environment(m);
720 if (r < 0)
721 return r;
722
723 r = hashmap_ensure_allocated(&m->units, &string_hash_ops);
724 if (r < 0)
725 return r;
726
727 r = hashmap_ensure_allocated(&m->jobs, NULL);
728 if (r < 0)
729 return r;
730
731 r = hashmap_ensure_allocated(&m->cgroup_unit, &path_hash_ops);
732 if (r < 0)
733 return r;
734
735 r = hashmap_ensure_allocated(&m->watch_bus, &string_hash_ops);
736 if (r < 0)
737 return r;
738
739 r = manager_setup_prefix(m);
740 if (r < 0)
741 return r;
742
743 m->udev = udev_new();
744 if (!m->udev)
745 return -ENOMEM;
746
747 r = sd_event_default(&m->event);
748 if (r < 0)
749 return r;
750
751 r = manager_setup_run_queue(m);
752 if (r < 0)
753 return r;
754
755 if (test_run_flags == MANAGER_TEST_RUN_MINIMAL) {
756 m->cgroup_root = strdup("");
757 if (!m->cgroup_root)
758 return -ENOMEM;
759 } else {
760 r = manager_setup_signals(m);
761 if (r < 0)
762 return r;
763
764 r = manager_setup_cgroup(m);
765 if (r < 0)
766 return r;
767
768 r = manager_setup_time_change(m);
769 if (r < 0)
770 return r;
771
772 r = manager_setup_sigchld_event_source(m);
773 if (r < 0)
774 return r;
775 }
776
777 if (MANAGER_IS_SYSTEM(m) && test_run_flags == 0) {
778 r = mkdir_label("/run/systemd/units", 0755);
779 if (r < 0 && r != -EEXIST)
780 return r;
781 }
782
783 m->taint_usr =
784 !in_initrd() &&
785 dir_is_empty("/usr") > 0;
786
787 /* Note that we do not set up the notify fd here. We do that after deserialization,
788 * since they might have gotten serialized across the reexec. */
789
790 *_m = TAKE_PTR(m);
791
792 return 0;
793 }
794
795 static int manager_setup_notify(Manager *m) {
796 int r;
797
798 if (m->test_run_flags)
799 return 0;
800
801 if (m->notify_fd < 0) {
802 _cleanup_close_ int fd = -1;
803 union sockaddr_union sa = {
804 .sa.sa_family = AF_UNIX,
805 };
806 static const int one = 1;
807
808 /* First free all secondary fields */
809 m->notify_socket = mfree(m->notify_socket);
810 m->notify_event_source = sd_event_source_unref(m->notify_event_source);
811
812 fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
813 if (fd < 0)
814 return log_error_errno(errno, "Failed to allocate notification socket: %m");
815
816 fd_inc_rcvbuf(fd, NOTIFY_RCVBUF_SIZE);
817
818 m->notify_socket = strappend(m->prefix[EXEC_DIRECTORY_RUNTIME], "/systemd/notify");
819 if (!m->notify_socket)
820 return log_oom();
821
822 (void) mkdir_parents_label(m->notify_socket, 0755);
823 (void) unlink(m->notify_socket);
824
825 strncpy(sa.un.sun_path, m->notify_socket, sizeof(sa.un.sun_path)-1);
826 r = bind(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un));
827 if (r < 0)
828 return log_error_errno(errno, "bind(%s) failed: %m", sa.un.sun_path);
829
830 r = setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one));
831 if (r < 0)
832 return log_error_errno(errno, "SO_PASSCRED failed: %m");
833
834 m->notify_fd = TAKE_FD(fd);
835
836 log_debug("Using notification socket %s", m->notify_socket);
837 }
838
839 if (!m->notify_event_source) {
840 r = sd_event_add_io(m->event, &m->notify_event_source, m->notify_fd, EPOLLIN, manager_dispatch_notify_fd, m);
841 if (r < 0)
842 return log_error_errno(r, "Failed to allocate notify event source: %m");
843
844 /* Process notification messages a bit earlier than SIGCHLD, so that we can still identify to which
845 * service an exit message belongs. */
846 r = sd_event_source_set_priority(m->notify_event_source, SD_EVENT_PRIORITY_NORMAL-8);
847 if (r < 0)
848 return log_error_errno(r, "Failed to set priority of notify event source: %m");
849
850 (void) sd_event_source_set_description(m->notify_event_source, "manager-notify");
851 }
852
853 return 0;
854 }
855
856 static int manager_setup_cgroups_agent(Manager *m) {
857
858 static const union sockaddr_union sa = {
859 .un.sun_family = AF_UNIX,
860 .un.sun_path = "/run/systemd/cgroups-agent",
861 };
862 int r;
863
864 /* This creates a listening socket we receive cgroups agent messages on. We do not use D-Bus for delivering
865 * these messages from the cgroups agent binary to PID 1, as the cgroups agent binary is very short-living, and
866 * each instance of it needs a new D-Bus connection. Since D-Bus connections are SOCK_STREAM/AF_UNIX, on
867 * overloaded systems the backlog of the D-Bus socket becomes relevant, as not more than the configured number
868 * of D-Bus connections may be queued until the kernel will start dropping further incoming connections,
869 * possibly resulting in lost cgroups agent messages. To avoid this, we'll use a private SOCK_DGRAM/AF_UNIX
870 * socket, where no backlog is relevant as communication may take place without an actual connect() cycle, and
871 * we thus won't lose messages.
872 *
873 * Note that PID 1 will forward the agent message to system bus, so that the user systemd instance may listen
874 * to it. The system instance hence listens on this special socket, but the user instances listen on the system
875 * bus for these messages. */
876
877 if (m->test_run_flags)
878 return 0;
879
880 if (!MANAGER_IS_SYSTEM(m))
881 return 0;
882
883 r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER);
884 if (r < 0)
885 return log_error_errno(r, "Failed to determine whether unified cgroups hierarchy is used: %m");
886 if (r > 0) /* We don't need this anymore on the unified hierarchy */
887 return 0;
888
889 if (m->cgroups_agent_fd < 0) {
890 _cleanup_close_ int fd = -1;
891
892 /* First free all secondary fields */
893 m->cgroups_agent_event_source = sd_event_source_unref(m->cgroups_agent_event_source);
894
895 fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
896 if (fd < 0)
897 return log_error_errno(errno, "Failed to allocate cgroups agent socket: %m");
898
899 fd_inc_rcvbuf(fd, CGROUPS_AGENT_RCVBUF_SIZE);
900
901 (void) unlink(sa.un.sun_path);
902
903 /* Only allow root to connect to this socket */
904 RUN_WITH_UMASK(0077)
905 r = bind(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un));
906 if (r < 0)
907 return log_error_errno(errno, "bind(%s) failed: %m", sa.un.sun_path);
908
909 m->cgroups_agent_fd = fd;
910 fd = -1;
911 }
912
913 if (!m->cgroups_agent_event_source) {
914 r = sd_event_add_io(m->event, &m->cgroups_agent_event_source, m->cgroups_agent_fd, EPOLLIN, manager_dispatch_cgroups_agent_fd, m);
915 if (r < 0)
916 return log_error_errno(r, "Failed to allocate cgroups agent event source: %m");
917
918 /* Process cgroups notifications early, but after having processed service notification messages or
919 * SIGCHLD signals, so that a cgroup running empty is always just the last safety net of notification,
920 * and we collected the metadata the notification and SIGCHLD stuff offers first. Also see handling of
921 * cgroup inotify for the unified cgroup stuff. */
922 r = sd_event_source_set_priority(m->cgroups_agent_event_source, SD_EVENT_PRIORITY_NORMAL-4);
923 if (r < 0)
924 return log_error_errno(r, "Failed to set priority of cgroups agent event source: %m");
925
926 (void) sd_event_source_set_description(m->cgroups_agent_event_source, "manager-cgroups-agent");
927 }
928
929 return 0;
930 }
931
932 static int manager_setup_user_lookup_fd(Manager *m) {
933 int r;
934
935 assert(m);
936
937 /* Set up the socket pair used for passing UID/GID resolution results from forked off processes to PID
938 * 1. Background: we can't do name lookups (NSS) from PID 1, since it might involve IPC and thus activation,
939 * and we might hence deadlock on ourselves. Hence we do all user/group lookups asynchronously from the forked
940 * off processes right before executing the binaries to start. In order to be able to clean up any IPC objects
941 * created by a unit (see RemoveIPC=) we need to know in PID 1 the used UID/GID of the executed processes,
942 * hence we establish this communication channel so that forked off processes can pass their UID/GID
943 * information back to PID 1. The forked off processes send their resolved UID/GID to PID 1 in a simple
944 * datagram, along with their unit name, so that we can share one communication socket pair among all units for
945 * this purpose.
946 *
947 * You might wonder why we need a communication channel for this that is independent of the usual notification
948 * socket scheme (i.e. $NOTIFY_SOCKET). The primary difference is about trust: data sent via the $NOTIFY_SOCKET
949 * channel is only accepted if it originates from the right unit and if reception was enabled for it. The user
950 * lookup socket OTOH is only accessible by PID 1 and its children until they exec(), and always available.
951 *
952 * Note that this function is called under two circumstances: when we first initialize (in which case we
953 * allocate both the socket pair and the event source to listen on it), and when we deserialize after a reload
954 * (in which case the socket pair already exists but we still need to allocate the event source for it). */
955
956 if (m->user_lookup_fds[0] < 0) {
957
958 /* Free all secondary fields */
959 safe_close_pair(m->user_lookup_fds);
960 m->user_lookup_event_source = sd_event_source_unref(m->user_lookup_event_source);
961
962 if (socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, m->user_lookup_fds) < 0)
963 return log_error_errno(errno, "Failed to allocate user lookup socket: %m");
964
965 (void) fd_inc_rcvbuf(m->user_lookup_fds[0], NOTIFY_RCVBUF_SIZE);
966 }
967
968 if (!m->user_lookup_event_source) {
969 r = sd_event_add_io(m->event, &m->user_lookup_event_source, m->user_lookup_fds[0], EPOLLIN, manager_dispatch_user_lookup_fd, m);
970 if (r < 0)
971 return log_error_errno(errno, "Failed to allocate user lookup event source: %m");
972
973 /* Process even earlier than the notify event source, so that we always know first about valid UID/GID
974 * resolutions */
975 r = sd_event_source_set_priority(m->user_lookup_event_source, SD_EVENT_PRIORITY_NORMAL-11);
976 if (r < 0)
977 return log_error_errno(errno, "Failed to set priority ot user lookup event source: %m");
978
979 (void) sd_event_source_set_description(m->user_lookup_event_source, "user-lookup");
980 }
981
982 return 0;
983 }
984
985 static unsigned manager_dispatch_cleanup_queue(Manager *m) {
986 Unit *u;
987 unsigned n = 0;
988
989 assert(m);
990
991 while ((u = m->cleanup_queue)) {
992 assert(u->in_cleanup_queue);
993
994 unit_free(u);
995 n++;
996 }
997
998 return n;
999 }
1000
1001 enum {
1002 GC_OFFSET_IN_PATH, /* This one is on the path we were traveling */
1003 GC_OFFSET_UNSURE, /* No clue */
1004 GC_OFFSET_GOOD, /* We still need this unit */
1005 GC_OFFSET_BAD, /* We don't need this unit anymore */
1006 _GC_OFFSET_MAX
1007 };
1008
1009 static void unit_gc_mark_good(Unit *u, unsigned gc_marker) {
1010 Unit *other;
1011 Iterator i;
1012 void *v;
1013
1014 u->gc_marker = gc_marker + GC_OFFSET_GOOD;
1015
1016 /* Recursively mark referenced units as GOOD as well */
1017 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_REFERENCES], i)
1018 if (other->gc_marker == gc_marker + GC_OFFSET_UNSURE)
1019 unit_gc_mark_good(other, gc_marker);
1020 }
1021
1022 static void unit_gc_sweep(Unit *u, unsigned gc_marker) {
1023 Unit *other;
1024 bool is_bad;
1025 Iterator i;
1026 void *v;
1027
1028 assert(u);
1029
1030 if (IN_SET(u->gc_marker - gc_marker,
1031 GC_OFFSET_GOOD, GC_OFFSET_BAD, GC_OFFSET_UNSURE, GC_OFFSET_IN_PATH))
1032 return;
1033
1034 if (u->in_cleanup_queue)
1035 goto bad;
1036
1037 if (!unit_may_gc(u))
1038 goto good;
1039
1040 u->gc_marker = gc_marker + GC_OFFSET_IN_PATH;
1041
1042 is_bad = true;
1043
1044 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_REFERENCED_BY], i) {
1045 unit_gc_sweep(other, gc_marker);
1046
1047 if (other->gc_marker == gc_marker + GC_OFFSET_GOOD)
1048 goto good;
1049
1050 if (other->gc_marker != gc_marker + GC_OFFSET_BAD)
1051 is_bad = false;
1052 }
1053
1054 if (u->refs_by_target) {
1055 const UnitRef *ref;
1056
1057 LIST_FOREACH(refs_by_target, ref, u->refs_by_target) {
1058 unit_gc_sweep(ref->source, gc_marker);
1059
1060 if (ref->source->gc_marker == gc_marker + GC_OFFSET_GOOD)
1061 goto good;
1062
1063 if (ref->source->gc_marker != gc_marker + GC_OFFSET_BAD)
1064 is_bad = false;
1065 }
1066 }
1067
1068 if (is_bad)
1069 goto bad;
1070
1071 /* We were unable to find anything out about this entry, so
1072 * let's investigate it later */
1073 u->gc_marker = gc_marker + GC_OFFSET_UNSURE;
1074 unit_add_to_gc_queue(u);
1075 return;
1076
1077 bad:
1078 /* We definitely know that this one is not useful anymore, so
1079 * let's mark it for deletion */
1080 u->gc_marker = gc_marker + GC_OFFSET_BAD;
1081 unit_add_to_cleanup_queue(u);
1082 return;
1083
1084 good:
1085 unit_gc_mark_good(u, gc_marker);
1086 }
1087
1088 static unsigned manager_dispatch_gc_unit_queue(Manager *m) {
1089 unsigned n = 0, gc_marker;
1090 Unit *u;
1091
1092 assert(m);
1093
1094 /* log_debug("Running GC..."); */
1095
1096 m->gc_marker += _GC_OFFSET_MAX;
1097 if (m->gc_marker + _GC_OFFSET_MAX <= _GC_OFFSET_MAX)
1098 m->gc_marker = 1;
1099
1100 gc_marker = m->gc_marker;
1101
1102 while ((u = m->gc_unit_queue)) {
1103 assert(u->in_gc_queue);
1104
1105 unit_gc_sweep(u, gc_marker);
1106
1107 LIST_REMOVE(gc_queue, m->gc_unit_queue, u);
1108 u->in_gc_queue = false;
1109
1110 n++;
1111
1112 if (IN_SET(u->gc_marker - gc_marker,
1113 GC_OFFSET_BAD, GC_OFFSET_UNSURE)) {
1114 if (u->id)
1115 log_unit_debug(u, "Collecting.");
1116 u->gc_marker = gc_marker + GC_OFFSET_BAD;
1117 unit_add_to_cleanup_queue(u);
1118 }
1119 }
1120
1121 return n;
1122 }
1123
1124 static unsigned manager_dispatch_gc_job_queue(Manager *m) {
1125 unsigned n = 0;
1126 Job *j;
1127
1128 assert(m);
1129
1130 while ((j = m->gc_job_queue)) {
1131 assert(j->in_gc_queue);
1132
1133 LIST_REMOVE(gc_queue, m->gc_job_queue, j);
1134 j->in_gc_queue = false;
1135
1136 n++;
1137
1138 if (!job_may_gc(j))
1139 continue;
1140
1141 log_unit_debug(j->unit, "Collecting job.");
1142 (void) job_finish_and_invalidate(j, JOB_COLLECTED, false, false);
1143 }
1144
1145 return n;
1146 }
1147
1148 static void manager_clear_jobs_and_units(Manager *m) {
1149 Unit *u;
1150
1151 assert(m);
1152
1153 while ((u = hashmap_first(m->units)))
1154 unit_free(u);
1155
1156 manager_dispatch_cleanup_queue(m);
1157
1158 assert(!m->load_queue);
1159 assert(!m->run_queue);
1160 assert(!m->dbus_unit_queue);
1161 assert(!m->dbus_job_queue);
1162 assert(!m->cleanup_queue);
1163 assert(!m->gc_unit_queue);
1164 assert(!m->gc_job_queue);
1165
1166 assert(hashmap_isempty(m->jobs));
1167 assert(hashmap_isempty(m->units));
1168
1169 m->n_on_console = 0;
1170 m->n_running_jobs = 0;
1171 }
1172
1173 Manager* manager_free(Manager *m) {
1174 UnitType c;
1175 int i;
1176 ExecDirectoryType dt;
1177
1178 if (!m)
1179 return NULL;
1180
1181 manager_clear_jobs_and_units(m);
1182
1183 for (c = 0; c < _UNIT_TYPE_MAX; c++)
1184 if (unit_vtable[c]->shutdown)
1185 unit_vtable[c]->shutdown(m);
1186
1187 /* If we reexecute ourselves, we keep the root cgroup around */
1188 manager_shutdown_cgroup(m, m->exit_code != MANAGER_REEXECUTE);
1189
1190 lookup_paths_flush_generator(&m->lookup_paths);
1191
1192 bus_done(m);
1193
1194 exec_runtime_vacuum(m);
1195 hashmap_free(m->exec_runtime_by_id);
1196
1197 dynamic_user_vacuum(m, false);
1198 hashmap_free(m->dynamic_users);
1199
1200 hashmap_free(m->units);
1201 hashmap_free(m->units_by_invocation_id);
1202 hashmap_free(m->jobs);
1203 hashmap_free(m->watch_pids);
1204 hashmap_free(m->watch_bus);
1205
1206 set_free(m->startup_units);
1207 set_free(m->failed_units);
1208
1209 sd_event_source_unref(m->signal_event_source);
1210 sd_event_source_unref(m->sigchld_event_source);
1211 sd_event_source_unref(m->notify_event_source);
1212 sd_event_source_unref(m->cgroups_agent_event_source);
1213 sd_event_source_unref(m->time_change_event_source);
1214 sd_event_source_unref(m->jobs_in_progress_event_source);
1215 sd_event_source_unref(m->run_queue_event_source);
1216 sd_event_source_unref(m->user_lookup_event_source);
1217 sd_event_source_unref(m->sync_bus_names_event_source);
1218
1219 safe_close(m->signal_fd);
1220 safe_close(m->notify_fd);
1221 safe_close(m->cgroups_agent_fd);
1222 safe_close(m->time_change_fd);
1223 safe_close_pair(m->user_lookup_fds);
1224
1225 manager_close_ask_password(m);
1226
1227 manager_close_idle_pipe(m);
1228
1229 udev_unref(m->udev);
1230 sd_event_unref(m->event);
1231
1232 free(m->notify_socket);
1233
1234 lookup_paths_free(&m->lookup_paths);
1235 strv_free(m->environment);
1236
1237 hashmap_free(m->cgroup_unit);
1238 set_free_free(m->unit_path_cache);
1239
1240 free(m->switch_root);
1241 free(m->switch_root_init);
1242
1243 for (i = 0; i < _RLIMIT_MAX; i++)
1244 m->rlimit[i] = mfree(m->rlimit[i]);
1245
1246 assert(hashmap_isempty(m->units_requiring_mounts_for));
1247 hashmap_free(m->units_requiring_mounts_for);
1248
1249 hashmap_free(m->uid_refs);
1250 hashmap_free(m->gid_refs);
1251
1252 for (dt = 0; dt < _EXEC_DIRECTORY_TYPE_MAX; dt++)
1253 m->prefix[dt] = mfree(m->prefix[dt]);
1254
1255 return mfree(m);
1256 }
1257
1258 static void manager_enumerate(Manager *m) {
1259 UnitType c;
1260
1261 assert(m);
1262
1263 /* Let's ask every type to load all units from disk/kernel
1264 * that it might know */
1265 for (c = 0; c < _UNIT_TYPE_MAX; c++) {
1266 if (!unit_type_supported(c)) {
1267 log_debug("Unit type .%s is not supported on this system.", unit_type_to_string(c));
1268 continue;
1269 }
1270
1271 if (unit_vtable[c]->enumerate)
1272 unit_vtable[c]->enumerate(m);
1273 }
1274
1275 manager_dispatch_load_queue(m);
1276 }
1277
1278 static void manager_coldplug(Manager *m) {
1279 Iterator i;
1280 Unit *u;
1281 char *k;
1282 int r;
1283
1284 assert(m);
1285
1286 /* Then, let's set up their initial state. */
1287 HASHMAP_FOREACH_KEY(u, k, m->units, i) {
1288
1289 /* ignore aliases */
1290 if (u->id != k)
1291 continue;
1292
1293 r = unit_coldplug(u);
1294 if (r < 0)
1295 log_warning_errno(r, "We couldn't coldplug %s, proceeding anyway: %m", u->id);
1296 }
1297 }
1298
1299 static void manager_build_unit_path_cache(Manager *m) {
1300 char **i;
1301 int r;
1302
1303 assert(m);
1304
1305 set_free_free(m->unit_path_cache);
1306
1307 m->unit_path_cache = set_new(&path_hash_ops);
1308 if (!m->unit_path_cache) {
1309 r = -ENOMEM;
1310 goto fail;
1311 }
1312
1313 /* This simply builds a list of files we know exist, so that
1314 * we don't always have to go to disk */
1315
1316 STRV_FOREACH(i, m->lookup_paths.search_path) {
1317 _cleanup_closedir_ DIR *d = NULL;
1318 struct dirent *de;
1319
1320 d = opendir(*i);
1321 if (!d) {
1322 if (errno != ENOENT)
1323 log_warning_errno(errno, "Failed to open directory %s, ignoring: %m", *i);
1324 continue;
1325 }
1326
1327 FOREACH_DIRENT(de, d, r = -errno; goto fail) {
1328 char *p;
1329
1330 p = strjoin(streq(*i, "/") ? "" : *i, "/", de->d_name);
1331 if (!p) {
1332 r = -ENOMEM;
1333 goto fail;
1334 }
1335
1336 r = set_consume(m->unit_path_cache, p);
1337 if (r < 0)
1338 goto fail;
1339 }
1340 }
1341
1342 return;
1343
1344 fail:
1345 log_warning_errno(r, "Failed to build unit path cache, proceeding without: %m");
1346 m->unit_path_cache = set_free_free(m->unit_path_cache);
1347 }
1348
1349 static void manager_distribute_fds(Manager *m, FDSet *fds) {
1350 Iterator i;
1351 Unit *u;
1352
1353 assert(m);
1354
1355 HASHMAP_FOREACH(u, m->units, i) {
1356
1357 if (fdset_size(fds) <= 0)
1358 break;
1359
1360 if (!UNIT_VTABLE(u)->distribute_fds)
1361 continue;
1362
1363 UNIT_VTABLE(u)->distribute_fds(u, fds);
1364 }
1365 }
1366
1367 static bool manager_dbus_is_running(Manager *m, bool deserialized) {
1368 Unit *u;
1369
1370 assert(m);
1371
1372 /* This checks whether the dbus instance we are supposed to expose our APIs on is up. We check both the socket
1373 * and the service unit. If the 'deserialized' parameter is true we'll check the deserialized state of the unit
1374 * rather than the current one. */
1375
1376 if (m->test_run_flags != 0)
1377 return false;
1378
1379 /* If we are in the user instance, and the env var is already set for us, then this means D-Bus is ran
1380 * somewhere outside of our own logic. Let's use it */
1381 if (MANAGER_IS_USER(m) && getenv("DBUS_SESSION_BUS_ADDRESS"))
1382 return true;
1383
1384 u = manager_get_unit(m, SPECIAL_DBUS_SOCKET);
1385 if (!u)
1386 return false;
1387 if ((deserialized ? SOCKET(u)->deserialized_state : SOCKET(u)->state) != SOCKET_RUNNING)
1388 return false;
1389
1390 u = manager_get_unit(m, SPECIAL_DBUS_SERVICE);
1391 if (!u)
1392 return false;
1393 if (!IN_SET((deserialized ? SERVICE(u)->deserialized_state : SERVICE(u)->state), SERVICE_RUNNING, SERVICE_RELOAD))
1394 return false;
1395
1396 return true;
1397 }
1398
1399 int manager_startup(Manager *m, FILE *serialization, FDSet *fds) {
1400 int r;
1401
1402 assert(m);
1403
1404 /* If we are running in test mode, we still want to run the generators,
1405 * but we should not touch the real generator directories. */
1406 r = lookup_paths_init(&m->lookup_paths, m->unit_file_scope,
1407 m->test_run_flags ? LOOKUP_PATHS_TEMPORARY_GENERATED : 0,
1408 NULL);
1409 if (r < 0)
1410 return r;
1411
1412 r = manager_run_environment_generators(m);
1413 if (r < 0)
1414 return r;
1415
1416 dual_timestamp_get(m->timestamps + MANAGER_TIMESTAMP_GENERATORS_START);
1417 r = manager_run_generators(m);
1418 dual_timestamp_get(m->timestamps + MANAGER_TIMESTAMP_GENERATORS_FINISH);
1419 if (r < 0)
1420 return r;
1421
1422 /* If this is the first boot, and we are in the host system, then preset everything */
1423 if (m->first_boot > 0 &&
1424 MANAGER_IS_SYSTEM(m) &&
1425 !m->test_run_flags) {
1426
1427 r = unit_file_preset_all(UNIT_FILE_SYSTEM, 0, NULL, UNIT_FILE_PRESET_ENABLE_ONLY, NULL, 0);
1428 if (r < 0)
1429 log_full_errno(r == -EEXIST ? LOG_NOTICE : LOG_WARNING, r,
1430 "Failed to populate /etc with preset unit settings, ignoring: %m");
1431 else
1432 log_info("Populated /etc with preset unit settings.");
1433 }
1434
1435 lookup_paths_reduce(&m->lookup_paths);
1436 manager_build_unit_path_cache(m);
1437
1438 /* If we will deserialize make sure that during enumeration
1439 * this is already known, so we increase the counter here
1440 * already */
1441 if (serialization)
1442 m->n_reloading++;
1443
1444 /* First, enumerate what we can from all config files */
1445 dual_timestamp_get(m->timestamps + MANAGER_TIMESTAMP_UNITS_LOAD_START);
1446 manager_enumerate(m);
1447 dual_timestamp_get(m->timestamps + MANAGER_TIMESTAMP_UNITS_LOAD_FINISH);
1448
1449 /* Second, deserialize if there is something to deserialize */
1450 if (serialization) {
1451 r = manager_deserialize(m, serialization, fds);
1452 if (r < 0)
1453 return log_error_errno(r, "Deserialization failed: %m");
1454 }
1455
1456 /* Any fds left? Find some unit which wants them. This is
1457 * useful to allow container managers to pass some file
1458 * descriptors to us pre-initialized. This enables
1459 * socket-based activation of entire containers. */
1460 manager_distribute_fds(m, fds);
1461
1462 /* We might have deserialized the notify fd, but if we didn't
1463 * then let's create the bus now */
1464 r = manager_setup_notify(m);
1465 if (r < 0)
1466 /* No sense to continue without notifications, our children would fail anyway. */
1467 return r;
1468
1469 r = manager_setup_cgroups_agent(m);
1470 if (r < 0)
1471 /* Likewise, no sense to continue without empty cgroup notifications. */
1472 return r;
1473
1474 r = manager_setup_user_lookup_fd(m);
1475 if (r < 0)
1476 /* This shouldn't fail, except if things are really broken. */
1477 return r;
1478
1479 /* Let's set up our private bus connection now, unconditionally */
1480 (void) bus_init_private(m);
1481
1482 /* If we are in --user mode also connect to the system bus now */
1483 if (MANAGER_IS_USER(m))
1484 (void) bus_init_system(m);
1485
1486 /* Let's connect to the bus now, but only if the unit is supposed to be up */
1487 if (manager_dbus_is_running(m, !!serialization)) {
1488 (void) bus_init_api(m);
1489
1490 if (MANAGER_IS_SYSTEM(m))
1491 (void) bus_init_system(m);
1492 }
1493
1494 /* Now that we are connected to all possible busses, let's deserialize who is tracking us. */
1495 (void) bus_track_coldplug(m, &m->subscribed, false, m->deserialized_subscribed);
1496 m->deserialized_subscribed = strv_free(m->deserialized_subscribed);
1497
1498 /* Third, fire things up! */
1499 manager_coldplug(m);
1500
1501 /* Release any dynamic users no longer referenced */
1502 dynamic_user_vacuum(m, true);
1503
1504 exec_runtime_vacuum(m);
1505
1506 /* Release any references to UIDs/GIDs no longer referenced, and destroy any IPC owned by them */
1507 manager_vacuum_uid_refs(m);
1508 manager_vacuum_gid_refs(m);
1509
1510 if (serialization) {
1511 assert(m->n_reloading > 0);
1512 m->n_reloading--;
1513
1514 /* Let's wait for the UnitNew/JobNew messages being
1515 * sent, before we notify that the reload is
1516 * finished */
1517 m->send_reloading_done = true;
1518 }
1519
1520 return 0;
1521 }
1522
1523 int manager_add_job(Manager *m, JobType type, Unit *unit, JobMode mode, sd_bus_error *e, Job **_ret) {
1524 int r;
1525 Transaction *tr;
1526
1527 assert(m);
1528 assert(type < _JOB_TYPE_MAX);
1529 assert(unit);
1530 assert(mode < _JOB_MODE_MAX);
1531
1532 if (mode == JOB_ISOLATE && type != JOB_START)
1533 return sd_bus_error_setf(e, SD_BUS_ERROR_INVALID_ARGS, "Isolate is only valid for start.");
1534
1535 if (mode == JOB_ISOLATE && !unit->allow_isolate)
1536 return sd_bus_error_setf(e, BUS_ERROR_NO_ISOLATION, "Operation refused, unit may not be isolated.");
1537
1538 log_unit_debug(unit, "Trying to enqueue job %s/%s/%s", unit->id, job_type_to_string(type), job_mode_to_string(mode));
1539
1540 type = job_type_collapse(type, unit);
1541
1542 tr = transaction_new(mode == JOB_REPLACE_IRREVERSIBLY);
1543 if (!tr)
1544 return -ENOMEM;
1545
1546 r = transaction_add_job_and_dependencies(tr, type, unit, NULL, true, false,
1547 IN_SET(mode, JOB_IGNORE_DEPENDENCIES, JOB_IGNORE_REQUIREMENTS),
1548 mode == JOB_IGNORE_DEPENDENCIES, e);
1549 if (r < 0)
1550 goto tr_abort;
1551
1552 if (mode == JOB_ISOLATE) {
1553 r = transaction_add_isolate_jobs(tr, m);
1554 if (r < 0)
1555 goto tr_abort;
1556 }
1557
1558 r = transaction_activate(tr, m, mode, e);
1559 if (r < 0)
1560 goto tr_abort;
1561
1562 log_unit_debug(unit,
1563 "Enqueued job %s/%s as %u", unit->id,
1564 job_type_to_string(type), (unsigned) tr->anchor_job->id);
1565
1566 if (_ret)
1567 *_ret = tr->anchor_job;
1568
1569 transaction_free(tr);
1570 return 0;
1571
1572 tr_abort:
1573 transaction_abort(tr);
1574 transaction_free(tr);
1575 return r;
1576 }
1577
1578 int manager_add_job_by_name(Manager *m, JobType type, const char *name, JobMode mode, sd_bus_error *e, Job **ret) {
1579 Unit *unit = NULL; /* just to appease gcc, initialization is not really necessary */
1580 int r;
1581
1582 assert(m);
1583 assert(type < _JOB_TYPE_MAX);
1584 assert(name);
1585 assert(mode < _JOB_MODE_MAX);
1586
1587 r = manager_load_unit(m, name, NULL, NULL, &unit);
1588 if (r < 0)
1589 return r;
1590 assert(unit);
1591
1592 return manager_add_job(m, type, unit, mode, e, ret);
1593 }
1594
1595 int manager_add_job_by_name_and_warn(Manager *m, JobType type, const char *name, JobMode mode, Job **ret) {
1596 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
1597 int r;
1598
1599 assert(m);
1600 assert(type < _JOB_TYPE_MAX);
1601 assert(name);
1602 assert(mode < _JOB_MODE_MAX);
1603
1604 r = manager_add_job_by_name(m, type, name, mode, &error, ret);
1605 if (r < 0)
1606 return log_warning_errno(r, "Failed to enqueue %s job for %s: %s", job_mode_to_string(mode), name, bus_error_message(&error, r));
1607
1608 return r;
1609 }
1610
1611 int manager_propagate_reload(Manager *m, Unit *unit, JobMode mode, sd_bus_error *e) {
1612 int r;
1613 Transaction *tr;
1614
1615 assert(m);
1616 assert(unit);
1617 assert(mode < _JOB_MODE_MAX);
1618 assert(mode != JOB_ISOLATE); /* Isolate is only valid for start */
1619
1620 tr = transaction_new(mode == JOB_REPLACE_IRREVERSIBLY);
1621 if (!tr)
1622 return -ENOMEM;
1623
1624 /* We need an anchor job */
1625 r = transaction_add_job_and_dependencies(tr, JOB_NOP, unit, NULL, false, false, true, true, e);
1626 if (r < 0)
1627 goto tr_abort;
1628
1629 /* Failure in adding individual dependencies is ignored, so this always succeeds. */
1630 transaction_add_propagate_reload_jobs(tr, unit, tr->anchor_job, mode == JOB_IGNORE_DEPENDENCIES, e);
1631
1632 r = transaction_activate(tr, m, mode, e);
1633 if (r < 0)
1634 goto tr_abort;
1635
1636 transaction_free(tr);
1637 return 0;
1638
1639 tr_abort:
1640 transaction_abort(tr);
1641 transaction_free(tr);
1642 return r;
1643 }
1644
1645 Job *manager_get_job(Manager *m, uint32_t id) {
1646 assert(m);
1647
1648 return hashmap_get(m->jobs, UINT32_TO_PTR(id));
1649 }
1650
1651 Unit *manager_get_unit(Manager *m, const char *name) {
1652 assert(m);
1653 assert(name);
1654
1655 return hashmap_get(m->units, name);
1656 }
1657
1658 static int manager_dispatch_target_deps_queue(Manager *m) {
1659 Unit *u;
1660 unsigned k;
1661 int r = 0;
1662
1663 static const UnitDependency deps[] = {
1664 UNIT_REQUIRED_BY,
1665 UNIT_REQUISITE_OF,
1666 UNIT_WANTED_BY,
1667 UNIT_BOUND_BY
1668 };
1669
1670 assert(m);
1671
1672 while ((u = m->target_deps_queue)) {
1673 assert(u->in_target_deps_queue);
1674
1675 LIST_REMOVE(target_deps_queue, u->manager->target_deps_queue, u);
1676 u->in_target_deps_queue = false;
1677
1678 for (k = 0; k < ELEMENTSOF(deps); k++) {
1679 Unit *target;
1680 Iterator i;
1681 void *v;
1682
1683 HASHMAP_FOREACH_KEY(v, target, u->dependencies[deps[k]], i) {
1684 r = unit_add_default_target_dependency(u, target);
1685 if (r < 0)
1686 return r;
1687 }
1688 }
1689 }
1690
1691 return r;
1692 }
1693
1694 unsigned manager_dispatch_load_queue(Manager *m) {
1695 Unit *u;
1696 unsigned n = 0;
1697
1698 assert(m);
1699
1700 /* Make sure we are not run recursively */
1701 if (m->dispatching_load_queue)
1702 return 0;
1703
1704 m->dispatching_load_queue = true;
1705
1706 /* Dispatches the load queue. Takes a unit from the queue and
1707 * tries to load its data until the queue is empty */
1708
1709 while ((u = m->load_queue)) {
1710 assert(u->in_load_queue);
1711
1712 unit_load(u);
1713 n++;
1714 }
1715
1716 m->dispatching_load_queue = false;
1717
1718 /* Dispatch the units waiting for their target dependencies to be added now, as all targets that we know about
1719 * should be loaded and have aliases resolved */
1720 (void) manager_dispatch_target_deps_queue(m);
1721
1722 return n;
1723 }
1724
1725 int manager_load_unit_prepare(
1726 Manager *m,
1727 const char *name,
1728 const char *path,
1729 sd_bus_error *e,
1730 Unit **_ret) {
1731
1732 _cleanup_(unit_freep) Unit *cleanup_ret = NULL;
1733 Unit *ret;
1734 UnitType t;
1735 int r;
1736
1737 assert(m);
1738 assert(name || path);
1739 assert(_ret);
1740
1741 /* This will prepare the unit for loading, but not actually
1742 * load anything from disk. */
1743
1744 if (path && !is_path(path))
1745 return sd_bus_error_setf(e, SD_BUS_ERROR_INVALID_ARGS, "Path %s is not absolute.", path);
1746
1747 if (!name)
1748 name = basename(path);
1749
1750 t = unit_name_to_type(name);
1751
1752 if (t == _UNIT_TYPE_INVALID || !unit_name_is_valid(name, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE)) {
1753 if (unit_name_is_valid(name, UNIT_NAME_TEMPLATE))
1754 return sd_bus_error_setf(e, SD_BUS_ERROR_INVALID_ARGS, "Unit name %s is missing the instance name.", name);
1755
1756 return sd_bus_error_setf(e, SD_BUS_ERROR_INVALID_ARGS, "Unit name %s is not valid.", name);
1757 }
1758
1759 ret = manager_get_unit(m, name);
1760 if (ret) {
1761 *_ret = ret;
1762 return 1;
1763 }
1764
1765 ret = cleanup_ret = unit_new(m, unit_vtable[t]->object_size);
1766 if (!ret)
1767 return -ENOMEM;
1768
1769 if (path) {
1770 ret->fragment_path = strdup(path);
1771 if (!ret->fragment_path)
1772 return -ENOMEM;
1773 }
1774
1775 r = unit_add_name(ret, name);
1776 if (r < 0)
1777 return r;
1778
1779 unit_add_to_load_queue(ret);
1780 unit_add_to_dbus_queue(ret);
1781 unit_add_to_gc_queue(ret);
1782
1783 *_ret = ret;
1784 cleanup_ret = NULL;
1785
1786 return 0;
1787 }
1788
1789 int manager_load_unit(
1790 Manager *m,
1791 const char *name,
1792 const char *path,
1793 sd_bus_error *e,
1794 Unit **_ret) {
1795
1796 int r;
1797
1798 assert(m);
1799 assert(_ret);
1800
1801 /* This will load the service information files, but not actually
1802 * start any services or anything. */
1803
1804 r = manager_load_unit_prepare(m, name, path, e, _ret);
1805 if (r != 0)
1806 return r;
1807
1808 manager_dispatch_load_queue(m);
1809
1810 *_ret = unit_follow_merge(*_ret);
1811 return 0;
1812 }
1813
1814 int manager_load_startable_unit_or_warn(
1815 Manager *m,
1816 const char *name,
1817 const char *path,
1818 Unit **ret) {
1819
1820 /* Load a unit, make sure it loaded fully and is not masked. */
1821
1822 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
1823 Unit *unit;
1824 int r;
1825
1826 r = manager_load_unit(m, name, path, &error, &unit);
1827 if (r < 0)
1828 return log_error_errno(r, "Failed to load %s %s: %s",
1829 name ? "unit" : "file", name ?: path,
1830 bus_error_message(&error, r));
1831 else if (IN_SET(unit->load_state, UNIT_ERROR, UNIT_NOT_FOUND))
1832 return log_error_errno(unit->load_error, "Failed to load %s %s: %m",
1833 name ? "unit" : "file", name ?: path);
1834 else if (unit->load_state == UNIT_MASKED) {
1835 log_error("%s %s is masked.",
1836 name ? "Unit" : "File", name ?: path);
1837 return -ERFKILL;
1838 }
1839
1840 *ret = unit;
1841 return 0;
1842 }
1843
1844 void manager_dump_jobs(Manager *s, FILE *f, const char *prefix) {
1845 Iterator i;
1846 Job *j;
1847
1848 assert(s);
1849 assert(f);
1850
1851 HASHMAP_FOREACH(j, s->jobs, i)
1852 job_dump(j, f, prefix);
1853 }
1854
1855 void manager_dump_units(Manager *s, FILE *f, const char *prefix) {
1856 Iterator i;
1857 Unit *u;
1858 const char *t;
1859
1860 assert(s);
1861 assert(f);
1862
1863 HASHMAP_FOREACH_KEY(u, t, s->units, i)
1864 if (u->id == t)
1865 unit_dump(u, f, prefix);
1866 }
1867
1868 void manager_dump(Manager *m, FILE *f, const char *prefix) {
1869 ManagerTimestamp q;
1870
1871 assert(m);
1872 assert(f);
1873
1874 for (q = 0; q < _MANAGER_TIMESTAMP_MAX; q++) {
1875 char buf[FORMAT_TIMESTAMP_MAX];
1876
1877 if (dual_timestamp_is_set(m->timestamps + q))
1878 fprintf(f, "%sTimestamp %s: %s\n",
1879 strempty(prefix),
1880 manager_timestamp_to_string(q),
1881 format_timestamp(buf, sizeof(buf), m->timestamps[q].realtime));
1882 }
1883
1884 manager_dump_units(m, f, prefix);
1885 manager_dump_jobs(m, f, prefix);
1886 }
1887
1888 int manager_get_dump_string(Manager *m, char **ret) {
1889 _cleanup_free_ char *dump = NULL;
1890 _cleanup_fclose_ FILE *f = NULL;
1891 size_t size;
1892 int r;
1893
1894 assert(m);
1895 assert(ret);
1896
1897 f = open_memstream(&dump, &size);
1898 if (!f)
1899 return -errno;
1900
1901 (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
1902
1903 manager_dump(m, f, NULL);
1904
1905 r = fflush_and_check(f);
1906 if (r < 0)
1907 return r;
1908
1909 f = safe_fclose(f);
1910
1911 *ret = TAKE_PTR(dump);
1912
1913 return 0;
1914 }
1915
1916 void manager_clear_jobs(Manager *m) {
1917 Job *j;
1918
1919 assert(m);
1920
1921 while ((j = hashmap_first(m->jobs)))
1922 /* No need to recurse. We're cancelling all jobs. */
1923 job_finish_and_invalidate(j, JOB_CANCELED, false, false);
1924 }
1925
1926 static int manager_dispatch_run_queue(sd_event_source *source, void *userdata) {
1927 Manager *m = userdata;
1928 Job *j;
1929
1930 assert(source);
1931 assert(m);
1932
1933 while ((j = m->run_queue)) {
1934 assert(j->installed);
1935 assert(j->in_run_queue);
1936
1937 job_run_and_invalidate(j);
1938 }
1939
1940 if (m->n_running_jobs > 0)
1941 manager_watch_jobs_in_progress(m);
1942
1943 if (m->n_on_console > 0)
1944 manager_watch_idle_pipe(m);
1945
1946 return 1;
1947 }
1948
1949 static unsigned manager_dispatch_dbus_queue(Manager *m) {
1950 unsigned n = 0, budget;
1951 Unit *u;
1952 Job *j;
1953
1954 assert(m);
1955
1956 if (m->dispatching_dbus_queue)
1957 return 0;
1958
1959 /* Anything to do at all? */
1960 if (!m->dbus_unit_queue && !m->dbus_job_queue && !m->send_reloading_done && !m->queued_message)
1961 return 0;
1962
1963 /* Do we have overly many messages queued at the moment? If so, let's not enqueue more on top, let's sit this
1964 * cycle out, and process things in a later cycle when the queues got a bit emptier. */
1965 if (manager_bus_n_queued_write(m) > MANAGER_BUS_BUSY_THRESHOLD)
1966 return 0;
1967
1968 /* Only process a certain number of units/jobs per event loop iteration. Even if the bus queue wasn't overly
1969 * full before this call we shouldn't increase it in size too wildly in one step, and we shouldn't monopolize
1970 * CPU time with generating these messages. Note the difference in counting of this "budget" and the
1971 * "threshold" above: the "budget" is decreased only once per generated message, regardless how many
1972 * busses/direct connections it is enqueued on, while the "threshold" is applied to each queued instance of bus
1973 * message, i.e. if the same message is enqueued to five busses/direct connections it will be counted five
1974 * times. This difference in counting ("references" vs. "instances") is primarily a result of the fact that
1975 * it's easier to implement it this way, however it also reflects the thinking that the "threshold" should put
1976 * a limit on used queue memory, i.e. space, while the "budget" should put a limit on time. Also note that
1977 * the "threshold" is currently chosen much higher than the "budget". */
1978 budget = MANAGER_BUS_MESSAGE_BUDGET;
1979
1980 m->dispatching_dbus_queue = true;
1981
1982 while (budget > 0 && (u = m->dbus_unit_queue)) {
1983
1984 assert(u->in_dbus_queue);
1985
1986 bus_unit_send_change_signal(u);
1987 n++, budget--;
1988 }
1989
1990 while (budget > 0 && (j = m->dbus_job_queue)) {
1991 assert(j->in_dbus_queue);
1992
1993 bus_job_send_change_signal(j);
1994 n++, budget--;
1995 }
1996
1997 m->dispatching_dbus_queue = false;
1998
1999 if (budget > 0 && m->send_reloading_done) {
2000 m->send_reloading_done = false;
2001 bus_manager_send_reloading(m, false);
2002 n++, budget--;
2003 }
2004
2005 if (budget > 0 && m->queued_message) {
2006 bus_send_queued_message(m);
2007 n++;
2008 }
2009
2010 return n;
2011 }
2012
2013 static int manager_dispatch_cgroups_agent_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2014 Manager *m = userdata;
2015 char buf[PATH_MAX+1];
2016 ssize_t n;
2017
2018 n = recv(fd, buf, sizeof(buf), 0);
2019 if (n < 0)
2020 return log_error_errno(errno, "Failed to read cgroups agent message: %m");
2021 if (n == 0) {
2022 log_error("Got zero-length cgroups agent message, ignoring.");
2023 return 0;
2024 }
2025 if ((size_t) n >= sizeof(buf)) {
2026 log_error("Got overly long cgroups agent message, ignoring.");
2027 return 0;
2028 }
2029
2030 if (memchr(buf, 0, n)) {
2031 log_error("Got cgroups agent message with embedded NUL byte, ignoring.");
2032 return 0;
2033 }
2034 buf[n] = 0;
2035
2036 manager_notify_cgroup_empty(m, buf);
2037 (void) bus_forward_agent_released(m, buf);
2038
2039 return 0;
2040 }
2041
2042 static void manager_invoke_notify_message(
2043 Manager *m,
2044 Unit *u,
2045 const struct ucred *ucred,
2046 const char *buf,
2047 FDSet *fds) {
2048
2049 assert(m);
2050 assert(u);
2051 assert(ucred);
2052 assert(buf);
2053
2054 if (u->notifygen == m->notifygen) /* Already invoked on this same unit in this same iteration? */
2055 return;
2056 u->notifygen = m->notifygen;
2057
2058 if (UNIT_VTABLE(u)->notify_message) {
2059 _cleanup_strv_free_ char **tags = NULL;
2060
2061 tags = strv_split(buf, NEWLINE);
2062 if (!tags) {
2063 log_oom();
2064 return;
2065 }
2066
2067 UNIT_VTABLE(u)->notify_message(u, ucred, tags, fds);
2068
2069 } else if (DEBUG_LOGGING) {
2070 _cleanup_free_ char *x = NULL, *y = NULL;
2071
2072 x = ellipsize(buf, 20, 90);
2073 if (x)
2074 y = cescape(x);
2075
2076 log_unit_debug(u, "Got notification message \"%s\", ignoring.", strnull(y));
2077 }
2078 }
2079
2080 static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2081
2082 _cleanup_fdset_free_ FDSet *fds = NULL;
2083 Manager *m = userdata;
2084 char buf[NOTIFY_BUFFER_MAX+1];
2085 struct iovec iovec = {
2086 .iov_base = buf,
2087 .iov_len = sizeof(buf)-1,
2088 };
2089 union {
2090 struct cmsghdr cmsghdr;
2091 uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
2092 CMSG_SPACE(sizeof(int) * NOTIFY_FD_MAX)];
2093 } control = {};
2094 struct msghdr msghdr = {
2095 .msg_iov = &iovec,
2096 .msg_iovlen = 1,
2097 .msg_control = &control,
2098 .msg_controllen = sizeof(control),
2099 };
2100
2101 struct cmsghdr *cmsg;
2102 struct ucred *ucred = NULL;
2103 _cleanup_free_ Unit **array_copy = NULL;
2104 Unit *u1, *u2, **array;
2105 int r, *fd_array = NULL;
2106 size_t n_fds = 0;
2107 bool found = false;
2108 ssize_t n;
2109
2110 assert(m);
2111 assert(m->notify_fd == fd);
2112
2113 if (revents != EPOLLIN) {
2114 log_warning("Got unexpected poll event for notify fd.");
2115 return 0;
2116 }
2117
2118 n = recvmsg(m->notify_fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC|MSG_TRUNC);
2119 if (n < 0) {
2120 if (IN_SET(errno, EAGAIN, EINTR))
2121 return 0; /* Spurious wakeup, try again */
2122
2123 /* If this is any other, real error, then let's stop processing this socket. This of course means we
2124 * won't take notification messages anymore, but that's still better than busy looping around this:
2125 * being woken up over and over again but being unable to actually read the message off the socket. */
2126 return log_error_errno(errno, "Failed to receive notification message: %m");
2127 }
2128
2129 CMSG_FOREACH(cmsg, &msghdr) {
2130 if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
2131
2132 fd_array = (int*) CMSG_DATA(cmsg);
2133 n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
2134
2135 } else if (cmsg->cmsg_level == SOL_SOCKET &&
2136 cmsg->cmsg_type == SCM_CREDENTIALS &&
2137 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
2138
2139 ucred = (struct ucred*) CMSG_DATA(cmsg);
2140 }
2141 }
2142
2143 if (n_fds > 0) {
2144 assert(fd_array);
2145
2146 r = fdset_new_array(&fds, fd_array, n_fds);
2147 if (r < 0) {
2148 close_many(fd_array, n_fds);
2149 log_oom();
2150 return 0;
2151 }
2152 }
2153
2154 if (!ucred || !pid_is_valid(ucred->pid)) {
2155 log_warning("Received notify message without valid credentials. Ignoring.");
2156 return 0;
2157 }
2158
2159 if ((size_t) n >= sizeof(buf) || (msghdr.msg_flags & MSG_TRUNC)) {
2160 log_warning("Received notify message exceeded maximum size. Ignoring.");
2161 return 0;
2162 }
2163
2164 /* As extra safety check, let's make sure the string we get doesn't contain embedded NUL bytes. We permit one
2165 * trailing NUL byte in the message, but don't expect it. */
2166 if (n > 1 && memchr(buf, 0, n-1)) {
2167 log_warning("Received notify message with embedded NUL bytes. Ignoring.");
2168 return 0;
2169 }
2170
2171 /* Make sure it's NUL-terminated. */
2172 buf[n] = 0;
2173
2174 /* Increase the generation counter used for filtering out duplicate unit invocations. */
2175 m->notifygen++;
2176
2177 /* Notify every unit that might be interested, which might be multiple. */
2178 u1 = manager_get_unit_by_pid_cgroup(m, ucred->pid);
2179 u2 = hashmap_get(m->watch_pids, PID_TO_PTR(ucred->pid));
2180 array = hashmap_get(m->watch_pids, PID_TO_PTR(-ucred->pid));
2181 if (array) {
2182 size_t k = 0;
2183
2184 while (array[k])
2185 k++;
2186
2187 array_copy = newdup(Unit*, array, k+1);
2188 if (!array_copy)
2189 log_oom();
2190 }
2191 /* And now invoke the per-unit callbacks. Note that manager_invoke_notify_message() will handle duplicate units
2192 * make sure we only invoke each unit's handler once. */
2193 if (u1) {
2194 manager_invoke_notify_message(m, u1, ucred, buf, fds);
2195 found = true;
2196 }
2197 if (u2) {
2198 manager_invoke_notify_message(m, u2, ucred, buf, fds);
2199 found = true;
2200 }
2201 if (array_copy)
2202 for (size_t i = 0; array_copy[i]; i++) {
2203 manager_invoke_notify_message(m, array_copy[i], ucred, buf, fds);
2204 found = true;
2205 }
2206
2207 if (!found)
2208 log_warning("Cannot find unit for notify message of PID "PID_FMT", ignoring.", ucred->pid);
2209
2210 if (fdset_size(fds) > 0)
2211 log_warning("Got extra auxiliary fds with notification message, closing them.");
2212
2213 return 0;
2214 }
2215
2216 static void manager_invoke_sigchld_event(
2217 Manager *m,
2218 Unit *u,
2219 const siginfo_t *si) {
2220
2221 assert(m);
2222 assert(u);
2223 assert(si);
2224
2225 /* Already invoked the handler of this unit in this iteration? Then don't process this again */
2226 if (u->sigchldgen == m->sigchldgen)
2227 return;
2228 u->sigchldgen = m->sigchldgen;
2229
2230 log_unit_debug(u, "Child "PID_FMT" belongs to %s.", si->si_pid, u->id);
2231 unit_unwatch_pid(u, si->si_pid);
2232
2233 if (UNIT_VTABLE(u)->sigchld_event)
2234 UNIT_VTABLE(u)->sigchld_event(u, si->si_pid, si->si_code, si->si_status);
2235 }
2236
2237 static int manager_dispatch_sigchld(sd_event_source *source, void *userdata) {
2238 Manager *m = userdata;
2239 siginfo_t si = {};
2240 int r;
2241
2242 assert(source);
2243 assert(m);
2244
2245 /* First we call waitd() for a PID and do not reap the zombie. That way we can still access /proc/$PID for it
2246 * while it is a zombie. */
2247
2248 if (waitid(P_ALL, 0, &si, WEXITED|WNOHANG|WNOWAIT) < 0) {
2249
2250 if (errno != ECHILD)
2251 log_error_errno(errno, "Failed to peek for child with waitid(), ignoring: %m");
2252
2253 goto turn_off;
2254 }
2255
2256 if (si.si_pid <= 0)
2257 goto turn_off;
2258
2259 if (IN_SET(si.si_code, CLD_EXITED, CLD_KILLED, CLD_DUMPED)) {
2260 _cleanup_free_ Unit **array_copy = NULL;
2261 _cleanup_free_ char *name = NULL;
2262 Unit *u1, *u2, **array;
2263
2264 (void) get_process_comm(si.si_pid, &name);
2265
2266 log_debug("Child "PID_FMT" (%s) died (code=%s, status=%i/%s)",
2267 si.si_pid, strna(name),
2268 sigchld_code_to_string(si.si_code),
2269 si.si_status,
2270 strna(si.si_code == CLD_EXITED
2271 ? exit_status_to_string(si.si_status, EXIT_STATUS_FULL)
2272 : signal_to_string(si.si_status)));
2273
2274 /* Increase the generation counter used for filtering out duplicate unit invocations */
2275 m->sigchldgen++;
2276
2277 /* And now figure out the unit this belongs to, it might be multiple... */
2278 u1 = manager_get_unit_by_pid_cgroup(m, si.si_pid);
2279 u2 = hashmap_get(m->watch_pids, PID_TO_PTR(si.si_pid));
2280 array = hashmap_get(m->watch_pids, PID_TO_PTR(-si.si_pid));
2281 if (array) {
2282 size_t n = 0;
2283
2284 /* Cound how many entries the array has */
2285 while (array[n])
2286 n++;
2287
2288 /* Make a copy of the array so that we don't trip up on the array changing beneath us */
2289 array_copy = newdup(Unit*, array, n+1);
2290 if (!array_copy)
2291 log_oom();
2292 }
2293
2294 /* Finally, execute them all. Note that u1, u2 and the array might contain duplicates, but
2295 * that's fine, manager_invoke_sigchld_event() will ensure we only invoke the handlers once for
2296 * each iteration. */
2297 if (u1)
2298 manager_invoke_sigchld_event(m, u1, &si);
2299 if (u2)
2300 manager_invoke_sigchld_event(m, u2, &si);
2301 if (array_copy)
2302 for (size_t i = 0; array_copy[i]; i++)
2303 manager_invoke_sigchld_event(m, array_copy[i], &si);
2304 }
2305
2306 /* And now, we actually reap the zombie. */
2307 if (waitid(P_PID, si.si_pid, &si, WEXITED) < 0) {
2308 log_error_errno(errno, "Failed to dequeue child, ignoring: %m");
2309 return 0;
2310 }
2311
2312 return 0;
2313
2314 turn_off:
2315 /* All children processed for now, turn off event source */
2316
2317 r = sd_event_source_set_enabled(m->sigchld_event_source, SD_EVENT_OFF);
2318 if (r < 0)
2319 return log_error_errno(r, "Failed to disable SIGCHLD event source: %m");
2320
2321 return 0;
2322 }
2323
2324 static void manager_start_target(Manager *m, const char *name, JobMode mode) {
2325 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2326 int r;
2327
2328 log_debug("Activating special unit %s", name);
2329
2330 r = manager_add_job_by_name(m, JOB_START, name, mode, &error, NULL);
2331 if (r < 0)
2332 log_error("Failed to enqueue %s job: %s", name, bus_error_message(&error, r));
2333 }
2334
2335 static void manager_handle_ctrl_alt_del(Manager *m) {
2336 /* If the user presses C-A-D more than
2337 * 7 times within 2s, we reboot/shutdown immediately,
2338 * unless it was disabled in system.conf */
2339
2340 if (ratelimit_test(&m->ctrl_alt_del_ratelimit) || m->cad_burst_action == EMERGENCY_ACTION_NONE)
2341 manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE_IRREVERSIBLY);
2342 else
2343 emergency_action(m, m->cad_burst_action, NULL,
2344 "Ctrl-Alt-Del was pressed more than 7 times within 2s");
2345 }
2346
2347 static int manager_dispatch_signal_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2348 Manager *m = userdata;
2349 ssize_t n;
2350 struct signalfd_siginfo sfsi;
2351 int r;
2352
2353 assert(m);
2354 assert(m->signal_fd == fd);
2355
2356 if (revents != EPOLLIN) {
2357 log_warning("Got unexpected events from signal file descriptor.");
2358 return 0;
2359 }
2360
2361 n = read(m->signal_fd, &sfsi, sizeof(sfsi));
2362 if (n != sizeof(sfsi)) {
2363 if (n >= 0) {
2364 log_warning("Truncated read from signal fd (%zu bytes), ignoring!", n);
2365 return 0;
2366 }
2367
2368 if (IN_SET(errno, EINTR, EAGAIN))
2369 return 0;
2370
2371 /* We return an error here, which will kill this handler,
2372 * to avoid a busy loop on read error. */
2373 return log_error_errno(errno, "Reading from signal fd failed: %m");
2374 }
2375
2376 log_received_signal(sfsi.ssi_signo == SIGCHLD ||
2377 (sfsi.ssi_signo == SIGTERM && MANAGER_IS_USER(m))
2378 ? LOG_DEBUG : LOG_INFO,
2379 &sfsi);
2380
2381 switch (sfsi.ssi_signo) {
2382
2383 case SIGCHLD:
2384 r = sd_event_source_set_enabled(m->sigchld_event_source, SD_EVENT_ON);
2385 if (r < 0)
2386 log_warning_errno(r, "Failed to enable SIGCHLD event source, ignoring: %m");
2387
2388 break;
2389
2390 case SIGTERM:
2391 if (MANAGER_IS_SYSTEM(m)) {
2392 /* This is for compatibility with the original sysvinit */
2393 r = verify_run_space_and_log("Refusing to reexecute");
2394 if (r >= 0)
2395 m->exit_code = MANAGER_REEXECUTE;
2396 break;
2397 }
2398
2399 _fallthrough_;
2400 case SIGINT:
2401 if (MANAGER_IS_SYSTEM(m))
2402 manager_handle_ctrl_alt_del(m);
2403 else
2404 manager_start_target(m, SPECIAL_EXIT_TARGET,
2405 JOB_REPLACE_IRREVERSIBLY);
2406 break;
2407
2408 case SIGWINCH:
2409 /* This is a nop on non-init */
2410 if (MANAGER_IS_SYSTEM(m))
2411 manager_start_target(m, SPECIAL_KBREQUEST_TARGET, JOB_REPLACE);
2412
2413 break;
2414
2415 case SIGPWR:
2416 /* This is a nop on non-init */
2417 if (MANAGER_IS_SYSTEM(m))
2418 manager_start_target(m, SPECIAL_SIGPWR_TARGET, JOB_REPLACE);
2419
2420 break;
2421
2422 case SIGUSR1:
2423 if (manager_dbus_is_running(m, false)) {
2424 log_info("Trying to reconnect to bus...");
2425
2426 (void) bus_init_api(m);
2427
2428 if (MANAGER_IS_SYSTEM(m))
2429 (void) bus_init_system(m);
2430 } else {
2431 log_info("Starting D-Bus service...");
2432 manager_start_target(m, SPECIAL_DBUS_SERVICE, JOB_REPLACE);
2433 }
2434
2435 break;
2436
2437 case SIGUSR2: {
2438 _cleanup_free_ char *dump = NULL;
2439
2440 r = manager_get_dump_string(m, &dump);
2441 if (r < 0) {
2442 log_warning_errno(errno, "Failed to acquire manager dump: %m");
2443 break;
2444 }
2445
2446 log_dump(LOG_INFO, dump);
2447 break;
2448 }
2449
2450 case SIGHUP:
2451 r = verify_run_space_and_log("Refusing to reload");
2452 if (r >= 0)
2453 m->exit_code = MANAGER_RELOAD;
2454 break;
2455
2456 default: {
2457
2458 /* Starting SIGRTMIN+0 */
2459 static const struct {
2460 const char *target;
2461 JobMode mode;
2462 } target_table[] = {
2463 [0] = { SPECIAL_DEFAULT_TARGET, JOB_ISOLATE },
2464 [1] = { SPECIAL_RESCUE_TARGET, JOB_ISOLATE },
2465 [2] = { SPECIAL_EMERGENCY_TARGET, JOB_ISOLATE },
2466 [3] = { SPECIAL_HALT_TARGET, JOB_REPLACE_IRREVERSIBLY },
2467 [4] = { SPECIAL_POWEROFF_TARGET, JOB_REPLACE_IRREVERSIBLY },
2468 [5] = { SPECIAL_REBOOT_TARGET, JOB_REPLACE_IRREVERSIBLY },
2469 [6] = { SPECIAL_KEXEC_TARGET, JOB_REPLACE_IRREVERSIBLY },
2470 };
2471
2472 /* Starting SIGRTMIN+13, so that target halt and system halt are 10 apart */
2473 static const ManagerExitCode code_table[] = {
2474 [0] = MANAGER_HALT,
2475 [1] = MANAGER_POWEROFF,
2476 [2] = MANAGER_REBOOT,
2477 [3] = MANAGER_KEXEC,
2478 };
2479
2480 if ((int) sfsi.ssi_signo >= SIGRTMIN+0 &&
2481 (int) sfsi.ssi_signo < SIGRTMIN+(int) ELEMENTSOF(target_table)) {
2482 int idx = (int) sfsi.ssi_signo - SIGRTMIN;
2483 manager_start_target(m, target_table[idx].target,
2484 target_table[idx].mode);
2485 break;
2486 }
2487
2488 if ((int) sfsi.ssi_signo >= SIGRTMIN+13 &&
2489 (int) sfsi.ssi_signo < SIGRTMIN+13+(int) ELEMENTSOF(code_table)) {
2490 m->exit_code = code_table[sfsi.ssi_signo - SIGRTMIN - 13];
2491 break;
2492 }
2493
2494 switch (sfsi.ssi_signo - SIGRTMIN) {
2495
2496 case 20:
2497 manager_set_show_status(m, SHOW_STATUS_YES);
2498 break;
2499
2500 case 21:
2501 manager_set_show_status(m, SHOW_STATUS_NO);
2502 break;
2503
2504 case 22:
2505 log_set_max_level(LOG_DEBUG);
2506 log_info("Setting log level to debug.");
2507 break;
2508
2509 case 23:
2510 log_set_max_level(LOG_INFO);
2511 log_info("Setting log level to info.");
2512 break;
2513
2514 case 24:
2515 if (MANAGER_IS_USER(m)) {
2516 m->exit_code = MANAGER_EXIT;
2517 return 0;
2518 }
2519
2520 /* This is a nop on init */
2521 break;
2522
2523 case 26:
2524 case 29: /* compatibility: used to be mapped to LOG_TARGET_SYSLOG_OR_KMSG */
2525 log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
2526 log_notice("Setting log target to journal-or-kmsg.");
2527 break;
2528
2529 case 27:
2530 log_set_target(LOG_TARGET_CONSOLE);
2531 log_notice("Setting log target to console.");
2532 break;
2533
2534 case 28:
2535 log_set_target(LOG_TARGET_KMSG);
2536 log_notice("Setting log target to kmsg.");
2537 break;
2538
2539 default:
2540 log_warning("Got unhandled signal <%s>.", signal_to_string(sfsi.ssi_signo));
2541 }
2542 }}
2543
2544 return 0;
2545 }
2546
2547 static int manager_dispatch_time_change_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2548 Manager *m = userdata;
2549 Iterator i;
2550 Unit *u;
2551
2552 assert(m);
2553 assert(m->time_change_fd == fd);
2554
2555 log_struct(LOG_DEBUG,
2556 "MESSAGE_ID=" SD_MESSAGE_TIME_CHANGE_STR,
2557 LOG_MESSAGE("Time has been changed"),
2558 NULL);
2559
2560 /* Restart the watch */
2561 m->time_change_event_source = sd_event_source_unref(m->time_change_event_source);
2562 m->time_change_fd = safe_close(m->time_change_fd);
2563
2564 manager_setup_time_change(m);
2565
2566 HASHMAP_FOREACH(u, m->units, i)
2567 if (UNIT_VTABLE(u)->time_change)
2568 UNIT_VTABLE(u)->time_change(u);
2569
2570 return 0;
2571 }
2572
2573 static int manager_dispatch_idle_pipe_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2574 Manager *m = userdata;
2575
2576 assert(m);
2577 assert(m->idle_pipe[2] == fd);
2578
2579 /* There's at least one Type=idle child that just gave up on us waiting for the boot process to complete. Let's
2580 * now turn off any further console output if there's at least one service that needs console access, so that
2581 * from now on our own output should not spill into that service's output anymore. After all, we support
2582 * Type=idle only to beautify console output and it generally is set on services that want to own the console
2583 * exclusively without our interference. */
2584 m->no_console_output = m->n_on_console > 0;
2585
2586 /* Acknowledge the child's request, and let all all other children know too that they shouldn't wait any longer
2587 * by closing the pipes towards them, which is what they are waiting for. */
2588 manager_close_idle_pipe(m);
2589
2590 return 0;
2591 }
2592
2593 static int manager_dispatch_jobs_in_progress(sd_event_source *source, usec_t usec, void *userdata) {
2594 Manager *m = userdata;
2595 int r;
2596 uint64_t next;
2597
2598 assert(m);
2599 assert(source);
2600
2601 manager_print_jobs_in_progress(m);
2602
2603 next = now(CLOCK_MONOTONIC) + JOBS_IN_PROGRESS_PERIOD_USEC;
2604 r = sd_event_source_set_time(source, next);
2605 if (r < 0)
2606 return r;
2607
2608 return sd_event_source_set_enabled(source, SD_EVENT_ONESHOT);
2609 }
2610
2611 int manager_loop(Manager *m) {
2612 int r;
2613
2614 RATELIMIT_DEFINE(rl, 1*USEC_PER_SEC, 50000);
2615
2616 assert(m);
2617 m->exit_code = MANAGER_OK;
2618
2619 /* Release the path cache */
2620 m->unit_path_cache = set_free_free(m->unit_path_cache);
2621
2622 manager_check_finished(m);
2623
2624 /* There might still be some zombies hanging around from before we were exec()'ed. Let's reap them. */
2625 r = sd_event_source_set_enabled(m->sigchld_event_source, SD_EVENT_ON);
2626 if (r < 0)
2627 return log_error_errno(r, "Failed to enable SIGCHLD event source: %m");
2628
2629 while (m->exit_code == MANAGER_OK) {
2630 usec_t wait_usec;
2631
2632 if (m->runtime_watchdog > 0 && m->runtime_watchdog != USEC_INFINITY && MANAGER_IS_SYSTEM(m))
2633 watchdog_ping();
2634
2635 if (!ratelimit_test(&rl)) {
2636 /* Yay, something is going seriously wrong, pause a little */
2637 log_warning("Looping too fast. Throttling execution a little.");
2638 sleep(1);
2639 }
2640
2641 if (manager_dispatch_load_queue(m) > 0)
2642 continue;
2643
2644 if (manager_dispatch_gc_job_queue(m) > 0)
2645 continue;
2646
2647 if (manager_dispatch_gc_unit_queue(m) > 0)
2648 continue;
2649
2650 if (manager_dispatch_cleanup_queue(m) > 0)
2651 continue;
2652
2653 if (manager_dispatch_cgroup_realize_queue(m) > 0)
2654 continue;
2655
2656 if (manager_dispatch_dbus_queue(m) > 0)
2657 continue;
2658
2659 /* Sleep for half the watchdog time */
2660 if (m->runtime_watchdog > 0 && m->runtime_watchdog != USEC_INFINITY && MANAGER_IS_SYSTEM(m)) {
2661 wait_usec = m->runtime_watchdog / 2;
2662 if (wait_usec <= 0)
2663 wait_usec = 1;
2664 } else
2665 wait_usec = USEC_INFINITY;
2666
2667 r = sd_event_run(m->event, wait_usec);
2668 if (r < 0)
2669 return log_error_errno(r, "Failed to run event loop: %m");
2670 }
2671
2672 return m->exit_code;
2673 }
2674
2675 int manager_load_unit_from_dbus_path(Manager *m, const char *s, sd_bus_error *e, Unit **_u) {
2676 _cleanup_free_ char *n = NULL;
2677 sd_id128_t invocation_id;
2678 Unit *u;
2679 int r;
2680
2681 assert(m);
2682 assert(s);
2683 assert(_u);
2684
2685 r = unit_name_from_dbus_path(s, &n);
2686 if (r < 0)
2687 return r;
2688
2689 /* Permit addressing units by invocation ID: if the passed bus path is suffixed by a 128bit ID then we use it
2690 * as invocation ID. */
2691 r = sd_id128_from_string(n, &invocation_id);
2692 if (r >= 0) {
2693 u = hashmap_get(m->units_by_invocation_id, &invocation_id);
2694 if (u) {
2695 *_u = u;
2696 return 0;
2697 }
2698
2699 return sd_bus_error_setf(e, BUS_ERROR_NO_UNIT_FOR_INVOCATION_ID, "No unit with the specified invocation ID " SD_ID128_FORMAT_STR " known.", SD_ID128_FORMAT_VAL(invocation_id));
2700 }
2701
2702 /* If this didn't work, we check if this is a unit name */
2703 if (!unit_name_is_valid(n, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE))
2704 return sd_bus_error_setf(e, SD_BUS_ERROR_INVALID_ARGS, "Unit name %s is neither a valid invocation ID nor unit name.", n);
2705
2706 r = manager_load_unit(m, n, NULL, e, &u);
2707 if (r < 0)
2708 return r;
2709
2710 *_u = u;
2711 return 0;
2712 }
2713
2714 int manager_get_job_from_dbus_path(Manager *m, const char *s, Job **_j) {
2715 const char *p;
2716 unsigned id;
2717 Job *j;
2718 int r;
2719
2720 assert(m);
2721 assert(s);
2722 assert(_j);
2723
2724 p = startswith(s, "/org/freedesktop/systemd1/job/");
2725 if (!p)
2726 return -EINVAL;
2727
2728 r = safe_atou(p, &id);
2729 if (r < 0)
2730 return r;
2731
2732 j = manager_get_job(m, id);
2733 if (!j)
2734 return -ENOENT;
2735
2736 *_j = j;
2737
2738 return 0;
2739 }
2740
2741 void manager_send_unit_audit(Manager *m, Unit *u, int type, bool success) {
2742
2743 #if HAVE_AUDIT
2744 _cleanup_free_ char *p = NULL;
2745 const char *msg;
2746 int audit_fd, r;
2747
2748 if (!MANAGER_IS_SYSTEM(m))
2749 return;
2750
2751 audit_fd = get_audit_fd();
2752 if (audit_fd < 0)
2753 return;
2754
2755 /* Don't generate audit events if the service was already
2756 * started and we're just deserializing */
2757 if (MANAGER_IS_RELOADING(m))
2758 return;
2759
2760 if (u->type != UNIT_SERVICE)
2761 return;
2762
2763 r = unit_name_to_prefix_and_instance(u->id, &p);
2764 if (r < 0) {
2765 log_error_errno(r, "Failed to extract prefix and instance of unit name: %m");
2766 return;
2767 }
2768
2769 msg = strjoina("unit=", p);
2770 if (audit_log_user_comm_message(audit_fd, type, msg, "systemd", NULL, NULL, NULL, success) < 0) {
2771 if (errno == EPERM)
2772 /* We aren't allowed to send audit messages?
2773 * Then let's not retry again. */
2774 close_audit_fd();
2775 else
2776 log_warning_errno(errno, "Failed to send audit message: %m");
2777 }
2778 #endif
2779
2780 }
2781
2782 void manager_send_unit_plymouth(Manager *m, Unit *u) {
2783 static const union sockaddr_union sa = PLYMOUTH_SOCKET;
2784 _cleanup_free_ char *message = NULL;
2785 _cleanup_close_ int fd = -1;
2786 int n = 0;
2787
2788 /* Don't generate plymouth events if the service was already
2789 * started and we're just deserializing */
2790 if (MANAGER_IS_RELOADING(m))
2791 return;
2792
2793 if (!MANAGER_IS_SYSTEM(m))
2794 return;
2795
2796 if (detect_container() > 0)
2797 return;
2798
2799 if (!IN_SET(u->type, UNIT_SERVICE, UNIT_MOUNT, UNIT_SWAP))
2800 return;
2801
2802 /* We set SOCK_NONBLOCK here so that we rather drop the
2803 * message then wait for plymouth */
2804 fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
2805 if (fd < 0) {
2806 log_error_errno(errno, "socket() failed: %m");
2807 return;
2808 }
2809
2810 if (connect(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) {
2811 if (!IN_SET(errno, EPIPE, EAGAIN, ENOENT, ECONNREFUSED, ECONNRESET, ECONNABORTED))
2812 log_error_errno(errno, "connect() failed: %m");
2813 return;
2814 }
2815
2816 if (asprintf(&message, "U\002%c%s%n", (int) (strlen(u->id) + 1), u->id, &n) < 0) {
2817 log_oom();
2818 return;
2819 }
2820
2821 errno = 0;
2822 if (write(fd, message, n + 1) != n + 1)
2823 if (!IN_SET(errno, EPIPE, EAGAIN, ENOENT, ECONNREFUSED, ECONNRESET, ECONNABORTED))
2824 log_error_errno(errno, "Failed to write Plymouth message: %m");
2825 }
2826
2827 int manager_open_serialization(Manager *m, FILE **_f) {
2828 int fd;
2829 FILE *f;
2830
2831 assert(_f);
2832
2833 fd = open_serialization_fd("systemd-state");
2834 if (fd < 0)
2835 return fd;
2836
2837 f = fdopen(fd, "w+");
2838 if (!f) {
2839 safe_close(fd);
2840 return -errno;
2841 }
2842
2843 *_f = f;
2844 return 0;
2845 }
2846
2847 int manager_serialize(Manager *m, FILE *f, FDSet *fds, bool switching_root) {
2848 ManagerTimestamp q;
2849 const char *t;
2850 Iterator i;
2851 Unit *u;
2852 int r;
2853
2854 assert(m);
2855 assert(f);
2856 assert(fds);
2857
2858 m->n_reloading++;
2859
2860 fprintf(f, "current-job-id=%"PRIu32"\n", m->current_job_id);
2861 fprintf(f, "n-installed-jobs=%u\n", m->n_installed_jobs);
2862 fprintf(f, "n-failed-jobs=%u\n", m->n_failed_jobs);
2863 fprintf(f, "taint-usr=%s\n", yes_no(m->taint_usr));
2864 fprintf(f, "ready-sent=%s\n", yes_no(m->ready_sent));
2865 fprintf(f, "taint-logged=%s\n", yes_no(m->taint_logged));
2866 fprintf(f, "service-watchdogs=%s\n", yes_no(m->service_watchdogs));
2867
2868 for (q = 0; q < _MANAGER_TIMESTAMP_MAX; q++) {
2869 /* The userspace and finish timestamps only apply to the host system, hence only serialize them there */
2870 if (in_initrd() && IN_SET(q, MANAGER_TIMESTAMP_USERSPACE, MANAGER_TIMESTAMP_FINISH))
2871 continue;
2872
2873 t = manager_timestamp_to_string(q);
2874 {
2875 char field[strlen(t) + STRLEN("-timestamp") + 1];
2876 strcpy(stpcpy(field, t), "-timestamp");
2877 dual_timestamp_serialize(f, field, m->timestamps + q);
2878 }
2879 }
2880
2881 if (!switching_root)
2882 (void) serialize_environment(f, m->environment);
2883
2884 if (m->notify_fd >= 0) {
2885 int copy;
2886
2887 copy = fdset_put_dup(fds, m->notify_fd);
2888 if (copy < 0)
2889 return copy;
2890
2891 fprintf(f, "notify-fd=%i\n", copy);
2892 fprintf(f, "notify-socket=%s\n", m->notify_socket);
2893 }
2894
2895 if (m->cgroups_agent_fd >= 0) {
2896 int copy;
2897
2898 copy = fdset_put_dup(fds, m->cgroups_agent_fd);
2899 if (copy < 0)
2900 return copy;
2901
2902 fprintf(f, "cgroups-agent-fd=%i\n", copy);
2903 }
2904
2905 if (m->user_lookup_fds[0] >= 0) {
2906 int copy0, copy1;
2907
2908 copy0 = fdset_put_dup(fds, m->user_lookup_fds[0]);
2909 if (copy0 < 0)
2910 return copy0;
2911
2912 copy1 = fdset_put_dup(fds, m->user_lookup_fds[1]);
2913 if (copy1 < 0)
2914 return copy1;
2915
2916 fprintf(f, "user-lookup=%i %i\n", copy0, copy1);
2917 }
2918
2919 bus_track_serialize(m->subscribed, f, "subscribed");
2920
2921 r = dynamic_user_serialize(m, f, fds);
2922 if (r < 0)
2923 return r;
2924
2925 manager_serialize_uid_refs(m, f);
2926 manager_serialize_gid_refs(m, f);
2927
2928 r = exec_runtime_serialize(m, f, fds);
2929 if (r < 0)
2930 return r;
2931
2932 (void) fputc('\n', f);
2933
2934 HASHMAP_FOREACH_KEY(u, t, m->units, i) {
2935 if (u->id != t)
2936 continue;
2937
2938 /* Start marker */
2939 fputs(u->id, f);
2940 fputc('\n', f);
2941
2942 r = unit_serialize(u, f, fds, !switching_root);
2943 if (r < 0) {
2944 m->n_reloading--;
2945 return r;
2946 }
2947 }
2948
2949 assert(m->n_reloading > 0);
2950 m->n_reloading--;
2951
2952 if (ferror(f))
2953 return -EIO;
2954
2955 r = bus_fdset_add_all(m, fds);
2956 if (r < 0)
2957 return r;
2958
2959 return 0;
2960 }
2961
2962 int manager_deserialize(Manager *m, FILE *f, FDSet *fds) {
2963 int r = 0;
2964
2965 assert(m);
2966 assert(f);
2967
2968 log_debug("Deserializing state...");
2969
2970 m->n_reloading++;
2971
2972 for (;;) {
2973 char line[LINE_MAX];
2974 const char *val, *l;
2975
2976 if (!fgets(line, sizeof(line), f)) {
2977 if (feof(f))
2978 r = 0;
2979 else
2980 r = -errno;
2981
2982 goto finish;
2983 }
2984
2985 char_array_0(line);
2986 l = strstrip(line);
2987
2988 if (l[0] == 0)
2989 break;
2990
2991 if ((val = startswith(l, "current-job-id="))) {
2992 uint32_t id;
2993
2994 if (safe_atou32(val, &id) < 0)
2995 log_notice("Failed to parse current job id value %s", val);
2996 else
2997 m->current_job_id = MAX(m->current_job_id, id);
2998
2999 } else if ((val = startswith(l, "n-installed-jobs="))) {
3000 uint32_t n;
3001
3002 if (safe_atou32(val, &n) < 0)
3003 log_notice("Failed to parse installed jobs counter %s", val);
3004 else
3005 m->n_installed_jobs += n;
3006
3007 } else if ((val = startswith(l, "n-failed-jobs="))) {
3008 uint32_t n;
3009
3010 if (safe_atou32(val, &n) < 0)
3011 log_notice("Failed to parse failed jobs counter %s", val);
3012 else
3013 m->n_failed_jobs += n;
3014
3015 } else if ((val = startswith(l, "taint-usr="))) {
3016 int b;
3017
3018 b = parse_boolean(val);
3019 if (b < 0)
3020 log_notice("Failed to parse taint /usr flag %s", val);
3021 else
3022 m->taint_usr = m->taint_usr || b;
3023
3024 } else if ((val = startswith(l, "ready-sent="))) {
3025 int b;
3026
3027 b = parse_boolean(val);
3028 if (b < 0)
3029 log_notice("Failed to parse ready-sent flag %s", val);
3030 else
3031 m->ready_sent = m->ready_sent || b;
3032
3033 } else if ((val = startswith(l, "taint-logged="))) {
3034 int b;
3035
3036 b = parse_boolean(val);
3037 if (b < 0)
3038 log_notice("Failed to parse taint-logged flag %s", val);
3039 else
3040 m->taint_logged = m->taint_logged || b;
3041
3042 } else if ((val = startswith(l, "service-watchdogs="))) {
3043 int b;
3044
3045 b = parse_boolean(val);
3046 if (b < 0)
3047 log_notice("Failed to parse service-watchdogs flag %s", val);
3048 else
3049 m->service_watchdogs = b;
3050
3051 } else if (startswith(l, "env=")) {
3052 r = deserialize_environment(&m->environment, l);
3053 if (r == -ENOMEM)
3054 goto finish;
3055 if (r < 0)
3056 log_notice_errno(r, "Failed to parse environment entry: \"%s\": %m", l);
3057
3058 } else if ((val = startswith(l, "notify-fd="))) {
3059 int fd;
3060
3061 if (safe_atoi(val, &fd) < 0 || fd < 0 || !fdset_contains(fds, fd))
3062 log_notice("Failed to parse notify fd: \"%s\"", val);
3063 else {
3064 m->notify_event_source = sd_event_source_unref(m->notify_event_source);
3065 safe_close(m->notify_fd);
3066 m->notify_fd = fdset_remove(fds, fd);
3067 }
3068
3069 } else if ((val = startswith(l, "notify-socket="))) {
3070 char *n;
3071
3072 n = strdup(val);
3073 if (!n) {
3074 r = -ENOMEM;
3075 goto finish;
3076 }
3077
3078 free(m->notify_socket);
3079 m->notify_socket = n;
3080
3081 } else if ((val = startswith(l, "cgroups-agent-fd="))) {
3082 int fd;
3083
3084 if (safe_atoi(val, &fd) < 0 || fd < 0 || !fdset_contains(fds, fd))
3085 log_notice("Failed to parse cgroups agent fd: %s", val);
3086 else {
3087 m->cgroups_agent_event_source = sd_event_source_unref(m->cgroups_agent_event_source);
3088 safe_close(m->cgroups_agent_fd);
3089 m->cgroups_agent_fd = fdset_remove(fds, fd);
3090 }
3091
3092 } else if ((val = startswith(l, "user-lookup="))) {
3093 int fd0, fd1;
3094
3095 if (sscanf(val, "%i %i", &fd0, &fd1) != 2 || fd0 < 0 || fd1 < 0 || fd0 == fd1 || !fdset_contains(fds, fd0) || !fdset_contains(fds, fd1))
3096 log_notice("Failed to parse user lookup fd: %s", val);
3097 else {
3098 m->user_lookup_event_source = sd_event_source_unref(m->user_lookup_event_source);
3099 safe_close_pair(m->user_lookup_fds);
3100 m->user_lookup_fds[0] = fdset_remove(fds, fd0);
3101 m->user_lookup_fds[1] = fdset_remove(fds, fd1);
3102 }
3103
3104 } else if ((val = startswith(l, "dynamic-user=")))
3105 dynamic_user_deserialize_one(m, val, fds);
3106 else if ((val = startswith(l, "destroy-ipc-uid=")))
3107 manager_deserialize_uid_refs_one(m, val);
3108 else if ((val = startswith(l, "destroy-ipc-gid=")))
3109 manager_deserialize_gid_refs_one(m, val);
3110 else if ((val = startswith(l, "exec-runtime=")))
3111 exec_runtime_deserialize_one(m, val, fds);
3112 else if ((val = startswith(l, "subscribed="))) {
3113
3114 if (strv_extend(&m->deserialized_subscribed, val) < 0)
3115 log_oom();
3116 } else {
3117 ManagerTimestamp q;
3118
3119 for (q = 0; q < _MANAGER_TIMESTAMP_MAX; q++) {
3120 val = startswith(l, manager_timestamp_to_string(q));
3121 if (!val)
3122 continue;
3123
3124 val = startswith(val, "-timestamp=");
3125 if (val)
3126 break;
3127 }
3128
3129 if (q < _MANAGER_TIMESTAMP_MAX) /* found it */
3130 dual_timestamp_deserialize(val, m->timestamps + q);
3131 else if (!startswith(l, "kdbus-fd=")) /* ignore kdbus */
3132 log_notice("Unknown serialization item '%s'", l);
3133 }
3134 }
3135
3136 for (;;) {
3137 Unit *u;
3138 char name[UNIT_NAME_MAX+2];
3139 const char* unit_name;
3140
3141 /* Start marker */
3142 if (!fgets(name, sizeof(name), f)) {
3143 if (feof(f))
3144 r = 0;
3145 else
3146 r = -errno;
3147
3148 goto finish;
3149 }
3150
3151 char_array_0(name);
3152 unit_name = strstrip(name);
3153
3154 r = manager_load_unit(m, unit_name, NULL, NULL, &u);
3155 if (r < 0) {
3156 log_notice_errno(r, "Failed to load unit \"%s\", skipping deserialization: %m", unit_name);
3157 if (r == -ENOMEM)
3158 goto finish;
3159 unit_deserialize_skip(f);
3160 continue;
3161 }
3162
3163 r = unit_deserialize(u, f, fds);
3164 if (r < 0) {
3165 log_notice_errno(r, "Failed to deserialize unit \"%s\": %m", unit_name);
3166 if (r == -ENOMEM)
3167 goto finish;
3168 }
3169 }
3170
3171 finish:
3172 if (ferror(f))
3173 r = -EIO;
3174
3175 assert(m->n_reloading > 0);
3176 m->n_reloading--;
3177
3178 return r;
3179 }
3180
3181 int manager_reload(Manager *m) {
3182 int r, q;
3183 _cleanup_fclose_ FILE *f = NULL;
3184 _cleanup_fdset_free_ FDSet *fds = NULL;
3185
3186 assert(m);
3187
3188 r = manager_open_serialization(m, &f);
3189 if (r < 0)
3190 return r;
3191
3192 m->n_reloading++;
3193 bus_manager_send_reloading(m, true);
3194
3195 fds = fdset_new();
3196 if (!fds) {
3197 m->n_reloading--;
3198 return -ENOMEM;
3199 }
3200
3201 r = manager_serialize(m, f, fds, false);
3202 if (r < 0) {
3203 m->n_reloading--;
3204 return r;
3205 }
3206
3207 if (fseeko(f, 0, SEEK_SET) < 0) {
3208 m->n_reloading--;
3209 return -errno;
3210 }
3211
3212 /* From here on there is no way back. */
3213 manager_clear_jobs_and_units(m);
3214 lookup_paths_flush_generator(&m->lookup_paths);
3215 lookup_paths_free(&m->lookup_paths);
3216 exec_runtime_vacuum(m);
3217 dynamic_user_vacuum(m, false);
3218 m->uid_refs = hashmap_free(m->uid_refs);
3219 m->gid_refs = hashmap_free(m->gid_refs);
3220
3221 q = lookup_paths_init(&m->lookup_paths, m->unit_file_scope, 0, NULL);
3222 if (q < 0 && r >= 0)
3223 r = q;
3224
3225 q = manager_run_environment_generators(m);
3226 if (q < 0 && r >= 0)
3227 r = q;
3228
3229 /* Find new unit paths */
3230 q = manager_run_generators(m);
3231 if (q < 0 && r >= 0)
3232 r = q;
3233
3234 lookup_paths_reduce(&m->lookup_paths);
3235 manager_build_unit_path_cache(m);
3236
3237 /* First, enumerate what we can from all config files */
3238 manager_enumerate(m);
3239
3240 /* Second, deserialize our stored data */
3241 q = manager_deserialize(m, f, fds);
3242 if (q < 0) {
3243 log_error_errno(q, "Deserialization failed: %m");
3244
3245 if (r >= 0)
3246 r = q;
3247 }
3248
3249 fclose(f);
3250 f = NULL;
3251
3252 /* Re-register notify_fd as event source */
3253 q = manager_setup_notify(m);
3254 if (q < 0 && r >= 0)
3255 r = q;
3256
3257 q = manager_setup_cgroups_agent(m);
3258 if (q < 0 && r >= 0)
3259 r = q;
3260
3261 q = manager_setup_user_lookup_fd(m);
3262 if (q < 0 && r >= 0)
3263 r = q;
3264
3265 /* Third, fire things up! */
3266 manager_coldplug(m);
3267
3268 /* Release any dynamic users no longer referenced */
3269 dynamic_user_vacuum(m, true);
3270
3271 /* Release any references to UIDs/GIDs no longer referenced, and destroy any IPC owned by them */
3272 manager_vacuum_uid_refs(m);
3273 manager_vacuum_gid_refs(m);
3274
3275 exec_runtime_vacuum(m);
3276
3277 assert(m->n_reloading > 0);
3278 m->n_reloading--;
3279
3280 /* It might be safe to log to the journal now and connect to dbus */
3281 manager_recheck_journal(m);
3282 manager_recheck_dbus(m);
3283
3284 /* Sync current state of bus names with our set of listening units */
3285 q = manager_enqueue_sync_bus_names(m);
3286 if (q < 0 && r >= 0)
3287 r = q;
3288
3289 m->send_reloading_done = true;
3290
3291 return r;
3292 }
3293
3294 void manager_reset_failed(Manager *m) {
3295 Unit *u;
3296 Iterator i;
3297
3298 assert(m);
3299
3300 HASHMAP_FOREACH(u, m->units, i)
3301 unit_reset_failed(u);
3302 }
3303
3304 bool manager_unit_inactive_or_pending(Manager *m, const char *name) {
3305 Unit *u;
3306
3307 assert(m);
3308 assert(name);
3309
3310 /* Returns true if the unit is inactive or going down */
3311 u = manager_get_unit(m, name);
3312 if (!u)
3313 return true;
3314
3315 return unit_inactive_or_pending(u);
3316 }
3317
3318 static void log_taint_string(Manager *m) {
3319 _cleanup_free_ char *taint = NULL;
3320
3321 assert(m);
3322
3323 if (MANAGER_IS_USER(m) || m->taint_logged)
3324 return;
3325
3326 m->taint_logged = true; /* only check for taint once */
3327
3328 taint = manager_taint_string(m);
3329 if (isempty(taint))
3330 return;
3331
3332 log_struct(LOG_NOTICE,
3333 LOG_MESSAGE("System is tainted: %s", taint),
3334 "TAINT=%s", taint,
3335 "MESSAGE_ID=" SD_MESSAGE_TAINTED_STR,
3336 NULL);
3337 }
3338
3339 static void manager_notify_finished(Manager *m) {
3340 char userspace[FORMAT_TIMESPAN_MAX], initrd[FORMAT_TIMESPAN_MAX], kernel[FORMAT_TIMESPAN_MAX], sum[FORMAT_TIMESPAN_MAX];
3341 usec_t firmware_usec, loader_usec, kernel_usec, initrd_usec, userspace_usec, total_usec;
3342
3343 if (m->test_run_flags)
3344 return;
3345
3346 if (MANAGER_IS_SYSTEM(m) && detect_container() <= 0) {
3347 char ts[FORMAT_TIMESPAN_MAX];
3348 char buf[FORMAT_TIMESPAN_MAX + STRLEN(" (firmware) + ") + FORMAT_TIMESPAN_MAX + STRLEN(" (loader) + ")]
3349 = {};
3350 char *p = buf;
3351 size_t size = sizeof buf;
3352
3353 /* Note that MANAGER_TIMESTAMP_KERNEL's monotonic value is always at 0, and
3354 * MANAGER_TIMESTAMP_FIRMWARE's and MANAGER_TIMESTAMP_LOADER's monotonic value should be considered
3355 * negative values. */
3356
3357 firmware_usec = m->timestamps[MANAGER_TIMESTAMP_FIRMWARE].monotonic - m->timestamps[MANAGER_TIMESTAMP_LOADER].monotonic;
3358 loader_usec = m->timestamps[MANAGER_TIMESTAMP_LOADER].monotonic - m->timestamps[MANAGER_TIMESTAMP_KERNEL].monotonic;
3359 userspace_usec = m->timestamps[MANAGER_TIMESTAMP_FINISH].monotonic - m->timestamps[MANAGER_TIMESTAMP_USERSPACE].monotonic;
3360 total_usec = m->timestamps[MANAGER_TIMESTAMP_FIRMWARE].monotonic + m->timestamps[MANAGER_TIMESTAMP_FINISH].monotonic;
3361
3362 if (firmware_usec > 0)
3363 size = strpcpyf(&p, size, "%s (firmware) + ", format_timespan(ts, sizeof(ts), firmware_usec, USEC_PER_MSEC));
3364 if (loader_usec > 0)
3365 size = strpcpyf(&p, size, "%s (loader) + ", format_timespan(ts, sizeof(ts), loader_usec, USEC_PER_MSEC));
3366
3367 if (dual_timestamp_is_set(&m->timestamps[MANAGER_TIMESTAMP_INITRD])) {
3368
3369 /* The initrd case on bare-metal*/
3370 kernel_usec = m->timestamps[MANAGER_TIMESTAMP_INITRD].monotonic - m->timestamps[MANAGER_TIMESTAMP_KERNEL].monotonic;
3371 initrd_usec = m->timestamps[MANAGER_TIMESTAMP_USERSPACE].monotonic - m->timestamps[MANAGER_TIMESTAMP_INITRD].monotonic;
3372
3373 log_struct(LOG_INFO,
3374 "MESSAGE_ID=" SD_MESSAGE_STARTUP_FINISHED_STR,
3375 "KERNEL_USEC="USEC_FMT, kernel_usec,
3376 "INITRD_USEC="USEC_FMT, initrd_usec,
3377 "USERSPACE_USEC="USEC_FMT, userspace_usec,
3378 LOG_MESSAGE("Startup finished in %s%s (kernel) + %s (initrd) + %s (userspace) = %s.",
3379 buf,
3380 format_timespan(kernel, sizeof(kernel), kernel_usec, USEC_PER_MSEC),
3381 format_timespan(initrd, sizeof(initrd), initrd_usec, USEC_PER_MSEC),
3382 format_timespan(userspace, sizeof(userspace), userspace_usec, USEC_PER_MSEC),
3383 format_timespan(sum, sizeof(sum), total_usec, USEC_PER_MSEC)),
3384 NULL);
3385 } else {
3386 /* The initrd-less case on bare-metal*/
3387
3388 kernel_usec = m->timestamps[MANAGER_TIMESTAMP_USERSPACE].monotonic - m->timestamps[MANAGER_TIMESTAMP_KERNEL].monotonic;
3389 initrd_usec = 0;
3390
3391 log_struct(LOG_INFO,
3392 "MESSAGE_ID=" SD_MESSAGE_STARTUP_FINISHED_STR,
3393 "KERNEL_USEC="USEC_FMT, kernel_usec,
3394 "USERSPACE_USEC="USEC_FMT, userspace_usec,
3395 LOG_MESSAGE("Startup finished in %s%s (kernel) + %s (userspace) = %s.",
3396 buf,
3397 format_timespan(kernel, sizeof(kernel), kernel_usec, USEC_PER_MSEC),
3398 format_timespan(userspace, sizeof(userspace), userspace_usec, USEC_PER_MSEC),
3399 format_timespan(sum, sizeof(sum), total_usec, USEC_PER_MSEC)),
3400 NULL);
3401 }
3402 } else {
3403 /* The container and --user case */
3404 firmware_usec = loader_usec = initrd_usec = kernel_usec = 0;
3405 total_usec = userspace_usec = m->timestamps[MANAGER_TIMESTAMP_FINISH].monotonic - m->timestamps[MANAGER_TIMESTAMP_USERSPACE].monotonic;
3406
3407 log_struct(LOG_INFO,
3408 "MESSAGE_ID=" SD_MESSAGE_USER_STARTUP_FINISHED_STR,
3409 "USERSPACE_USEC="USEC_FMT, userspace_usec,
3410 LOG_MESSAGE("Startup finished in %s.",
3411 format_timespan(sum, sizeof(sum), total_usec, USEC_PER_MSEC)),
3412 NULL);
3413 }
3414
3415 bus_manager_send_finished(m, firmware_usec, loader_usec, kernel_usec, initrd_usec, userspace_usec, total_usec);
3416
3417 sd_notifyf(false,
3418 m->ready_sent ? "STATUS=Startup finished in %s."
3419 : "READY=1\n"
3420 "STATUS=Startup finished in %s.",
3421 format_timespan(sum, sizeof(sum), total_usec, USEC_PER_MSEC));
3422 m->ready_sent = true;
3423
3424 log_taint_string(m);
3425 }
3426
3427 static void manager_send_ready(Manager *m) {
3428 assert(m);
3429
3430 /* We send READY=1 on reaching basic.target only when running in --user mode. */
3431 if (!MANAGER_IS_USER(m) || m->ready_sent)
3432 return;
3433
3434 m->ready_sent = true;
3435
3436 sd_notifyf(false,
3437 "READY=1\n"
3438 "STATUS=Reached " SPECIAL_BASIC_TARGET ".");
3439 }
3440
3441 static void manager_check_basic_target(Manager *m) {
3442 Unit *u;
3443
3444 assert(m);
3445
3446 /* Small shortcut */
3447 if (m->ready_sent && m->taint_logged)
3448 return;
3449
3450 u = manager_get_unit(m, SPECIAL_BASIC_TARGET);
3451 if (!u || !UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(u)))
3452 return;
3453
3454 /* For user managers, send out READY=1 as soon as we reach basic.target */
3455 manager_send_ready(m);
3456
3457 /* Log the taint string as soon as we reach basic.target */
3458 log_taint_string(m);
3459 }
3460
3461 void manager_check_finished(Manager *m) {
3462 assert(m);
3463
3464 if (MANAGER_IS_RELOADING(m))
3465 return;
3466
3467 /* Verify that we have entered the event loop already, and not left it again. */
3468 if (!MANAGER_IS_RUNNING(m))
3469 return;
3470
3471 manager_check_basic_target(m);
3472
3473 if (hashmap_size(m->jobs) > 0) {
3474 if (m->jobs_in_progress_event_source)
3475 /* Ignore any failure, this is only for feedback */
3476 (void) sd_event_source_set_time(m->jobs_in_progress_event_source, now(CLOCK_MONOTONIC) + JOBS_IN_PROGRESS_WAIT_USEC);
3477
3478 return;
3479 }
3480
3481 manager_flip_auto_status(m, false);
3482
3483 /* Notify Type=idle units that we are done now */
3484 manager_close_idle_pipe(m);
3485
3486 /* Turn off confirm spawn now */
3487 m->confirm_spawn = NULL;
3488
3489 /* No need to update ask password status when we're going non-interactive */
3490 manager_close_ask_password(m);
3491
3492 /* This is no longer the first boot */
3493 manager_set_first_boot(m, false);
3494
3495 if (MANAGER_IS_FINISHED(m))
3496 return;
3497
3498 dual_timestamp_get(m->timestamps + MANAGER_TIMESTAMP_FINISH);
3499
3500 manager_notify_finished(m);
3501
3502 manager_invalidate_startup_units(m);
3503 }
3504
3505 static bool generator_path_any(const char* const* paths) {
3506 char **path;
3507 bool found = false;
3508
3509 /* Optimize by skipping the whole process by not creating output directories
3510 * if no generators are found. */
3511 STRV_FOREACH(path, (char**) paths)
3512 if (access(*path, F_OK) == 0)
3513 found = true;
3514 else if (errno != ENOENT)
3515 log_warning_errno(errno, "Failed to open generator directory %s: %m", *path);
3516
3517 return found;
3518 }
3519
3520 static const char* system_env_generator_binary_paths[] = {
3521 "/run/systemd/system-environment-generators",
3522 "/etc/systemd/system-environment-generators",
3523 "/usr/local/lib/systemd/system-environment-generators",
3524 SYSTEM_ENV_GENERATOR_PATH,
3525 NULL
3526 };
3527
3528 static const char* user_env_generator_binary_paths[] = {
3529 "/run/systemd/user-environment-generators",
3530 "/etc/systemd/user-environment-generators",
3531 "/usr/local/lib/systemd/user-environment-generators",
3532 USER_ENV_GENERATOR_PATH,
3533 NULL
3534 };
3535
3536 static int manager_run_environment_generators(Manager *m) {
3537 char **tmp = NULL; /* this is only used in the forked process, no cleanup here */
3538 const char **paths;
3539 void* args[] = {&tmp, &tmp, &m->environment};
3540
3541 if (m->test_run_flags && !(m->test_run_flags & MANAGER_TEST_RUN_ENV_GENERATORS))
3542 return 0;
3543
3544 paths = MANAGER_IS_SYSTEM(m) ? system_env_generator_binary_paths : user_env_generator_binary_paths;
3545
3546 if (!generator_path_any(paths))
3547 return 0;
3548
3549 return execute_directories(paths, DEFAULT_TIMEOUT_USEC, gather_environment, args, NULL);
3550 }
3551
3552 static int manager_run_generators(Manager *m) {
3553 _cleanup_strv_free_ char **paths = NULL;
3554 const char *argv[5];
3555 int r;
3556
3557 assert(m);
3558
3559 if (m->test_run_flags && !(m->test_run_flags & MANAGER_TEST_RUN_GENERATORS))
3560 return 0;
3561
3562 paths = generator_binary_paths(m->unit_file_scope);
3563 if (!paths)
3564 return log_oom();
3565
3566 if (!generator_path_any((const char* const*) paths))
3567 return 0;
3568
3569 r = lookup_paths_mkdir_generator(&m->lookup_paths);
3570 if (r < 0)
3571 goto finish;
3572
3573 argv[0] = NULL; /* Leave this empty, execute_directory() will fill something in */
3574 argv[1] = m->lookup_paths.generator;
3575 argv[2] = m->lookup_paths.generator_early;
3576 argv[3] = m->lookup_paths.generator_late;
3577 argv[4] = NULL;
3578
3579 RUN_WITH_UMASK(0022)
3580 execute_directories((const char* const*) paths, DEFAULT_TIMEOUT_USEC,
3581 NULL, NULL, (char**) argv);
3582
3583 finish:
3584 lookup_paths_trim_generator(&m->lookup_paths);
3585 return r;
3586 }
3587
3588 int manager_environment_add(Manager *m, char **minus, char **plus) {
3589 char **a = NULL, **b = NULL, **l;
3590 assert(m);
3591
3592 l = m->environment;
3593
3594 if (!strv_isempty(minus)) {
3595 a = strv_env_delete(l, 1, minus);
3596 if (!a)
3597 return -ENOMEM;
3598
3599 l = a;
3600 }
3601
3602 if (!strv_isempty(plus)) {
3603 b = strv_env_merge(2, l, plus);
3604 if (!b) {
3605 strv_free(a);
3606 return -ENOMEM;
3607 }
3608
3609 l = b;
3610 }
3611
3612 if (m->environment != l)
3613 strv_free(m->environment);
3614 if (a != l)
3615 strv_free(a);
3616 if (b != l)
3617 strv_free(b);
3618
3619 m->environment = l;
3620 manager_sanitize_environment(m);
3621
3622 return 0;
3623 }
3624
3625 int manager_set_default_rlimits(Manager *m, struct rlimit **default_rlimit) {
3626 int i;
3627
3628 assert(m);
3629
3630 for (i = 0; i < _RLIMIT_MAX; i++) {
3631 m->rlimit[i] = mfree(m->rlimit[i]);
3632
3633 if (!default_rlimit[i])
3634 continue;
3635
3636 m->rlimit[i] = newdup(struct rlimit, default_rlimit[i], 1);
3637 if (!m->rlimit[i])
3638 return log_oom();
3639 }
3640
3641 return 0;
3642 }
3643
3644 void manager_recheck_dbus(Manager *m) {
3645 assert(m);
3646
3647 /* Connects to the bus if the dbus service and socket are running. If we are running in user mode this is all
3648 * it does. In system mode we'll also connect to the system bus (which will most likely just reuse the
3649 * connection of the API bus). That's because the system bus after all runs as service of the system instance,
3650 * while in the user instance we can assume it's already there. */
3651
3652 if (MANAGER_IS_RELOADING(m))
3653 return; /* don't check while we are reloading… */
3654
3655 if (manager_dbus_is_running(m, false)) {
3656 (void) bus_init_api(m);
3657
3658 if (MANAGER_IS_SYSTEM(m))
3659 (void) bus_init_system(m);
3660 } else {
3661 (void) bus_done_api(m);
3662
3663 if (MANAGER_IS_SYSTEM(m))
3664 (void) bus_done_system(m);
3665 }
3666 }
3667
3668 static bool manager_journal_is_running(Manager *m) {
3669 Unit *u;
3670
3671 assert(m);
3672
3673 if (m->test_run_flags != 0)
3674 return false;
3675
3676 /* If we are the user manager we can safely assume that the journal is up */
3677 if (!MANAGER_IS_SYSTEM(m))
3678 return true;
3679
3680 /* Check that the socket is not only up, but in RUNNING state */
3681 u = manager_get_unit(m, SPECIAL_JOURNALD_SOCKET);
3682 if (!u)
3683 return false;
3684 if (SOCKET(u)->state != SOCKET_RUNNING)
3685 return false;
3686
3687 /* Similar, check if the daemon itself is fully up, too */
3688 u = manager_get_unit(m, SPECIAL_JOURNALD_SERVICE);
3689 if (!u)
3690 return false;
3691 if (!IN_SET(SERVICE(u)->state, SERVICE_RELOAD, SERVICE_RUNNING))
3692 return false;
3693
3694 return true;
3695 }
3696
3697 void manager_recheck_journal(Manager *m) {
3698
3699 assert(m);
3700
3701 /* Don't bother with this unless we are in the special situation of being PID 1 */
3702 if (getpid_cached() != 1)
3703 return;
3704
3705 /* Don't check this while we are reloading, things might still change */
3706 if (MANAGER_IS_RELOADING(m))
3707 return;
3708
3709 /* The journal is fully and entirely up? If so, let's permit logging to it, if that's configured. If the
3710 * journal is down, don't ever log to it, otherwise we might end up deadlocking ourselves as we might trigger
3711 * an activation ourselves we can't fulfill. */
3712 log_set_prohibit_ipc(!manager_journal_is_running(m));
3713 log_open();
3714 }
3715
3716 void manager_set_show_status(Manager *m, ShowStatus mode) {
3717 assert(m);
3718 assert(IN_SET(mode, SHOW_STATUS_AUTO, SHOW_STATUS_NO, SHOW_STATUS_YES, SHOW_STATUS_TEMPORARY));
3719
3720 if (!MANAGER_IS_SYSTEM(m))
3721 return;
3722
3723 if (m->show_status != mode)
3724 log_debug("%s showing of status.",
3725 mode == SHOW_STATUS_NO ? "Disabling" : "Enabling");
3726 m->show_status = mode;
3727
3728 if (mode > 0)
3729 (void) touch("/run/systemd/show-status");
3730 else
3731 (void) unlink("/run/systemd/show-status");
3732 }
3733
3734 static bool manager_get_show_status(Manager *m, StatusType type) {
3735 assert(m);
3736
3737 if (!MANAGER_IS_SYSTEM(m))
3738 return false;
3739
3740 if (m->no_console_output)
3741 return false;
3742
3743 if (!IN_SET(manager_state(m), MANAGER_INITIALIZING, MANAGER_STARTING, MANAGER_STOPPING))
3744 return false;
3745
3746 /* If we cannot find out the status properly, just proceed. */
3747 if (type != STATUS_TYPE_EMERGENCY && manager_check_ask_password(m) > 0)
3748 return false;
3749
3750 return m->show_status > 0;
3751 }
3752
3753 const char *manager_get_confirm_spawn(Manager *m) {
3754 static int last_errno = 0;
3755 const char *vc = m->confirm_spawn;
3756 struct stat st;
3757 int r;
3758
3759 /* Here's the deal: we want to test the validity of the console but don't want
3760 * PID1 to go through the whole console process which might block. But we also
3761 * want to warn the user only once if something is wrong with the console so we
3762 * cannot do the sanity checks after spawning our children. So here we simply do
3763 * really basic tests to hopefully trap common errors.
3764 *
3765 * If the console suddenly disappear at the time our children will really it
3766 * then they will simply fail to acquire it and a positive answer will be
3767 * assumed. New children will fallback to /dev/console though.
3768 *
3769 * Note: TTYs are devices that can come and go any time, and frequently aren't
3770 * available yet during early boot (consider a USB rs232 dongle...). If for any
3771 * reason the configured console is not ready, we fallback to the default
3772 * console. */
3773
3774 if (!vc || path_equal(vc, "/dev/console"))
3775 return vc;
3776
3777 r = stat(vc, &st);
3778 if (r < 0)
3779 goto fail;
3780
3781 if (!S_ISCHR(st.st_mode)) {
3782 errno = ENOTTY;
3783 goto fail;
3784 }
3785
3786 last_errno = 0;
3787 return vc;
3788 fail:
3789 if (last_errno != errno) {
3790 last_errno = errno;
3791 log_warning_errno(errno, "Failed to open %s: %m, using default console", vc);
3792 }
3793 return "/dev/console";
3794 }
3795
3796 void manager_set_first_boot(Manager *m, bool b) {
3797 assert(m);
3798
3799 if (!MANAGER_IS_SYSTEM(m))
3800 return;
3801
3802 if (m->first_boot != (int) b) {
3803 if (b)
3804 (void) touch("/run/systemd/first-boot");
3805 else
3806 (void) unlink("/run/systemd/first-boot");
3807 }
3808
3809 m->first_boot = b;
3810 }
3811
3812 void manager_disable_confirm_spawn(void) {
3813 (void) touch("/run/systemd/confirm_spawn_disabled");
3814 }
3815
3816 bool manager_is_confirm_spawn_disabled(Manager *m) {
3817 if (!m->confirm_spawn)
3818 return true;
3819
3820 return access("/run/systemd/confirm_spawn_disabled", F_OK) >= 0;
3821 }
3822
3823 void manager_status_printf(Manager *m, StatusType type, const char *status, const char *format, ...) {
3824 va_list ap;
3825
3826 /* If m is NULL, assume we're after shutdown and let the messages through. */
3827
3828 if (m && !manager_get_show_status(m, type))
3829 return;
3830
3831 /* XXX We should totally drop the check for ephemeral here
3832 * and thus effectively make 'Type=idle' pointless. */
3833 if (type == STATUS_TYPE_EPHEMERAL && m && m->n_on_console > 0)
3834 return;
3835
3836 va_start(ap, format);
3837 status_vprintf(status, true, type == STATUS_TYPE_EPHEMERAL, format, ap);
3838 va_end(ap);
3839 }
3840
3841 Set *manager_get_units_requiring_mounts_for(Manager *m, const char *path) {
3842 char p[strlen(path)+1];
3843
3844 assert(m);
3845 assert(path);
3846
3847 strcpy(p, path);
3848 path_kill_slashes(p);
3849
3850 return hashmap_get(m->units_requiring_mounts_for, streq(p, "/") ? "" : p);
3851 }
3852
3853 int manager_update_failed_units(Manager *m, Unit *u, bool failed) {
3854 unsigned size;
3855 int r;
3856
3857 assert(m);
3858 assert(u->manager == m);
3859
3860 size = set_size(m->failed_units);
3861
3862 if (failed) {
3863 r = set_ensure_allocated(&m->failed_units, NULL);
3864 if (r < 0)
3865 return log_oom();
3866
3867 if (set_put(m->failed_units, u) < 0)
3868 return log_oom();
3869 } else
3870 (void) set_remove(m->failed_units, u);
3871
3872 if (set_size(m->failed_units) != size)
3873 bus_manager_send_change_signal(m);
3874
3875 return 0;
3876 }
3877
3878 ManagerState manager_state(Manager *m) {
3879 Unit *u;
3880
3881 assert(m);
3882
3883 /* Did we ever finish booting? If not then we are still starting up */
3884 if (!MANAGER_IS_FINISHED(m)) {
3885
3886 u = manager_get_unit(m, SPECIAL_BASIC_TARGET);
3887 if (!u || !UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(u)))
3888 return MANAGER_INITIALIZING;
3889
3890 return MANAGER_STARTING;
3891 }
3892
3893 /* Is the special shutdown target active or queued? If so, we are in shutdown state */
3894 u = manager_get_unit(m, SPECIAL_SHUTDOWN_TARGET);
3895 if (u && unit_active_or_pending(u))
3896 return MANAGER_STOPPING;
3897
3898 if (MANAGER_IS_SYSTEM(m)) {
3899 /* Are the rescue or emergency targets active or queued? If so we are in maintenance state */
3900 u = manager_get_unit(m, SPECIAL_RESCUE_TARGET);
3901 if (u && unit_active_or_pending(u))
3902 return MANAGER_MAINTENANCE;
3903
3904 u = manager_get_unit(m, SPECIAL_EMERGENCY_TARGET);
3905 if (u && unit_active_or_pending(u))
3906 return MANAGER_MAINTENANCE;
3907 }
3908
3909 /* Are there any failed units? If so, we are in degraded mode */
3910 if (set_size(m->failed_units) > 0)
3911 return MANAGER_DEGRADED;
3912
3913 return MANAGER_RUNNING;
3914 }
3915
3916 #define DESTROY_IPC_FLAG (UINT32_C(1) << 31)
3917
3918 static void manager_unref_uid_internal(
3919 Manager *m,
3920 Hashmap **uid_refs,
3921 uid_t uid,
3922 bool destroy_now,
3923 int (*_clean_ipc)(uid_t uid)) {
3924
3925 uint32_t c, n;
3926
3927 assert(m);
3928 assert(uid_refs);
3929 assert(uid_is_valid(uid));
3930 assert(_clean_ipc);
3931
3932 /* A generic implementation, covering both manager_unref_uid() and manager_unref_gid(), under the assumption
3933 * that uid_t and gid_t are actually defined the same way, with the same validity rules.
3934 *
3935 * We store a hashmap where the UID/GID is they key and the value is a 32bit reference counter, whose highest
3936 * bit is used as flag for marking UIDs/GIDs whose IPC objects to remove when the last reference to the UID/GID
3937 * is dropped. The flag is set to on, once at least one reference from a unit where RemoveIPC= is set is added
3938 * on a UID/GID. It is reset when the UID's/GID's reference counter drops to 0 again. */
3939
3940 assert_cc(sizeof(uid_t) == sizeof(gid_t));
3941 assert_cc(UID_INVALID == (uid_t) GID_INVALID);
3942
3943 if (uid == 0) /* We don't keep track of root, and will never destroy it */
3944 return;
3945
3946 c = PTR_TO_UINT32(hashmap_get(*uid_refs, UID_TO_PTR(uid)));
3947
3948 n = c & ~DESTROY_IPC_FLAG;
3949 assert(n > 0);
3950 n--;
3951
3952 if (destroy_now && n == 0) {
3953 hashmap_remove(*uid_refs, UID_TO_PTR(uid));
3954
3955 if (c & DESTROY_IPC_FLAG) {
3956 log_debug("%s " UID_FMT " is no longer referenced, cleaning up its IPC.",
3957 _clean_ipc == clean_ipc_by_uid ? "UID" : "GID",
3958 uid);
3959 (void) _clean_ipc(uid);
3960 }
3961 } else {
3962 c = n | (c & DESTROY_IPC_FLAG);
3963 assert_se(hashmap_update(*uid_refs, UID_TO_PTR(uid), UINT32_TO_PTR(c)) >= 0);
3964 }
3965 }
3966
3967 void manager_unref_uid(Manager *m, uid_t uid, bool destroy_now) {
3968 manager_unref_uid_internal(m, &m->uid_refs, uid, destroy_now, clean_ipc_by_uid);
3969 }
3970
3971 void manager_unref_gid(Manager *m, gid_t gid, bool destroy_now) {
3972 manager_unref_uid_internal(m, &m->gid_refs, (uid_t) gid, destroy_now, clean_ipc_by_gid);
3973 }
3974
3975 static int manager_ref_uid_internal(
3976 Manager *m,
3977 Hashmap **uid_refs,
3978 uid_t uid,
3979 bool clean_ipc) {
3980
3981 uint32_t c, n;
3982 int r;
3983
3984 assert(m);
3985 assert(uid_refs);
3986 assert(uid_is_valid(uid));
3987
3988 /* A generic implementation, covering both manager_ref_uid() and manager_ref_gid(), under the assumption
3989 * that uid_t and gid_t are actually defined the same way, with the same validity rules. */
3990
3991 assert_cc(sizeof(uid_t) == sizeof(gid_t));
3992 assert_cc(UID_INVALID == (uid_t) GID_INVALID);
3993
3994 if (uid == 0) /* We don't keep track of root, and will never destroy it */
3995 return 0;
3996
3997 r = hashmap_ensure_allocated(uid_refs, &trivial_hash_ops);
3998 if (r < 0)
3999 return r;
4000
4001 c = PTR_TO_UINT32(hashmap_get(*uid_refs, UID_TO_PTR(uid)));
4002
4003 n = c & ~DESTROY_IPC_FLAG;
4004 n++;
4005
4006 if (n & DESTROY_IPC_FLAG) /* check for overflow */
4007 return -EOVERFLOW;
4008
4009 c = n | (c & DESTROY_IPC_FLAG) | (clean_ipc ? DESTROY_IPC_FLAG : 0);
4010
4011 return hashmap_replace(*uid_refs, UID_TO_PTR(uid), UINT32_TO_PTR(c));
4012 }
4013
4014 int manager_ref_uid(Manager *m, uid_t uid, bool clean_ipc) {
4015 return manager_ref_uid_internal(m, &m->uid_refs, uid, clean_ipc);
4016 }
4017
4018 int manager_ref_gid(Manager *m, gid_t gid, bool clean_ipc) {
4019 return manager_ref_uid_internal(m, &m->gid_refs, (uid_t) gid, clean_ipc);
4020 }
4021
4022 static void manager_vacuum_uid_refs_internal(
4023 Manager *m,
4024 Hashmap **uid_refs,
4025 int (*_clean_ipc)(uid_t uid)) {
4026
4027 Iterator i;
4028 void *p, *k;
4029
4030 assert(m);
4031 assert(uid_refs);
4032 assert(_clean_ipc);
4033
4034 HASHMAP_FOREACH_KEY(p, k, *uid_refs, i) {
4035 uint32_t c, n;
4036 uid_t uid;
4037
4038 uid = PTR_TO_UID(k);
4039 c = PTR_TO_UINT32(p);
4040
4041 n = c & ~DESTROY_IPC_FLAG;
4042 if (n > 0)
4043 continue;
4044
4045 if (c & DESTROY_IPC_FLAG) {
4046 log_debug("Found unreferenced %s " UID_FMT " after reload/reexec. Cleaning up.",
4047 _clean_ipc == clean_ipc_by_uid ? "UID" : "GID",
4048 uid);
4049 (void) _clean_ipc(uid);
4050 }
4051
4052 assert_se(hashmap_remove(*uid_refs, k) == p);
4053 }
4054 }
4055
4056 void manager_vacuum_uid_refs(Manager *m) {
4057 manager_vacuum_uid_refs_internal(m, &m->uid_refs, clean_ipc_by_uid);
4058 }
4059
4060 void manager_vacuum_gid_refs(Manager *m) {
4061 manager_vacuum_uid_refs_internal(m, &m->gid_refs, clean_ipc_by_gid);
4062 }
4063
4064 static void manager_serialize_uid_refs_internal(
4065 Manager *m,
4066 FILE *f,
4067 Hashmap **uid_refs,
4068 const char *field_name) {
4069
4070 Iterator i;
4071 void *p, *k;
4072
4073 assert(m);
4074 assert(f);
4075 assert(uid_refs);
4076 assert(field_name);
4077
4078 /* Serialize the UID reference table. Or actually, just the IPC destruction flag of it, as the actual counter
4079 * of it is better rebuild after a reload/reexec. */
4080
4081 HASHMAP_FOREACH_KEY(p, k, *uid_refs, i) {
4082 uint32_t c;
4083 uid_t uid;
4084
4085 uid = PTR_TO_UID(k);
4086 c = PTR_TO_UINT32(p);
4087
4088 if (!(c & DESTROY_IPC_FLAG))
4089 continue;
4090
4091 fprintf(f, "%s=" UID_FMT "\n", field_name, uid);
4092 }
4093 }
4094
4095 void manager_serialize_uid_refs(Manager *m, FILE *f) {
4096 manager_serialize_uid_refs_internal(m, f, &m->uid_refs, "destroy-ipc-uid");
4097 }
4098
4099 void manager_serialize_gid_refs(Manager *m, FILE *f) {
4100 manager_serialize_uid_refs_internal(m, f, &m->gid_refs, "destroy-ipc-gid");
4101 }
4102
4103 static void manager_deserialize_uid_refs_one_internal(
4104 Manager *m,
4105 Hashmap** uid_refs,
4106 const char *value) {
4107
4108 uid_t uid;
4109 uint32_t c;
4110 int r;
4111
4112 assert(m);
4113 assert(uid_refs);
4114 assert(value);
4115
4116 r = parse_uid(value, &uid);
4117 if (r < 0 || uid == 0) {
4118 log_debug("Unable to parse UID reference serialization");
4119 return;
4120 }
4121
4122 r = hashmap_ensure_allocated(uid_refs, &trivial_hash_ops);
4123 if (r < 0) {
4124 log_oom();
4125 return;
4126 }
4127
4128 c = PTR_TO_UINT32(hashmap_get(*uid_refs, UID_TO_PTR(uid)));
4129 if (c & DESTROY_IPC_FLAG)
4130 return;
4131
4132 c |= DESTROY_IPC_FLAG;
4133
4134 r = hashmap_replace(*uid_refs, UID_TO_PTR(uid), UINT32_TO_PTR(c));
4135 if (r < 0) {
4136 log_debug("Failed to add UID reference entry");
4137 return;
4138 }
4139 }
4140
4141 void manager_deserialize_uid_refs_one(Manager *m, const char *value) {
4142 manager_deserialize_uid_refs_one_internal(m, &m->uid_refs, value);
4143 }
4144
4145 void manager_deserialize_gid_refs_one(Manager *m, const char *value) {
4146 manager_deserialize_uid_refs_one_internal(m, &m->gid_refs, value);
4147 }
4148
4149 int manager_dispatch_user_lookup_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
4150 struct buffer {
4151 uid_t uid;
4152 gid_t gid;
4153 char unit_name[UNIT_NAME_MAX+1];
4154 } _packed_ buffer;
4155
4156 Manager *m = userdata;
4157 ssize_t l;
4158 size_t n;
4159 Unit *u;
4160
4161 assert_se(source);
4162 assert_se(m);
4163
4164 /* Invoked whenever a child process succeeded resolving its user/group to use and sent us the resulting UID/GID
4165 * in a datagram. We parse the datagram here and pass it off to the unit, so that it can add a reference to the
4166 * UID/GID so that it can destroy the UID/GID's IPC objects when the reference counter drops to 0. */
4167
4168 l = recv(fd, &buffer, sizeof(buffer), MSG_DONTWAIT);
4169 if (l < 0) {
4170 if (IN_SET(errno, EINTR, EAGAIN))
4171 return 0;
4172
4173 return log_error_errno(errno, "Failed to read from user lookup fd: %m");
4174 }
4175
4176 if ((size_t) l <= offsetof(struct buffer, unit_name)) {
4177 log_warning("Received too short user lookup message, ignoring.");
4178 return 0;
4179 }
4180
4181 if ((size_t) l > offsetof(struct buffer, unit_name) + UNIT_NAME_MAX) {
4182 log_warning("Received too long user lookup message, ignoring.");
4183 return 0;
4184 }
4185
4186 if (!uid_is_valid(buffer.uid) && !gid_is_valid(buffer.gid)) {
4187 log_warning("Got user lookup message with invalid UID/GID pair, ignoring.");
4188 return 0;
4189 }
4190
4191 n = (size_t) l - offsetof(struct buffer, unit_name);
4192 if (memchr(buffer.unit_name, 0, n)) {
4193 log_warning("Received lookup message with embedded NUL character, ignoring.");
4194 return 0;
4195 }
4196
4197 buffer.unit_name[n] = 0;
4198 u = manager_get_unit(m, buffer.unit_name);
4199 if (!u) {
4200 log_debug("Got user lookup message but unit doesn't exist, ignoring.");
4201 return 0;
4202 }
4203
4204 log_unit_debug(u, "User lookup succeeded: uid=" UID_FMT " gid=" GID_FMT, buffer.uid, buffer.gid);
4205
4206 unit_notify_user_lookup(u, buffer.uid, buffer.gid);
4207 return 0;
4208 }
4209
4210 char *manager_taint_string(Manager *m) {
4211 _cleanup_free_ char *destination = NULL, *overflowuid = NULL, *overflowgid = NULL;
4212 char *buf, *e;
4213 int r;
4214
4215 /* Returns a "taint string", e.g. "local-hwclock:var-run-bad".
4216 * Only things that are detected at runtime should be tagged
4217 * here. For stuff that is set during compilation, emit a warning
4218 * in the configuration phase. */
4219
4220 assert(m);
4221
4222 buf = new(char, sizeof("split-usr:"
4223 "cgroups-missing:"
4224 "local-hwclock:"
4225 "var-run-bad:"
4226 "overflowuid-not-65534:"
4227 "overflowgid-not-65534:"));
4228 if (!buf)
4229 return NULL;
4230
4231 e = buf;
4232 buf[0] = 0;
4233
4234 if (m->taint_usr)
4235 e = stpcpy(e, "split-usr:");
4236
4237 if (access("/proc/cgroups", F_OK) < 0)
4238 e = stpcpy(e, "cgroups-missing:");
4239
4240 if (clock_is_localtime(NULL) > 0)
4241 e = stpcpy(e, "local-hwclock:");
4242
4243 r = readlink_malloc("/var/run", &destination);
4244 if (r < 0 || !PATH_IN_SET(destination, "../run", "/run"))
4245 e = stpcpy(e, "var-run-bad:");
4246
4247 r = read_one_line_file("/proc/sys/kernel/overflowuid", &overflowuid);
4248 if (r >= 0 && !streq(overflowuid, "65534"))
4249 e = stpcpy(e, "overflowuid-not-65534:");
4250
4251 r = read_one_line_file("/proc/sys/kernel/overflowgid", &overflowgid);
4252 if (r >= 0 && !streq(overflowgid, "65534"))
4253 e = stpcpy(e, "overflowgid-not-65534:");
4254
4255 /* remove the last ':' */
4256 if (e != buf)
4257 e[-1] = 0;
4258
4259 return buf;
4260 }
4261
4262 void manager_ref_console(Manager *m) {
4263 assert(m);
4264
4265 m->n_on_console++;
4266 }
4267
4268 void manager_unref_console(Manager *m) {
4269
4270 assert(m->n_on_console > 0);
4271 m->n_on_console--;
4272
4273 if (m->n_on_console == 0)
4274 m->no_console_output = false; /* unset no_console_output flag, since the console is definitely free now */
4275 }
4276
4277 static const char *const manager_state_table[_MANAGER_STATE_MAX] = {
4278 [MANAGER_INITIALIZING] = "initializing",
4279 [MANAGER_STARTING] = "starting",
4280 [MANAGER_RUNNING] = "running",
4281 [MANAGER_DEGRADED] = "degraded",
4282 [MANAGER_MAINTENANCE] = "maintenance",
4283 [MANAGER_STOPPING] = "stopping",
4284 };
4285
4286 DEFINE_STRING_TABLE_LOOKUP(manager_state, ManagerState);
4287
4288 static const char *const manager_timestamp_table[_MANAGER_TIMESTAMP_MAX] = {
4289 [MANAGER_TIMESTAMP_FIRMWARE] = "firmware",
4290 [MANAGER_TIMESTAMP_LOADER] = "loader",
4291 [MANAGER_TIMESTAMP_KERNEL] = "kernel",
4292 [MANAGER_TIMESTAMP_INITRD] = "initrd",
4293 [MANAGER_TIMESTAMP_USERSPACE] = "userspace",
4294 [MANAGER_TIMESTAMP_FINISH] = "finish",
4295 [MANAGER_TIMESTAMP_SECURITY_START] = "security-start",
4296 [MANAGER_TIMESTAMP_SECURITY_FINISH] = "security-finish",
4297 [MANAGER_TIMESTAMP_GENERATORS_START] = "generators-start",
4298 [MANAGER_TIMESTAMP_GENERATORS_FINISH] = "generators-finish",
4299 [MANAGER_TIMESTAMP_UNITS_LOAD_START] = "units-load-start",
4300 [MANAGER_TIMESTAMP_UNITS_LOAD_FINISH] = "units-load-finish",
4301 };
4302
4303 DEFINE_STRING_TABLE_LOOKUP(manager_timestamp, ManagerTimestamp);
Unnamed repository; edit this file 'description' to name the repository.