]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/manager.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
core: drop taints for nobody user/group names
[thirdparty/systemd.git] / src / core / manager.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 /***
3 This file is part of systemd.
4
5 Copyright 2010 Lennart Poettering
6
7 systemd is free software; you can redistribute it and/or modify it
8 under the terms of the GNU Lesser General Public License as published by
9 the Free Software Foundation; either version 2.1 of the License, or
10 (at your option) any later version.
11
12 systemd is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 Lesser General Public License for more details.
16
17 You should have received a copy of the GNU Lesser General Public License
18 along with systemd; If not, see <http://www.gnu.org/licenses/>.
19 ***/
20
21 #include <errno.h>
22 #include <fcntl.h>
23 #include <linux/kd.h>
24 #include <signal.h>
25 #include <stdio_ext.h>
26 #include <string.h>
27 #include <sys/epoll.h>
28 #include <sys/inotify.h>
29 #include <sys/ioctl.h>
30 #include <sys/reboot.h>
31 #include <sys/timerfd.h>
32 #include <sys/wait.h>
33 #include <unistd.h>
34
35 #if HAVE_AUDIT
36 #include <libaudit.h>
37 #endif
38
39 #include "sd-daemon.h"
40 #include "sd-messages.h"
41 #include "sd-path.h"
42
43 #include "alloc-util.h"
44 #include "audit-fd.h"
45 #include "boot-timestamps.h"
46 #include "bus-common-errors.h"
47 #include "bus-error.h"
48 #include "bus-kernel.h"
49 #include "bus-util.h"
50 #include "clean-ipc.h"
51 #include "clock-util.h"
52 #include "dbus-job.h"
53 #include "dbus-manager.h"
54 #include "dbus-unit.h"
55 #include "dbus.h"
56 #include "dirent-util.h"
57 #include "env-util.h"
58 #include "escape.h"
59 #include "exec-util.h"
60 #include "execute.h"
61 #include "exit-status.h"
62 #include "fd-util.h"
63 #include "fileio.h"
64 #include "fs-util.h"
65 #include "hashmap.h"
66 #include "io-util.h"
67 #include "label.h"
68 #include "locale-setup.h"
69 #include "log.h"
70 #include "macro.h"
71 #include "manager.h"
72 #include "missing.h"
73 #include "mkdir.h"
74 #include "parse-util.h"
75 #include "path-lookup.h"
76 #include "path-util.h"
77 #include "process-util.h"
78 #include "ratelimit.h"
79 #include "rm-rf.h"
80 #include "signal-util.h"
81 #include "special.h"
82 #include "stat-util.h"
83 #include "string-table.h"
84 #include "string-util.h"
85 #include "strv.h"
86 #include "terminal-util.h"
87 #include "time-util.h"
88 #include "transaction.h"
89 #include "umask-util.h"
90 #include "unit-name.h"
91 #include "user-util.h"
92 #include "util.h"
93 #include "virt.h"
94 #include "watchdog.h"
95
96 #define NOTIFY_RCVBUF_SIZE (8*1024*1024)
97 #define CGROUPS_AGENT_RCVBUF_SIZE (8*1024*1024)
98
99 /* Initial delay and the interval for printing status messages about running jobs */
100 #define JOBS_IN_PROGRESS_WAIT_USEC (5*USEC_PER_SEC)
101 #define JOBS_IN_PROGRESS_PERIOD_USEC (USEC_PER_SEC / 3)
102 #define JOBS_IN_PROGRESS_PERIOD_DIVISOR 3
103
104 static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
105 static int manager_dispatch_cgroups_agent_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
106 static int manager_dispatch_signal_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
107 static int manager_dispatch_time_change_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
108 static int manager_dispatch_idle_pipe_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
109 static int manager_dispatch_user_lookup_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
110 static int manager_dispatch_jobs_in_progress(sd_event_source *source, usec_t usec, void *userdata);
111 static int manager_dispatch_run_queue(sd_event_source *source, void *userdata);
112 static int manager_run_environment_generators(Manager *m);
113 static int manager_run_generators(Manager *m);
114
115 static void manager_watch_jobs_in_progress(Manager *m) {
116 usec_t next;
117 int r;
118
119 assert(m);
120
121 /* We do not want to show the cylon animation if the user
122 * needs to confirm service executions otherwise confirmation
123 * messages will be screwed by the cylon animation. */
124 if (!manager_is_confirm_spawn_disabled(m))
125 return;
126
127 if (m->jobs_in_progress_event_source)
128 return;
129
130 next = now(CLOCK_MONOTONIC) + JOBS_IN_PROGRESS_WAIT_USEC;
131 r = sd_event_add_time(
132 m->event,
133 &m->jobs_in_progress_event_source,
134 CLOCK_MONOTONIC,
135 next, 0,
136 manager_dispatch_jobs_in_progress, m);
137 if (r < 0)
138 return;
139
140 (void) sd_event_source_set_description(m->jobs_in_progress_event_source, "manager-jobs-in-progress");
141 }
142
143 #define CYLON_BUFFER_EXTRA (2*(sizeof(ANSI_RED)-1) + sizeof(ANSI_HIGHLIGHT_RED)-1 + 2*(sizeof(ANSI_NORMAL)-1))
144
145 static void draw_cylon(char buffer[], size_t buflen, unsigned width, unsigned pos) {
146 char *p = buffer;
147
148 assert(buflen >= CYLON_BUFFER_EXTRA + width + 1);
149 assert(pos <= width+1); /* 0 or width+1 mean that the center light is behind the corner */
150
151 if (pos > 1) {
152 if (pos > 2)
153 p = mempset(p, ' ', pos-2);
154 if (log_get_show_color())
155 p = stpcpy(p, ANSI_RED);
156 *p++ = '*';
157 }
158
159 if (pos > 0 && pos <= width) {
160 if (log_get_show_color())
161 p = stpcpy(p, ANSI_HIGHLIGHT_RED);
162 *p++ = '*';
163 }
164
165 if (log_get_show_color())
166 p = stpcpy(p, ANSI_NORMAL);
167
168 if (pos < width) {
169 if (log_get_show_color())
170 p = stpcpy(p, ANSI_RED);
171 *p++ = '*';
172 if (pos < width-1)
173 p = mempset(p, ' ', width-1-pos);
174 if (log_get_show_color())
175 strcpy(p, ANSI_NORMAL);
176 }
177 }
178
179 void manager_flip_auto_status(Manager *m, bool enable) {
180 assert(m);
181
182 if (enable) {
183 if (m->show_status == SHOW_STATUS_AUTO)
184 manager_set_show_status(m, SHOW_STATUS_TEMPORARY);
185 } else {
186 if (m->show_status == SHOW_STATUS_TEMPORARY)
187 manager_set_show_status(m, SHOW_STATUS_AUTO);
188 }
189 }
190
191 static void manager_print_jobs_in_progress(Manager *m) {
192 _cleanup_free_ char *job_of_n = NULL;
193 Iterator i;
194 Job *j;
195 unsigned counter = 0, print_nr;
196 char cylon[6 + CYLON_BUFFER_EXTRA + 1];
197 unsigned cylon_pos;
198 char time[FORMAT_TIMESPAN_MAX], limit[FORMAT_TIMESPAN_MAX] = "no limit";
199 uint64_t x;
200
201 assert(m);
202 assert(m->n_running_jobs > 0);
203
204 manager_flip_auto_status(m, true);
205
206 print_nr = (m->jobs_in_progress_iteration / JOBS_IN_PROGRESS_PERIOD_DIVISOR) % m->n_running_jobs;
207
208 HASHMAP_FOREACH(j, m->jobs, i)
209 if (j->state == JOB_RUNNING && counter++ == print_nr)
210 break;
211
212 /* m->n_running_jobs must be consistent with the contents of m->jobs,
213 * so the above loop must have succeeded in finding j. */
214 assert(counter == print_nr + 1);
215 assert(j);
216
217 cylon_pos = m->jobs_in_progress_iteration % 14;
218 if (cylon_pos >= 8)
219 cylon_pos = 14 - cylon_pos;
220 draw_cylon(cylon, sizeof(cylon), 6, cylon_pos);
221
222 m->jobs_in_progress_iteration++;
223
224 if (m->n_running_jobs > 1) {
225 if (asprintf(&job_of_n, "(%u of %u) ", counter, m->n_running_jobs) < 0)
226 job_of_n = NULL;
227 }
228
229 format_timespan(time, sizeof(time), now(CLOCK_MONOTONIC) - j->begin_usec, 1*USEC_PER_SEC);
230 if (job_get_timeout(j, &x) > 0)
231 format_timespan(limit, sizeof(limit), x - j->begin_usec, 1*USEC_PER_SEC);
232
233 manager_status_printf(m, STATUS_TYPE_EPHEMERAL, cylon,
234 "%sA %s job is running for %s (%s / %s)",
235 strempty(job_of_n),
236 job_type_to_string(j->type),
237 unit_description(j->unit),
238 time, limit);
239 }
240
241 static int have_ask_password(void) {
242 _cleanup_closedir_ DIR *dir;
243 struct dirent *de;
244
245 dir = opendir("/run/systemd/ask-password");
246 if (!dir) {
247 if (errno == ENOENT)
248 return false;
249 else
250 return -errno;
251 }
252
253 FOREACH_DIRENT_ALL(de, dir, return -errno) {
254 if (startswith(de->d_name, "ask."))
255 return true;
256 }
257 return false;
258 }
259
260 static int manager_dispatch_ask_password_fd(sd_event_source *source,
261 int fd, uint32_t revents, void *userdata) {
262 Manager *m = userdata;
263
264 assert(m);
265
266 flush_fd(fd);
267
268 m->have_ask_password = have_ask_password();
269 if (m->have_ask_password < 0)
270 /* Log error but continue. Negative have_ask_password
271 * is treated as unknown status. */
272 log_error_errno(m->have_ask_password, "Failed to list /run/systemd/ask-password: %m");
273
274 return 0;
275 }
276
277 static void manager_close_ask_password(Manager *m) {
278 assert(m);
279
280 m->ask_password_event_source = sd_event_source_unref(m->ask_password_event_source);
281 m->ask_password_inotify_fd = safe_close(m->ask_password_inotify_fd);
282 m->have_ask_password = -EINVAL;
283 }
284
285 static int manager_check_ask_password(Manager *m) {
286 int r;
287
288 assert(m);
289
290 if (!m->ask_password_event_source) {
291 assert(m->ask_password_inotify_fd < 0);
292
293 mkdir_p_label("/run/systemd/ask-password", 0755);
294
295 m->ask_password_inotify_fd = inotify_init1(IN_NONBLOCK|IN_CLOEXEC);
296 if (m->ask_password_inotify_fd < 0)
297 return log_error_errno(errno, "inotify_init1() failed: %m");
298
299 if (inotify_add_watch(m->ask_password_inotify_fd, "/run/systemd/ask-password", IN_CREATE|IN_DELETE|IN_MOVE) < 0) {
300 log_error_errno(errno, "Failed to add watch on /run/systemd/ask-password: %m");
301 manager_close_ask_password(m);
302 return -errno;
303 }
304
305 r = sd_event_add_io(m->event, &m->ask_password_event_source,
306 m->ask_password_inotify_fd, EPOLLIN,
307 manager_dispatch_ask_password_fd, m);
308 if (r < 0) {
309 log_error_errno(errno, "Failed to add event source for /run/systemd/ask-password: %m");
310 manager_close_ask_password(m);
311 return -errno;
312 }
313
314 (void) sd_event_source_set_description(m->ask_password_event_source, "manager-ask-password");
315
316 /* Queries might have been added meanwhile... */
317 manager_dispatch_ask_password_fd(m->ask_password_event_source,
318 m->ask_password_inotify_fd, EPOLLIN, m);
319 }
320
321 return m->have_ask_password;
322 }
323
324 static int manager_watch_idle_pipe(Manager *m) {
325 int r;
326
327 assert(m);
328
329 if (m->idle_pipe_event_source)
330 return 0;
331
332 if (m->idle_pipe[2] < 0)
333 return 0;
334
335 r = sd_event_add_io(m->event, &m->idle_pipe_event_source, m->idle_pipe[2], EPOLLIN, manager_dispatch_idle_pipe_fd, m);
336 if (r < 0)
337 return log_error_errno(r, "Failed to watch idle pipe: %m");
338
339 (void) sd_event_source_set_description(m->idle_pipe_event_source, "manager-idle-pipe");
340
341 return 0;
342 }
343
344 static void manager_close_idle_pipe(Manager *m) {
345 assert(m);
346
347 m->idle_pipe_event_source = sd_event_source_unref(m->idle_pipe_event_source);
348
349 safe_close_pair(m->idle_pipe);
350 safe_close_pair(m->idle_pipe + 2);
351 }
352
353 static int manager_setup_time_change(Manager *m) {
354 int r;
355
356 /* We only care for the cancellation event, hence we set the
357 * timeout to the latest possible value. */
358 struct itimerspec its = {
359 .it_value.tv_sec = TIME_T_MAX,
360 };
361
362 assert(m);
363 assert_cc(sizeof(time_t) == sizeof(TIME_T_MAX));
364
365 if (m->test_run_flags)
366 return 0;
367
368 /* Uses TFD_TIMER_CANCEL_ON_SET to get notifications whenever
369 * CLOCK_REALTIME makes a jump relative to CLOCK_MONOTONIC */
370
371 m->time_change_fd = timerfd_create(CLOCK_REALTIME, TFD_NONBLOCK|TFD_CLOEXEC);
372 if (m->time_change_fd < 0)
373 return log_error_errno(errno, "Failed to create timerfd: %m");
374
375 if (timerfd_settime(m->time_change_fd, TFD_TIMER_ABSTIME|TFD_TIMER_CANCEL_ON_SET, &its, NULL) < 0) {
376 log_debug_errno(errno, "Failed to set up TFD_TIMER_CANCEL_ON_SET, ignoring: %m");
377 m->time_change_fd = safe_close(m->time_change_fd);
378 return 0;
379 }
380
381 r = sd_event_add_io(m->event, &m->time_change_event_source, m->time_change_fd, EPOLLIN, manager_dispatch_time_change_fd, m);
382 if (r < 0)
383 return log_error_errno(r, "Failed to create time change event source: %m");
384
385 (void) sd_event_source_set_description(m->time_change_event_source, "manager-time-change");
386
387 log_debug("Set up TFD_TIMER_CANCEL_ON_SET timerfd.");
388
389 return 0;
390 }
391
392 static int enable_special_signals(Manager *m) {
393 _cleanup_close_ int fd = -1;
394
395 assert(m);
396
397 if (m->test_run_flags)
398 return 0;
399
400 /* Enable that we get SIGINT on control-alt-del. In containers
401 * this will fail with EPERM (older) or EINVAL (newer), so
402 * ignore that. */
403 if (reboot(RB_DISABLE_CAD) < 0 && !IN_SET(errno, EPERM, EINVAL))
404 log_warning_errno(errno, "Failed to enable ctrl-alt-del handling: %m");
405
406 fd = open_terminal("/dev/tty0", O_RDWR|O_NOCTTY|O_CLOEXEC);
407 if (fd < 0) {
408 /* Support systems without virtual console */
409 if (fd != -ENOENT)
410 log_warning_errno(errno, "Failed to open /dev/tty0: %m");
411 } else {
412 /* Enable that we get SIGWINCH on kbrequest */
413 if (ioctl(fd, KDSIGACCEPT, SIGWINCH) < 0)
414 log_warning_errno(errno, "Failed to enable kbrequest handling: %m");
415 }
416
417 return 0;
418 }
419
420 static int manager_setup_signals(Manager *m) {
421 struct sigaction sa = {
422 .sa_handler = SIG_DFL,
423 .sa_flags = SA_NOCLDSTOP|SA_RESTART,
424 };
425 sigset_t mask;
426 int r;
427
428 assert(m);
429
430 assert_se(sigaction(SIGCHLD, &sa, NULL) == 0);
431
432 /* We make liberal use of realtime signals here. On
433 * Linux/glibc we have 30 of them (with the exception of Linux
434 * on hppa, see below), between SIGRTMIN+0 ... SIGRTMIN+30
435 * (aka SIGRTMAX). */
436
437 assert_se(sigemptyset(&mask) == 0);
438 sigset_add_many(&mask,
439 SIGCHLD, /* Child died */
440 SIGTERM, /* Reexecute daemon */
441 SIGHUP, /* Reload configuration */
442 SIGUSR1, /* systemd/upstart: reconnect to D-Bus */
443 SIGUSR2, /* systemd: dump status */
444 SIGINT, /* Kernel sends us this on control-alt-del */
445 SIGWINCH, /* Kernel sends us this on kbrequest (alt-arrowup) */
446 SIGPWR, /* Some kernel drivers and upsd send us this on power failure */
447
448 SIGRTMIN+0, /* systemd: start default.target */
449 SIGRTMIN+1, /* systemd: isolate rescue.target */
450 SIGRTMIN+2, /* systemd: isolate emergency.target */
451 SIGRTMIN+3, /* systemd: start halt.target */
452 SIGRTMIN+4, /* systemd: start poweroff.target */
453 SIGRTMIN+5, /* systemd: start reboot.target */
454 SIGRTMIN+6, /* systemd: start kexec.target */
455
456 /* ... space for more special targets ... */
457
458 SIGRTMIN+13, /* systemd: Immediate halt */
459 SIGRTMIN+14, /* systemd: Immediate poweroff */
460 SIGRTMIN+15, /* systemd: Immediate reboot */
461 SIGRTMIN+16, /* systemd: Immediate kexec */
462
463 /* ... space for more immediate system state changes ... */
464
465 SIGRTMIN+20, /* systemd: enable status messages */
466 SIGRTMIN+21, /* systemd: disable status messages */
467 SIGRTMIN+22, /* systemd: set log level to LOG_DEBUG */
468 SIGRTMIN+23, /* systemd: set log level to LOG_INFO */
469 SIGRTMIN+24, /* systemd: Immediate exit (--user only) */
470
471 /* .. one free signal here ... */
472
473 #if !defined(__hppa64__) && !defined(__hppa__)
474 /* Apparently Linux on hppa has fewer RT
475 * signals (SIGRTMAX is SIGRTMIN+25 there),
476 * hence let's not try to make use of them
477 * here. Since these commands are accessible
478 * by different means and only really a safety
479 * net, the missing functionality on hppa
480 * shouldn't matter. */
481
482 SIGRTMIN+26, /* systemd: set log target to journal-or-kmsg */
483 SIGRTMIN+27, /* systemd: set log target to console */
484 SIGRTMIN+28, /* systemd: set log target to kmsg */
485 SIGRTMIN+29, /* systemd: set log target to syslog-or-kmsg (obsolete) */
486
487 /* ... one free signal here SIGRTMIN+30 ... */
488 #endif
489 -1);
490 assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);
491
492 m->signal_fd = signalfd(-1, &mask, SFD_NONBLOCK|SFD_CLOEXEC);
493 if (m->signal_fd < 0)
494 return -errno;
495
496 r = sd_event_add_io(m->event, &m->signal_event_source, m->signal_fd, EPOLLIN, manager_dispatch_signal_fd, m);
497 if (r < 0)
498 return r;
499
500 (void) sd_event_source_set_description(m->signal_event_source, "manager-signal");
501
502 /* Process signals a bit earlier than the rest of things, but later than notify_fd processing, so that the
503 * notify processing can still figure out to which process/service a message belongs, before we reap the
504 * process. Also, process this before handling cgroup notifications, so that we always collect child exit
505 * status information before detecting that there's no process in a cgroup. */
506 r = sd_event_source_set_priority(m->signal_event_source, SD_EVENT_PRIORITY_NORMAL-6);
507 if (r < 0)
508 return r;
509
510 if (MANAGER_IS_SYSTEM(m))
511 return enable_special_signals(m);
512
513 return 0;
514 }
515
516 static void manager_clean_environment(Manager *m) {
517 assert(m);
518
519 /* Let's remove some environment variables that we
520 * need ourselves to communicate with our clients */
521 strv_env_unset_many(
522 m->environment,
523 "NOTIFY_SOCKET",
524 "MAINPID",
525 "MANAGERPID",
526 "LISTEN_PID",
527 "LISTEN_FDS",
528 "LISTEN_FDNAMES",
529 "WATCHDOG_PID",
530 "WATCHDOG_USEC",
531 "INVOCATION_ID",
532 NULL);
533 }
534
535 static int manager_default_environment(Manager *m) {
536 assert(m);
537
538 if (MANAGER_IS_SYSTEM(m)) {
539 /* The system manager always starts with a clean
540 * environment for its children. It does not import
541 * the kernel's or the parents' exported variables.
542 *
543 * The initial passed environment is untouched to keep
544 * /proc/self/environ valid; it is used for tagging
545 * the init process inside containers. */
546 m->environment = strv_new("PATH=" DEFAULT_PATH,
547 NULL);
548
549 /* Import locale variables LC_*= from configuration */
550 locale_setup(&m->environment);
551 } else
552 /* The user manager passes its own environment
553 * along to its children. */
554 m->environment = strv_copy(environ);
555
556 if (!m->environment)
557 return -ENOMEM;
558
559 manager_clean_environment(m);
560 strv_sort(m->environment);
561
562 return 0;
563 }
564
565 static int manager_setup_prefix(Manager *m) {
566 struct table_entry {
567 uint64_t type;
568 const char *suffix;
569 };
570
571 static const struct table_entry paths_system[_EXEC_DIRECTORY_TYPE_MAX] = {
572 [EXEC_DIRECTORY_RUNTIME] = { SD_PATH_SYSTEM_RUNTIME, NULL },
573 [EXEC_DIRECTORY_STATE] = { SD_PATH_SYSTEM_STATE_PRIVATE, NULL },
574 [EXEC_DIRECTORY_CACHE] = { SD_PATH_SYSTEM_STATE_CACHE, NULL },
575 [EXEC_DIRECTORY_LOGS] = { SD_PATH_SYSTEM_STATE_LOGS, NULL },
576 [EXEC_DIRECTORY_CONFIGURATION] = { SD_PATH_SYSTEM_CONFIGURATION, NULL },
577 };
578
579 static const struct table_entry paths_user[_EXEC_DIRECTORY_TYPE_MAX] = {
580 [EXEC_DIRECTORY_RUNTIME] = { SD_PATH_USER_RUNTIME, NULL },
581 [EXEC_DIRECTORY_STATE] = { SD_PATH_USER_CONFIGURATION, NULL },
582 [EXEC_DIRECTORY_CACHE] = { SD_PATH_USER_STATE_CACHE, NULL },
583 [EXEC_DIRECTORY_LOGS] = { SD_PATH_USER_CONFIGURATION, "log" },
584 [EXEC_DIRECTORY_CONFIGURATION] = { SD_PATH_USER_CONFIGURATION, NULL },
585 };
586
587 const struct table_entry *p;
588 ExecDirectoryType i;
589 int r;
590
591 assert(m);
592
593 if (MANAGER_IS_SYSTEM(m))
594 p = paths_system;
595 else
596 p = paths_user;
597
598 for (i = 0; i < _EXEC_DIRECTORY_TYPE_MAX; i++) {
599 r = sd_path_home(p[i].type, p[i].suffix, &m->prefix[i]);
600 if (r < 0)
601 return r;
602 }
603
604 return 0;
605 }
606
607 static int manager_setup_run_queue(Manager *m) {
608 int r;
609
610 assert(m);
611 assert(!m->run_queue_event_source);
612
613 r = sd_event_add_defer(m->event, &m->run_queue_event_source, manager_dispatch_run_queue, m);
614 if (r < 0)
615 return r;
616
617 r = sd_event_source_set_priority(m->run_queue_event_source, SD_EVENT_PRIORITY_IDLE);
618 if (r < 0)
619 return r;
620
621 r = sd_event_source_set_enabled(m->run_queue_event_source, SD_EVENT_OFF);
622 if (r < 0)
623 return r;
624
625 (void) sd_event_source_set_description(m->run_queue_event_source, "manager-run-queue");
626
627 return 0;
628 }
629
630 int manager_new(UnitFileScope scope, unsigned test_run_flags, Manager **_m) {
631 Manager *m;
632 int r;
633
634 assert(_m);
635 assert(IN_SET(scope, UNIT_FILE_SYSTEM, UNIT_FILE_USER));
636
637 m = new0(Manager, 1);
638 if (!m)
639 return -ENOMEM;
640
641 m->unit_file_scope = scope;
642 m->exit_code = _MANAGER_EXIT_CODE_INVALID;
643 m->default_timer_accuracy_usec = USEC_PER_MINUTE;
644 m->default_tasks_accounting = true;
645 m->default_tasks_max = UINT64_MAX;
646 m->default_timeout_start_usec = DEFAULT_TIMEOUT_USEC;
647 m->default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC;
648 m->default_restart_usec = DEFAULT_RESTART_USEC;
649
650 #if ENABLE_EFI
651 if (MANAGER_IS_SYSTEM(m) && detect_container() <= 0)
652 boot_timestamps(m->timestamps + MANAGER_TIMESTAMP_USERSPACE,
653 m->timestamps + MANAGER_TIMESTAMP_FIRMWARE,
654 m->timestamps + MANAGER_TIMESTAMP_LOADER);
655 #endif
656
657 /* Prepare log fields we can use for structured logging */
658 if (MANAGER_IS_SYSTEM(m)) {
659 m->unit_log_field = "UNIT=";
660 m->unit_log_format_string = "UNIT=%s";
661
662 m->invocation_log_field = "INVOCATION_ID=";
663 m->invocation_log_format_string = "INVOCATION_ID=%s";
664 } else {
665 m->unit_log_field = "USER_UNIT=";
666 m->unit_log_format_string = "USER_UNIT=%s";
667
668 m->invocation_log_field = "USER_INVOCATION_ID=";
669 m->invocation_log_format_string = "USER_INVOCATION_ID=%s";
670 }
671
672 m->idle_pipe[0] = m->idle_pipe[1] = m->idle_pipe[2] = m->idle_pipe[3] = -1;
673
674 m->pin_cgroupfs_fd = m->notify_fd = m->cgroups_agent_fd = m->signal_fd = m->time_change_fd =
675 m->dev_autofs_fd = m->private_listen_fd = m->cgroup_inotify_fd =
676 m->ask_password_inotify_fd = -1;
677
678 m->user_lookup_fds[0] = m->user_lookup_fds[1] = -1;
679
680 m->current_job_id = 1; /* start as id #1, so that we can leave #0 around as "null-like" value */
681
682 m->have_ask_password = -EINVAL; /* we don't know */
683 m->first_boot = -1;
684
685 m->test_run_flags = test_run_flags;
686
687 /* Reboot immediately if the user hits C-A-D more often than 7x per 2s */
688 RATELIMIT_INIT(m->ctrl_alt_del_ratelimit, 2 * USEC_PER_SEC, 7);
689
690 r = manager_default_environment(m);
691 if (r < 0)
692 goto fail;
693
694 r = hashmap_ensure_allocated(&m->units, &string_hash_ops);
695 if (r < 0)
696 goto fail;
697
698 r = hashmap_ensure_allocated(&m->jobs, NULL);
699 if (r < 0)
700 goto fail;
701
702 r = hashmap_ensure_allocated(&m->cgroup_unit, &string_hash_ops);
703 if (r < 0)
704 goto fail;
705
706 r = hashmap_ensure_allocated(&m->watch_bus, &string_hash_ops);
707 if (r < 0)
708 goto fail;
709
710 r = sd_event_default(&m->event);
711 if (r < 0)
712 goto fail;
713
714 r = manager_setup_run_queue(m);
715 if (r < 0)
716 goto fail;
717
718 r = manager_setup_signals(m);
719 if (r < 0)
720 goto fail;
721
722 r = manager_setup_cgroup(m);
723 if (r < 0)
724 goto fail;
725
726 r = manager_setup_time_change(m);
727 if (r < 0)
728 goto fail;
729
730 m->udev = udev_new();
731 if (!m->udev) {
732 r = -ENOMEM;
733 goto fail;
734 }
735
736 r = manager_setup_prefix(m);
737 if (r < 0)
738 goto fail;
739
740 if (MANAGER_IS_SYSTEM(m) && test_run_flags == 0) {
741 r = mkdir_label("/run/systemd/units", 0755);
742 if (r < 0 && r != -EEXIST)
743 goto fail;
744 }
745
746 m->taint_usr =
747 !in_initrd() &&
748 dir_is_empty("/usr") > 0;
749
750 /* Note that we do not set up the notify fd here. We do that after deserialization,
751 * since they might have gotten serialized across the reexec. */
752
753 *_m = m;
754 return 0;
755
756 fail:
757 manager_free(m);
758 return r;
759 }
760
761 static int manager_setup_notify(Manager *m) {
762 int r;
763
764 if (m->test_run_flags)
765 return 0;
766
767 if (m->notify_fd < 0) {
768 _cleanup_close_ int fd = -1;
769 union sockaddr_union sa = {
770 .sa.sa_family = AF_UNIX,
771 };
772 static const int one = 1;
773
774 /* First free all secondary fields */
775 m->notify_socket = mfree(m->notify_socket);
776 m->notify_event_source = sd_event_source_unref(m->notify_event_source);
777
778 fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
779 if (fd < 0)
780 return log_error_errno(errno, "Failed to allocate notification socket: %m");
781
782 fd_inc_rcvbuf(fd, NOTIFY_RCVBUF_SIZE);
783
784 m->notify_socket = strappend(m->prefix[EXEC_DIRECTORY_RUNTIME], "/systemd/notify");
785 if (!m->notify_socket)
786 return log_oom();
787
788 (void) mkdir_parents_label(m->notify_socket, 0755);
789 (void) unlink(m->notify_socket);
790
791 strncpy(sa.un.sun_path, m->notify_socket, sizeof(sa.un.sun_path)-1);
792 r = bind(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un));
793 if (r < 0)
794 return log_error_errno(errno, "bind(%s) failed: %m", sa.un.sun_path);
795
796 r = setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one));
797 if (r < 0)
798 return log_error_errno(errno, "SO_PASSCRED failed: %m");
799
800 m->notify_fd = fd;
801 fd = -1;
802
803 log_debug("Using notification socket %s", m->notify_socket);
804 }
805
806 if (!m->notify_event_source) {
807 r = sd_event_add_io(m->event, &m->notify_event_source, m->notify_fd, EPOLLIN, manager_dispatch_notify_fd, m);
808 if (r < 0)
809 return log_error_errno(r, "Failed to allocate notify event source: %m");
810
811 /* Process notification messages a bit earlier than SIGCHLD, so that we can still identify to which
812 * service an exit message belongs. */
813 r = sd_event_source_set_priority(m->notify_event_source, SD_EVENT_PRIORITY_NORMAL-7);
814 if (r < 0)
815 return log_error_errno(r, "Failed to set priority of notify event source: %m");
816
817 (void) sd_event_source_set_description(m->notify_event_source, "manager-notify");
818 }
819
820 return 0;
821 }
822
823 static int manager_setup_cgroups_agent(Manager *m) {
824
825 static const union sockaddr_union sa = {
826 .un.sun_family = AF_UNIX,
827 .un.sun_path = "/run/systemd/cgroups-agent",
828 };
829 int r;
830
831 /* This creates a listening socket we receive cgroups agent messages on. We do not use D-Bus for delivering
832 * these messages from the cgroups agent binary to PID 1, as the cgroups agent binary is very short-living, and
833 * each instance of it needs a new D-Bus connection. Since D-Bus connections are SOCK_STREAM/AF_UNIX, on
834 * overloaded systems the backlog of the D-Bus socket becomes relevant, as not more than the configured number
835 * of D-Bus connections may be queued until the kernel will start dropping further incoming connections,
836 * possibly resulting in lost cgroups agent messages. To avoid this, we'll use a private SOCK_DGRAM/AF_UNIX
837 * socket, where no backlog is relevant as communication may take place without an actual connect() cycle, and
838 * we thus won't lose messages.
839 *
840 * Note that PID 1 will forward the agent message to system bus, so that the user systemd instance may listen
841 * to it. The system instance hence listens on this special socket, but the user instances listen on the system
842 * bus for these messages. */
843
844 if (m->test_run_flags)
845 return 0;
846
847 if (!MANAGER_IS_SYSTEM(m))
848 return 0;
849
850 r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER);
851 if (r < 0)
852 return log_error_errno(r, "Failed to determine whether unified cgroups hierarchy is used: %m");
853 if (r > 0) /* We don't need this anymore on the unified hierarchy */
854 return 0;
855
856 if (m->cgroups_agent_fd < 0) {
857 _cleanup_close_ int fd = -1;
858
859 /* First free all secondary fields */
860 m->cgroups_agent_event_source = sd_event_source_unref(m->cgroups_agent_event_source);
861
862 fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
863 if (fd < 0)
864 return log_error_errno(errno, "Failed to allocate cgroups agent socket: %m");
865
866 fd_inc_rcvbuf(fd, CGROUPS_AGENT_RCVBUF_SIZE);
867
868 (void) unlink(sa.un.sun_path);
869
870 /* Only allow root to connect to this socket */
871 RUN_WITH_UMASK(0077)
872 r = bind(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un));
873 if (r < 0)
874 return log_error_errno(errno, "bind(%s) failed: %m", sa.un.sun_path);
875
876 m->cgroups_agent_fd = fd;
877 fd = -1;
878 }
879
880 if (!m->cgroups_agent_event_source) {
881 r = sd_event_add_io(m->event, &m->cgroups_agent_event_source, m->cgroups_agent_fd, EPOLLIN, manager_dispatch_cgroups_agent_fd, m);
882 if (r < 0)
883 return log_error_errno(r, "Failed to allocate cgroups agent event source: %m");
884
885 /* Process cgroups notifications early, but after having processed service notification messages or
886 * SIGCHLD signals, so that a cgroup running empty is always just the last safety net of notification,
887 * and we collected the metadata the notification and SIGCHLD stuff offers first. Also see handling of
888 * cgroup inotify for the unified cgroup stuff. */
889 r = sd_event_source_set_priority(m->cgroups_agent_event_source, SD_EVENT_PRIORITY_NORMAL-4);
890 if (r < 0)
891 return log_error_errno(r, "Failed to set priority of cgroups agent event source: %m");
892
893 (void) sd_event_source_set_description(m->cgroups_agent_event_source, "manager-cgroups-agent");
894 }
895
896 return 0;
897 }
898
899 static int manager_setup_user_lookup_fd(Manager *m) {
900 int r;
901
902 assert(m);
903
904 /* Set up the socket pair used for passing UID/GID resolution results from forked off processes to PID
905 * 1. Background: we can't do name lookups (NSS) from PID 1, since it might involve IPC and thus activation,
906 * and we might hence deadlock on ourselves. Hence we do all user/group lookups asynchronously from the forked
907 * off processes right before executing the binaries to start. In order to be able to clean up any IPC objects
908 * created by a unit (see RemoveIPC=) we need to know in PID 1 the used UID/GID of the executed processes,
909 * hence we establish this communication channel so that forked off processes can pass their UID/GID
910 * information back to PID 1. The forked off processes send their resolved UID/GID to PID 1 in a simple
911 * datagram, along with their unit name, so that we can share one communication socket pair among all units for
912 * this purpose.
913 *
914 * You might wonder why we need a communication channel for this that is independent of the usual notification
915 * socket scheme (i.e. $NOTIFY_SOCKET). The primary difference is about trust: data sent via the $NOTIFY_SOCKET
916 * channel is only accepted if it originates from the right unit and if reception was enabled for it. The user
917 * lookup socket OTOH is only accessible by PID 1 and its children until they exec(), and always available.
918 *
919 * Note that this function is called under two circumstances: when we first initialize (in which case we
920 * allocate both the socket pair and the event source to listen on it), and when we deserialize after a reload
921 * (in which case the socket pair already exists but we still need to allocate the event source for it). */
922
923 if (m->user_lookup_fds[0] < 0) {
924
925 /* Free all secondary fields */
926 safe_close_pair(m->user_lookup_fds);
927 m->user_lookup_event_source = sd_event_source_unref(m->user_lookup_event_source);
928
929 if (socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, m->user_lookup_fds) < 0)
930 return log_error_errno(errno, "Failed to allocate user lookup socket: %m");
931
932 (void) fd_inc_rcvbuf(m->user_lookup_fds[0], NOTIFY_RCVBUF_SIZE);
933 }
934
935 if (!m->user_lookup_event_source) {
936 r = sd_event_add_io(m->event, &m->user_lookup_event_source, m->user_lookup_fds[0], EPOLLIN, manager_dispatch_user_lookup_fd, m);
937 if (r < 0)
938 return log_error_errno(errno, "Failed to allocate user lookup event source: %m");
939
940 /* Process even earlier than the notify event source, so that we always know first about valid UID/GID
941 * resolutions */
942 r = sd_event_source_set_priority(m->user_lookup_event_source, SD_EVENT_PRIORITY_NORMAL-8);
943 if (r < 0)
944 return log_error_errno(errno, "Failed to set priority ot user lookup event source: %m");
945
946 (void) sd_event_source_set_description(m->user_lookup_event_source, "user-lookup");
947 }
948
949 return 0;
950 }
951
952 static int manager_connect_bus(Manager *m, bool reexecuting) {
953 bool try_bus_connect;
954 Unit *u = NULL;
955
956 assert(m);
957
958 if (m->test_run_flags)
959 return 0;
960
961 u = manager_get_unit(m, SPECIAL_DBUS_SERVICE);
962
963 try_bus_connect =
964 (u && SERVICE(u)->deserialized_state == SERVICE_RUNNING) &&
965 (reexecuting ||
966 (MANAGER_IS_USER(m) && getenv("DBUS_SESSION_BUS_ADDRESS")));
967
968 /* Try to connect to the buses, if possible. */
969 return bus_init(m, try_bus_connect);
970 }
971
972 static unsigned manager_dispatch_cleanup_queue(Manager *m) {
973 Unit *u;
974 unsigned n = 0;
975
976 assert(m);
977
978 while ((u = m->cleanup_queue)) {
979 assert(u->in_cleanup_queue);
980
981 unit_free(u);
982 n++;
983 }
984
985 return n;
986 }
987
988 enum {
989 GC_OFFSET_IN_PATH, /* This one is on the path we were traveling */
990 GC_OFFSET_UNSURE, /* No clue */
991 GC_OFFSET_GOOD, /* We still need this unit */
992 GC_OFFSET_BAD, /* We don't need this unit anymore */
993 _GC_OFFSET_MAX
994 };
995
996 static void unit_gc_mark_good(Unit *u, unsigned gc_marker) {
997 Unit *other;
998 Iterator i;
999 void *v;
1000
1001 u->gc_marker = gc_marker + GC_OFFSET_GOOD;
1002
1003 /* Recursively mark referenced units as GOOD as well */
1004 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_REFERENCES], i)
1005 if (other->gc_marker == gc_marker + GC_OFFSET_UNSURE)
1006 unit_gc_mark_good(other, gc_marker);
1007 }
1008
1009 static void unit_gc_sweep(Unit *u, unsigned gc_marker) {
1010 Unit *other;
1011 bool is_bad;
1012 Iterator i;
1013 void *v;
1014
1015 assert(u);
1016
1017 if (IN_SET(u->gc_marker - gc_marker,
1018 GC_OFFSET_GOOD, GC_OFFSET_BAD, GC_OFFSET_UNSURE, GC_OFFSET_IN_PATH))
1019 return;
1020
1021 if (u->in_cleanup_queue)
1022 goto bad;
1023
1024 if (unit_check_gc(u))
1025 goto good;
1026
1027 u->gc_marker = gc_marker + GC_OFFSET_IN_PATH;
1028
1029 is_bad = true;
1030
1031 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_REFERENCED_BY], i) {
1032 unit_gc_sweep(other, gc_marker);
1033
1034 if (other->gc_marker == gc_marker + GC_OFFSET_GOOD)
1035 goto good;
1036
1037 if (other->gc_marker != gc_marker + GC_OFFSET_BAD)
1038 is_bad = false;
1039 }
1040
1041 if (is_bad)
1042 goto bad;
1043
1044 /* We were unable to find anything out about this entry, so
1045 * let's investigate it later */
1046 u->gc_marker = gc_marker + GC_OFFSET_UNSURE;
1047 unit_add_to_gc_queue(u);
1048 return;
1049
1050 bad:
1051 /* We definitely know that this one is not useful anymore, so
1052 * let's mark it for deletion */
1053 u->gc_marker = gc_marker + GC_OFFSET_BAD;
1054 unit_add_to_cleanup_queue(u);
1055 return;
1056
1057 good:
1058 unit_gc_mark_good(u, gc_marker);
1059 }
1060
1061 static unsigned manager_dispatch_gc_unit_queue(Manager *m) {
1062 unsigned n = 0, gc_marker;
1063 Unit *u;
1064
1065 assert(m);
1066
1067 /* log_debug("Running GC..."); */
1068
1069 m->gc_marker += _GC_OFFSET_MAX;
1070 if (m->gc_marker + _GC_OFFSET_MAX <= _GC_OFFSET_MAX)
1071 m->gc_marker = 1;
1072
1073 gc_marker = m->gc_marker;
1074
1075 while ((u = m->gc_unit_queue)) {
1076 assert(u->in_gc_queue);
1077
1078 unit_gc_sweep(u, gc_marker);
1079
1080 LIST_REMOVE(gc_queue, m->gc_unit_queue, u);
1081 u->in_gc_queue = false;
1082
1083 n++;
1084
1085 if (IN_SET(u->gc_marker - gc_marker,
1086 GC_OFFSET_BAD, GC_OFFSET_UNSURE)) {
1087 if (u->id)
1088 log_unit_debug(u, "Collecting.");
1089 u->gc_marker = gc_marker + GC_OFFSET_BAD;
1090 unit_add_to_cleanup_queue(u);
1091 }
1092 }
1093
1094 return n;
1095 }
1096
1097 static unsigned manager_dispatch_gc_job_queue(Manager *m) {
1098 unsigned n = 0;
1099 Job *j;
1100
1101 assert(m);
1102
1103 while ((j = m->gc_job_queue)) {
1104 assert(j->in_gc_queue);
1105
1106 LIST_REMOVE(gc_queue, m->gc_job_queue, j);
1107 j->in_gc_queue = false;
1108
1109 n++;
1110
1111 if (job_check_gc(j))
1112 continue;
1113
1114 log_unit_debug(j->unit, "Collecting job.");
1115 (void) job_finish_and_invalidate(j, JOB_COLLECTED, false, false);
1116 }
1117
1118 return n;
1119 }
1120
1121 static void manager_clear_jobs_and_units(Manager *m) {
1122 Unit *u;
1123
1124 assert(m);
1125
1126 while ((u = hashmap_first(m->units)))
1127 unit_free(u);
1128
1129 manager_dispatch_cleanup_queue(m);
1130
1131 assert(!m->load_queue);
1132 assert(!m->run_queue);
1133 assert(!m->dbus_unit_queue);
1134 assert(!m->dbus_job_queue);
1135 assert(!m->cleanup_queue);
1136 assert(!m->gc_unit_queue);
1137 assert(!m->gc_job_queue);
1138
1139 assert(hashmap_isempty(m->jobs));
1140 assert(hashmap_isempty(m->units));
1141
1142 m->n_on_console = 0;
1143 m->n_running_jobs = 0;
1144 }
1145
1146 Manager* manager_free(Manager *m) {
1147 UnitType c;
1148 int i;
1149 ExecDirectoryType dt;
1150
1151 if (!m)
1152 return NULL;
1153
1154 manager_clear_jobs_and_units(m);
1155
1156 for (c = 0; c < _UNIT_TYPE_MAX; c++)
1157 if (unit_vtable[c]->shutdown)
1158 unit_vtable[c]->shutdown(m);
1159
1160 /* If we reexecute ourselves, we keep the root cgroup around */
1161 manager_shutdown_cgroup(m, m->exit_code != MANAGER_REEXECUTE);
1162
1163 lookup_paths_flush_generator(&m->lookup_paths);
1164
1165 bus_done(m);
1166
1167 dynamic_user_vacuum(m, false);
1168 hashmap_free(m->dynamic_users);
1169
1170 hashmap_free(m->units);
1171 hashmap_free(m->units_by_invocation_id);
1172 hashmap_free(m->jobs);
1173 hashmap_free(m->watch_pids1);
1174 hashmap_free(m->watch_pids2);
1175 hashmap_free(m->watch_bus);
1176
1177 set_free(m->startup_units);
1178 set_free(m->failed_units);
1179
1180 sd_event_source_unref(m->signal_event_source);
1181 sd_event_source_unref(m->notify_event_source);
1182 sd_event_source_unref(m->cgroups_agent_event_source);
1183 sd_event_source_unref(m->time_change_event_source);
1184 sd_event_source_unref(m->jobs_in_progress_event_source);
1185 sd_event_source_unref(m->run_queue_event_source);
1186 sd_event_source_unref(m->user_lookup_event_source);
1187
1188 safe_close(m->signal_fd);
1189 safe_close(m->notify_fd);
1190 safe_close(m->cgroups_agent_fd);
1191 safe_close(m->time_change_fd);
1192 safe_close_pair(m->user_lookup_fds);
1193
1194 manager_close_ask_password(m);
1195
1196 manager_close_idle_pipe(m);
1197
1198 udev_unref(m->udev);
1199 sd_event_unref(m->event);
1200
1201 free(m->notify_socket);
1202
1203 lookup_paths_free(&m->lookup_paths);
1204 strv_free(m->environment);
1205
1206 hashmap_free(m->cgroup_unit);
1207 set_free_free(m->unit_path_cache);
1208
1209 free(m->switch_root);
1210 free(m->switch_root_init);
1211
1212 for (i = 0; i < _RLIMIT_MAX; i++)
1213 m->rlimit[i] = mfree(m->rlimit[i]);
1214
1215 assert(hashmap_isempty(m->units_requiring_mounts_for));
1216 hashmap_free(m->units_requiring_mounts_for);
1217
1218 hashmap_free(m->uid_refs);
1219 hashmap_free(m->gid_refs);
1220
1221 for (dt = 0; dt < _EXEC_DIRECTORY_TYPE_MAX; dt++)
1222 m->prefix[dt] = mfree(m->prefix[dt]);
1223
1224 return mfree(m);
1225 }
1226
1227 void manager_enumerate(Manager *m) {
1228 UnitType c;
1229
1230 assert(m);
1231
1232 /* Let's ask every type to load all units from disk/kernel
1233 * that it might know */
1234 for (c = 0; c < _UNIT_TYPE_MAX; c++) {
1235 if (!unit_type_supported(c)) {
1236 log_debug("Unit type .%s is not supported on this system.", unit_type_to_string(c));
1237 continue;
1238 }
1239
1240 if (!unit_vtable[c]->enumerate)
1241 continue;
1242
1243 unit_vtable[c]->enumerate(m);
1244 }
1245
1246 manager_dispatch_load_queue(m);
1247 }
1248
1249 static void manager_coldplug(Manager *m) {
1250 Iterator i;
1251 Unit *u;
1252 char *k;
1253 int r;
1254
1255 assert(m);
1256
1257 /* Then, let's set up their initial state. */
1258 HASHMAP_FOREACH_KEY(u, k, m->units, i) {
1259
1260 /* ignore aliases */
1261 if (u->id != k)
1262 continue;
1263
1264 r = unit_coldplug(u);
1265 if (r < 0)
1266 log_warning_errno(r, "We couldn't coldplug %s, proceeding anyway: %m", u->id);
1267 }
1268 }
1269
1270 static void manager_build_unit_path_cache(Manager *m) {
1271 char **i;
1272 int r;
1273
1274 assert(m);
1275
1276 set_free_free(m->unit_path_cache);
1277
1278 m->unit_path_cache = set_new(&string_hash_ops);
1279 if (!m->unit_path_cache) {
1280 r = -ENOMEM;
1281 goto fail;
1282 }
1283
1284 /* This simply builds a list of files we know exist, so that
1285 * we don't always have to go to disk */
1286
1287 STRV_FOREACH(i, m->lookup_paths.search_path) {
1288 _cleanup_closedir_ DIR *d = NULL;
1289 struct dirent *de;
1290
1291 d = opendir(*i);
1292 if (!d) {
1293 if (errno != ENOENT)
1294 log_warning_errno(errno, "Failed to open directory %s, ignoring: %m", *i);
1295 continue;
1296 }
1297
1298 FOREACH_DIRENT(de, d, r = -errno; goto fail) {
1299 char *p;
1300
1301 p = strjoin(streq(*i, "/") ? "" : *i, "/", de->d_name);
1302 if (!p) {
1303 r = -ENOMEM;
1304 goto fail;
1305 }
1306
1307 r = set_consume(m->unit_path_cache, p);
1308 if (r < 0)
1309 goto fail;
1310 }
1311 }
1312
1313 return;
1314
1315 fail:
1316 log_warning_errno(r, "Failed to build unit path cache, proceeding without: %m");
1317 m->unit_path_cache = set_free_free(m->unit_path_cache);
1318 }
1319
1320 static void manager_distribute_fds(Manager *m, FDSet *fds) {
1321 Iterator i;
1322 Unit *u;
1323
1324 assert(m);
1325
1326 HASHMAP_FOREACH(u, m->units, i) {
1327
1328 if (fdset_size(fds) <= 0)
1329 break;
1330
1331 if (!UNIT_VTABLE(u)->distribute_fds)
1332 continue;
1333
1334 UNIT_VTABLE(u)->distribute_fds(u, fds);
1335 }
1336 }
1337
1338 int manager_startup(Manager *m, FILE *serialization, FDSet *fds) {
1339 int r;
1340
1341 assert(m);
1342
1343 /* If we are running in test mode, we still want to run the generators,
1344 * but we should not touch the real generator directories. */
1345 r = lookup_paths_init(&m->lookup_paths, m->unit_file_scope,
1346 m->test_run_flags ? LOOKUP_PATHS_TEMPORARY_GENERATED : 0,
1347 NULL);
1348 if (r < 0)
1349 return r;
1350
1351 r = manager_run_environment_generators(m);
1352 if (r < 0)
1353 return r;
1354
1355 dual_timestamp_get(m->timestamps + MANAGER_TIMESTAMP_GENERATORS_START);
1356 r = manager_run_generators(m);
1357 dual_timestamp_get(m->timestamps + MANAGER_TIMESTAMP_GENERATORS_FINISH);
1358 if (r < 0)
1359 return r;
1360
1361 /* If this is the first boot, and we are in the host system, then preset everything */
1362 if (m->first_boot > 0 &&
1363 MANAGER_IS_SYSTEM(m) &&
1364 !m->test_run_flags) {
1365
1366 r = unit_file_preset_all(UNIT_FILE_SYSTEM, 0, NULL, UNIT_FILE_PRESET_ENABLE_ONLY, NULL, 0);
1367 if (r < 0)
1368 log_full_errno(r == -EEXIST ? LOG_NOTICE : LOG_WARNING, r,
1369 "Failed to populate /etc with preset unit settings, ignoring: %m");
1370 else
1371 log_info("Populated /etc with preset unit settings.");
1372 }
1373
1374 lookup_paths_reduce(&m->lookup_paths);
1375 manager_build_unit_path_cache(m);
1376
1377 /* If we will deserialize make sure that during enumeration
1378 * this is already known, so we increase the counter here
1379 * already */
1380 if (serialization)
1381 m->n_reloading++;
1382
1383 /* First, enumerate what we can from all config files */
1384 dual_timestamp_get(m->timestamps + MANAGER_TIMESTAMP_UNITS_LOAD_START);
1385 manager_enumerate(m);
1386 dual_timestamp_get(m->timestamps + MANAGER_TIMESTAMP_UNITS_LOAD_FINISH);
1387
1388 /* Second, deserialize if there is something to deserialize */
1389 if (serialization) {
1390 r = manager_deserialize(m, serialization, fds);
1391 if (r < 0)
1392 return log_error_errno(r, "Deserialization failed: %m");
1393 }
1394
1395 /* Any fds left? Find some unit which wants them. This is
1396 * useful to allow container managers to pass some file
1397 * descriptors to us pre-initialized. This enables
1398 * socket-based activation of entire containers. */
1399 manager_distribute_fds(m, fds);
1400
1401 /* We might have deserialized the notify fd, but if we didn't
1402 * then let's create the bus now */
1403 r = manager_setup_notify(m);
1404 if (r < 0)
1405 /* No sense to continue without notifications, our children would fail anyway. */
1406 return r;
1407
1408 r = manager_setup_cgroups_agent(m);
1409 if (r < 0)
1410 /* Likewise, no sense to continue without empty cgroup notifications. */
1411 return r;
1412
1413 r = manager_setup_user_lookup_fd(m);
1414 if (r < 0)
1415 /* This shouldn't fail, except if things are really broken. */
1416 return r;
1417
1418 /* Let's connect to the bus now. */
1419 (void) manager_connect_bus(m, !!serialization);
1420
1421 (void) bus_track_coldplug(m, &m->subscribed, false, m->deserialized_subscribed);
1422 m->deserialized_subscribed = strv_free(m->deserialized_subscribed);
1423
1424 /* Third, fire things up! */
1425 manager_coldplug(m);
1426
1427 /* Release any dynamic users no longer referenced */
1428 dynamic_user_vacuum(m, true);
1429
1430 /* Release any references to UIDs/GIDs no longer referenced, and destroy any IPC owned by them */
1431 manager_vacuum_uid_refs(m);
1432 manager_vacuum_gid_refs(m);
1433
1434 if (serialization) {
1435 assert(m->n_reloading > 0);
1436 m->n_reloading--;
1437
1438 /* Let's wait for the UnitNew/JobNew messages being
1439 * sent, before we notify that the reload is
1440 * finished */
1441 m->send_reloading_done = true;
1442 }
1443
1444 return 0;
1445 }
1446
1447 int manager_add_job(Manager *m, JobType type, Unit *unit, JobMode mode, sd_bus_error *e, Job **_ret) {
1448 int r;
1449 Transaction *tr;
1450
1451 assert(m);
1452 assert(type < _JOB_TYPE_MAX);
1453 assert(unit);
1454 assert(mode < _JOB_MODE_MAX);
1455
1456 if (mode == JOB_ISOLATE && type != JOB_START)
1457 return sd_bus_error_setf(e, SD_BUS_ERROR_INVALID_ARGS, "Isolate is only valid for start.");
1458
1459 if (mode == JOB_ISOLATE && !unit->allow_isolate)
1460 return sd_bus_error_setf(e, BUS_ERROR_NO_ISOLATION, "Operation refused, unit may not be isolated.");
1461
1462 log_unit_debug(unit, "Trying to enqueue job %s/%s/%s", unit->id, job_type_to_string(type), job_mode_to_string(mode));
1463
1464 type = job_type_collapse(type, unit);
1465
1466 tr = transaction_new(mode == JOB_REPLACE_IRREVERSIBLY);
1467 if (!tr)
1468 return -ENOMEM;
1469
1470 r = transaction_add_job_and_dependencies(tr, type, unit, NULL, true, false,
1471 IN_SET(mode, JOB_IGNORE_DEPENDENCIES, JOB_IGNORE_REQUIREMENTS),
1472 mode == JOB_IGNORE_DEPENDENCIES, e);
1473 if (r < 0)
1474 goto tr_abort;
1475
1476 if (mode == JOB_ISOLATE) {
1477 r = transaction_add_isolate_jobs(tr, m);
1478 if (r < 0)
1479 goto tr_abort;
1480 }
1481
1482 r = transaction_activate(tr, m, mode, e);
1483 if (r < 0)
1484 goto tr_abort;
1485
1486 log_unit_debug(unit,
1487 "Enqueued job %s/%s as %u", unit->id,
1488 job_type_to_string(type), (unsigned) tr->anchor_job->id);
1489
1490 if (_ret)
1491 *_ret = tr->anchor_job;
1492
1493 transaction_free(tr);
1494 return 0;
1495
1496 tr_abort:
1497 transaction_abort(tr);
1498 transaction_free(tr);
1499 return r;
1500 }
1501
1502 int manager_add_job_by_name(Manager *m, JobType type, const char *name, JobMode mode, sd_bus_error *e, Job **ret) {
1503 Unit *unit = NULL; /* just to appease gcc, initialization is not really necessary */
1504 int r;
1505
1506 assert(m);
1507 assert(type < _JOB_TYPE_MAX);
1508 assert(name);
1509 assert(mode < _JOB_MODE_MAX);
1510
1511 r = manager_load_unit(m, name, NULL, NULL, &unit);
1512 if (r < 0)
1513 return r;
1514 assert(unit);
1515
1516 return manager_add_job(m, type, unit, mode, e, ret);
1517 }
1518
1519 int manager_add_job_by_name_and_warn(Manager *m, JobType type, const char *name, JobMode mode, Job **ret) {
1520 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
1521 int r;
1522
1523 assert(m);
1524 assert(type < _JOB_TYPE_MAX);
1525 assert(name);
1526 assert(mode < _JOB_MODE_MAX);
1527
1528 r = manager_add_job_by_name(m, type, name, mode, &error, ret);
1529 if (r < 0)
1530 return log_warning_errno(r, "Failed to enqueue %s job for %s: %s", job_mode_to_string(mode), name, bus_error_message(&error, r));
1531
1532 return r;
1533 }
1534
1535 int manager_propagate_reload(Manager *m, Unit *unit, JobMode mode, sd_bus_error *e) {
1536 int r;
1537 Transaction *tr;
1538
1539 assert(m);
1540 assert(unit);
1541 assert(mode < _JOB_MODE_MAX);
1542 assert(mode != JOB_ISOLATE); /* Isolate is only valid for start */
1543
1544 tr = transaction_new(mode == JOB_REPLACE_IRREVERSIBLY);
1545 if (!tr)
1546 return -ENOMEM;
1547
1548 /* We need an anchor job */
1549 r = transaction_add_job_and_dependencies(tr, JOB_NOP, unit, NULL, false, false, true, true, e);
1550 if (r < 0)
1551 goto tr_abort;
1552
1553 /* Failure in adding individual dependencies is ignored, so this always succeeds. */
1554 transaction_add_propagate_reload_jobs(tr, unit, tr->anchor_job, mode == JOB_IGNORE_DEPENDENCIES, e);
1555
1556 r = transaction_activate(tr, m, mode, e);
1557 if (r < 0)
1558 goto tr_abort;
1559
1560 transaction_free(tr);
1561 return 0;
1562
1563 tr_abort:
1564 transaction_abort(tr);
1565 transaction_free(tr);
1566 return r;
1567 }
1568
1569 Job *manager_get_job(Manager *m, uint32_t id) {
1570 assert(m);
1571
1572 return hashmap_get(m->jobs, UINT32_TO_PTR(id));
1573 }
1574
1575 Unit *manager_get_unit(Manager *m, const char *name) {
1576 assert(m);
1577 assert(name);
1578
1579 return hashmap_get(m->units, name);
1580 }
1581
1582 unsigned manager_dispatch_load_queue(Manager *m) {
1583 Unit *u;
1584 unsigned n = 0;
1585
1586 assert(m);
1587
1588 /* Make sure we are not run recursively */
1589 if (m->dispatching_load_queue)
1590 return 0;
1591
1592 m->dispatching_load_queue = true;
1593
1594 /* Dispatches the load queue. Takes a unit from the queue and
1595 * tries to load its data until the queue is empty */
1596
1597 while ((u = m->load_queue)) {
1598 assert(u->in_load_queue);
1599
1600 unit_load(u);
1601 n++;
1602 }
1603
1604 m->dispatching_load_queue = false;
1605 return n;
1606 }
1607
1608 int manager_load_unit_prepare(
1609 Manager *m,
1610 const char *name,
1611 const char *path,
1612 sd_bus_error *e,
1613 Unit **_ret) {
1614
1615 Unit *ret;
1616 UnitType t;
1617 int r;
1618
1619 assert(m);
1620 assert(name || path);
1621 assert(_ret);
1622
1623 /* This will prepare the unit for loading, but not actually
1624 * load anything from disk. */
1625
1626 if (path && !is_path(path))
1627 return sd_bus_error_setf(e, SD_BUS_ERROR_INVALID_ARGS, "Path %s is not absolute.", path);
1628
1629 if (!name)
1630 name = basename(path);
1631
1632 t = unit_name_to_type(name);
1633
1634 if (t == _UNIT_TYPE_INVALID || !unit_name_is_valid(name, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE)) {
1635 if (unit_name_is_valid(name, UNIT_NAME_TEMPLATE))
1636 return sd_bus_error_setf(e, SD_BUS_ERROR_INVALID_ARGS, "Unit name %s is missing the instance name.", name);
1637
1638 return sd_bus_error_setf(e, SD_BUS_ERROR_INVALID_ARGS, "Unit name %s is not valid.", name);
1639 }
1640
1641 ret = manager_get_unit(m, name);
1642 if (ret) {
1643 *_ret = ret;
1644 return 1;
1645 }
1646
1647 ret = unit_new(m, unit_vtable[t]->object_size);
1648 if (!ret)
1649 return -ENOMEM;
1650
1651 if (path) {
1652 ret->fragment_path = strdup(path);
1653 if (!ret->fragment_path) {
1654 unit_free(ret);
1655 return -ENOMEM;
1656 }
1657 }
1658
1659 r = unit_add_name(ret, name);
1660 if (r < 0) {
1661 unit_free(ret);
1662 return r;
1663 }
1664
1665 unit_add_to_load_queue(ret);
1666 unit_add_to_dbus_queue(ret);
1667 unit_add_to_gc_queue(ret);
1668
1669 *_ret = ret;
1670
1671 return 0;
1672 }
1673
1674 int manager_load_unit(
1675 Manager *m,
1676 const char *name,
1677 const char *path,
1678 sd_bus_error *e,
1679 Unit **_ret) {
1680
1681 int r;
1682
1683 assert(m);
1684 assert(_ret);
1685
1686 /* This will load the service information files, but not actually
1687 * start any services or anything. */
1688
1689 r = manager_load_unit_prepare(m, name, path, e, _ret);
1690 if (r != 0)
1691 return r;
1692
1693 manager_dispatch_load_queue(m);
1694
1695 *_ret = unit_follow_merge(*_ret);
1696
1697 return 0;
1698 }
1699
1700 void manager_dump_jobs(Manager *s, FILE *f, const char *prefix) {
1701 Iterator i;
1702 Job *j;
1703
1704 assert(s);
1705 assert(f);
1706
1707 HASHMAP_FOREACH(j, s->jobs, i)
1708 job_dump(j, f, prefix);
1709 }
1710
1711 void manager_dump_units(Manager *s, FILE *f, const char *prefix) {
1712 Iterator i;
1713 Unit *u;
1714 const char *t;
1715
1716 assert(s);
1717 assert(f);
1718
1719 HASHMAP_FOREACH_KEY(u, t, s->units, i)
1720 if (u->id == t)
1721 unit_dump(u, f, prefix);
1722 }
1723
1724 void manager_dump(Manager *m, FILE *f, const char *prefix) {
1725 ManagerTimestamp q;
1726
1727 assert(m);
1728 assert(f);
1729
1730 for (q = 0; q < _MANAGER_TIMESTAMP_MAX; q++) {
1731 char buf[FORMAT_TIMESTAMP_MAX];
1732
1733 if (dual_timestamp_is_set(m->timestamps + q))
1734 fprintf(f, "%sTimestamp %s: %s\n",
1735 strempty(prefix),
1736 manager_timestamp_to_string(q),
1737 format_timestamp(buf, sizeof(buf), m->timestamps[q].realtime));
1738 }
1739
1740 manager_dump_units(m, f, prefix);
1741 manager_dump_jobs(m, f, prefix);
1742 }
1743
1744 int manager_get_dump_string(Manager *m, char **ret) {
1745 _cleanup_free_ char *dump = NULL;
1746 _cleanup_fclose_ FILE *f = NULL;
1747 size_t size;
1748 int r;
1749
1750 assert(m);
1751 assert(ret);
1752
1753 f = open_memstream(&dump, &size);
1754 if (!f)
1755 return -errno;
1756
1757 __fsetlocking(f, FSETLOCKING_BYCALLER);
1758
1759 manager_dump(m, f, NULL);
1760
1761 r = fflush_and_check(f);
1762 if (r < 0)
1763 return r;
1764
1765 f = safe_fclose(f);
1766
1767 *ret = dump;
1768 dump = NULL;
1769
1770 return 0;
1771 }
1772
1773 void manager_clear_jobs(Manager *m) {
1774 Job *j;
1775
1776 assert(m);
1777
1778 while ((j = hashmap_first(m->jobs)))
1779 /* No need to recurse. We're cancelling all jobs. */
1780 job_finish_and_invalidate(j, JOB_CANCELED, false, false);
1781 }
1782
1783 static int manager_dispatch_run_queue(sd_event_source *source, void *userdata) {
1784 Manager *m = userdata;
1785 Job *j;
1786
1787 assert(source);
1788 assert(m);
1789
1790 while ((j = m->run_queue)) {
1791 assert(j->installed);
1792 assert(j->in_run_queue);
1793
1794 job_run_and_invalidate(j);
1795 }
1796
1797 if (m->n_running_jobs > 0)
1798 manager_watch_jobs_in_progress(m);
1799
1800 if (m->n_on_console > 0)
1801 manager_watch_idle_pipe(m);
1802
1803 return 1;
1804 }
1805
1806 static unsigned manager_dispatch_dbus_queue(Manager *m) {
1807 Job *j;
1808 Unit *u;
1809 unsigned n = 0;
1810
1811 assert(m);
1812
1813 if (m->dispatching_dbus_queue)
1814 return 0;
1815
1816 m->dispatching_dbus_queue = true;
1817
1818 while ((u = m->dbus_unit_queue)) {
1819 assert(u->in_dbus_queue);
1820
1821 bus_unit_send_change_signal(u);
1822 n++;
1823 }
1824
1825 while ((j = m->dbus_job_queue)) {
1826 assert(j->in_dbus_queue);
1827
1828 bus_job_send_change_signal(j);
1829 n++;
1830 }
1831
1832 m->dispatching_dbus_queue = false;
1833
1834 if (m->send_reloading_done) {
1835 m->send_reloading_done = false;
1836
1837 bus_manager_send_reloading(m, false);
1838 }
1839
1840 if (m->queued_message)
1841 bus_send_queued_message(m);
1842
1843 return n;
1844 }
1845
1846 static int manager_dispatch_cgroups_agent_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
1847 Manager *m = userdata;
1848 char buf[PATH_MAX+1];
1849 ssize_t n;
1850
1851 n = recv(fd, buf, sizeof(buf), 0);
1852 if (n < 0)
1853 return log_error_errno(errno, "Failed to read cgroups agent message: %m");
1854 if (n == 0) {
1855 log_error("Got zero-length cgroups agent message, ignoring.");
1856 return 0;
1857 }
1858 if ((size_t) n >= sizeof(buf)) {
1859 log_error("Got overly long cgroups agent message, ignoring.");
1860 return 0;
1861 }
1862
1863 if (memchr(buf, 0, n)) {
1864 log_error("Got cgroups agent message with embedded NUL byte, ignoring.");
1865 return 0;
1866 }
1867 buf[n] = 0;
1868
1869 manager_notify_cgroup_empty(m, buf);
1870 (void) bus_forward_agent_released(m, buf);
1871
1872 return 0;
1873 }
1874
1875 static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, const char *buf, FDSet *fds) {
1876 _cleanup_strv_free_ char **tags = NULL;
1877
1878 assert(m);
1879 assert(u);
1880 assert(buf);
1881
1882 tags = strv_split(buf, "\n\r");
1883 if (!tags) {
1884 log_oom();
1885 return;
1886 }
1887
1888 if (UNIT_VTABLE(u)->notify_message)
1889 UNIT_VTABLE(u)->notify_message(u, pid, tags, fds);
1890 else if (_unlikely_(log_get_max_level() >= LOG_DEBUG)) {
1891 _cleanup_free_ char *x = NULL, *y = NULL;
1892
1893 x = cescape(buf);
1894 if (x)
1895 y = ellipsize(x, 20, 90);
1896 log_unit_debug(u, "Got notification message \"%s\", ignoring.", strnull(y));
1897 }
1898 }
1899
1900 static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
1901
1902 _cleanup_fdset_free_ FDSet *fds = NULL;
1903 Manager *m = userdata;
1904 char buf[NOTIFY_BUFFER_MAX+1];
1905 struct iovec iovec = {
1906 .iov_base = buf,
1907 .iov_len = sizeof(buf)-1,
1908 };
1909 union {
1910 struct cmsghdr cmsghdr;
1911 uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
1912 CMSG_SPACE(sizeof(int) * NOTIFY_FD_MAX)];
1913 } control = {};
1914 struct msghdr msghdr = {
1915 .msg_iov = &iovec,
1916 .msg_iovlen = 1,
1917 .msg_control = &control,
1918 .msg_controllen = sizeof(control),
1919 };
1920
1921 struct cmsghdr *cmsg;
1922 struct ucred *ucred = NULL;
1923 Unit *u1, *u2, *u3;
1924 int r, *fd_array = NULL;
1925 unsigned n_fds = 0;
1926 ssize_t n;
1927
1928 assert(m);
1929 assert(m->notify_fd == fd);
1930
1931 if (revents != EPOLLIN) {
1932 log_warning("Got unexpected poll event for notify fd.");
1933 return 0;
1934 }
1935
1936 n = recvmsg(m->notify_fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC|MSG_TRUNC);
1937 if (n < 0) {
1938 if (IN_SET(errno, EAGAIN, EINTR))
1939 return 0; /* Spurious wakeup, try again */
1940
1941 /* If this is any other, real error, then let's stop processing this socket. This of course means we
1942 * won't take notification messages anymore, but that's still better than busy looping around this:
1943 * being woken up over and over again but being unable to actually read the message off the socket. */
1944 return log_error_errno(errno, "Failed to receive notification message: %m");
1945 }
1946
1947 CMSG_FOREACH(cmsg, &msghdr) {
1948 if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
1949
1950 fd_array = (int*) CMSG_DATA(cmsg);
1951 n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
1952
1953 } else if (cmsg->cmsg_level == SOL_SOCKET &&
1954 cmsg->cmsg_type == SCM_CREDENTIALS &&
1955 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
1956
1957 ucred = (struct ucred*) CMSG_DATA(cmsg);
1958 }
1959 }
1960
1961 if (n_fds > 0) {
1962 assert(fd_array);
1963
1964 r = fdset_new_array(&fds, fd_array, n_fds);
1965 if (r < 0) {
1966 close_many(fd_array, n_fds);
1967 log_oom();
1968 return 0;
1969 }
1970 }
1971
1972 if (!ucred || ucred->pid <= 0) {
1973 log_warning("Received notify message without valid credentials. Ignoring.");
1974 return 0;
1975 }
1976
1977 if ((size_t) n >= sizeof(buf) || (msghdr.msg_flags & MSG_TRUNC)) {
1978 log_warning("Received notify message exceeded maximum size. Ignoring.");
1979 return 0;
1980 }
1981
1982 /* As extra safety check, let's make sure the string we get doesn't contain embedded NUL bytes. We permit one
1983 * trailing NUL byte in the message, but don't expect it. */
1984 if (n > 1 && memchr(buf, 0, n-1)) {
1985 log_warning("Received notify message with embedded NUL bytes. Ignoring.");
1986 return 0;
1987 }
1988
1989 /* Make sure it's NUL-terminated. */
1990 buf[n] = 0;
1991
1992 /* Notify every unit that might be interested, but try
1993 * to avoid notifying the same one multiple times. */
1994 u1 = manager_get_unit_by_pid_cgroup(m, ucred->pid);
1995 if (u1)
1996 manager_invoke_notify_message(m, u1, ucred->pid, buf, fds);
1997
1998 u2 = hashmap_get(m->watch_pids1, PID_TO_PTR(ucred->pid));
1999 if (u2 && u2 != u1)
2000 manager_invoke_notify_message(m, u2, ucred->pid, buf, fds);
2001
2002 u3 = hashmap_get(m->watch_pids2, PID_TO_PTR(ucred->pid));
2003 if (u3 && u3 != u2 && u3 != u1)
2004 manager_invoke_notify_message(m, u3, ucred->pid, buf, fds);
2005
2006 if (!u1 && !u2 && !u3)
2007 log_warning("Cannot find unit for notify message of PID "PID_FMT".", ucred->pid);
2008
2009 if (fdset_size(fds) > 0)
2010 log_warning("Got extra auxiliary fds with notification message, closing them.");
2011
2012 return 0;
2013 }
2014
2015 static void invoke_sigchld_event(Manager *m, Unit *u, const siginfo_t *si) {
2016 uint64_t iteration;
2017
2018 assert(m);
2019 assert(u);
2020 assert(si);
2021
2022 sd_event_get_iteration(m->event, &iteration);
2023
2024 log_unit_debug(u, "Child "PID_FMT" belongs to %s", si->si_pid, u->id);
2025
2026 unit_unwatch_pid(u, si->si_pid);
2027
2028 if (UNIT_VTABLE(u)->sigchld_event) {
2029 if (set_size(u->pids) <= 1 ||
2030 iteration != u->sigchldgen ||
2031 unit_main_pid(u) == si->si_pid ||
2032 unit_control_pid(u) == si->si_pid) {
2033 UNIT_VTABLE(u)->sigchld_event(u, si->si_pid, si->si_code, si->si_status);
2034 u->sigchldgen = iteration;
2035 } else
2036 log_debug("%s already issued a sigchld this iteration %" PRIu64 ", skipping. Pids still being watched %d", u->id, iteration, set_size(u->pids));
2037 }
2038 }
2039
2040 static int manager_dispatch_sigchld(Manager *m) {
2041 assert(m);
2042
2043 for (;;) {
2044 siginfo_t si = {};
2045
2046 /* First we call waitd() for a PID and do not reap the
2047 * zombie. That way we can still access /proc/$PID for
2048 * it while it is a zombie. */
2049 if (waitid(P_ALL, 0, &si, WEXITED|WNOHANG|WNOWAIT) < 0) {
2050
2051 if (errno == ECHILD)
2052 break;
2053
2054 if (errno == EINTR)
2055 continue;
2056
2057 return -errno;
2058 }
2059
2060 if (si.si_pid <= 0)
2061 break;
2062
2063 if (IN_SET(si.si_code, CLD_EXITED, CLD_KILLED, CLD_DUMPED)) {
2064 _cleanup_free_ char *name = NULL;
2065 Unit *u1, *u2, *u3;
2066
2067 get_process_comm(si.si_pid, &name);
2068
2069 log_debug("Child "PID_FMT" (%s) died (code=%s, status=%i/%s)",
2070 si.si_pid, strna(name),
2071 sigchld_code_to_string(si.si_code),
2072 si.si_status,
2073 strna(si.si_code == CLD_EXITED
2074 ? exit_status_to_string(si.si_status, EXIT_STATUS_FULL)
2075 : signal_to_string(si.si_status)));
2076
2077 /* And now figure out the unit this belongs
2078 * to, it might be multiple... */
2079 u1 = manager_get_unit_by_pid_cgroup(m, si.si_pid);
2080 if (u1)
2081 invoke_sigchld_event(m, u1, &si);
2082 u2 = hashmap_get(m->watch_pids1, PID_TO_PTR(si.si_pid));
2083 if (u2 && u2 != u1)
2084 invoke_sigchld_event(m, u2, &si);
2085 u3 = hashmap_get(m->watch_pids2, PID_TO_PTR(si.si_pid));
2086 if (u3 && u3 != u2 && u3 != u1)
2087 invoke_sigchld_event(m, u3, &si);
2088 }
2089
2090 /* And now, we actually reap the zombie. */
2091 if (waitid(P_PID, si.si_pid, &si, WEXITED) < 0) {
2092 if (errno == EINTR)
2093 continue;
2094
2095 return -errno;
2096 }
2097 }
2098
2099 return 0;
2100 }
2101
2102 static void manager_start_target(Manager *m, const char *name, JobMode mode) {
2103 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2104 int r;
2105
2106 log_debug("Activating special unit %s", name);
2107
2108 r = manager_add_job_by_name(m, JOB_START, name, mode, &error, NULL);
2109 if (r < 0)
2110 log_error("Failed to enqueue %s job: %s", name, bus_error_message(&error, r));
2111 }
2112
2113 static void manager_handle_ctrl_alt_del(Manager *m) {
2114 /* If the user presses C-A-D more than
2115 * 7 times within 2s, we reboot/shutdown immediately,
2116 * unless it was disabled in system.conf */
2117
2118 if (ratelimit_test(&m->ctrl_alt_del_ratelimit) || m->cad_burst_action == EMERGENCY_ACTION_NONE)
2119 manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE_IRREVERSIBLY);
2120 else
2121 emergency_action(m, m->cad_burst_action, NULL,
2122 "Ctrl-Alt-Del was pressed more than 7 times within 2s");
2123 }
2124
2125 static int manager_dispatch_signal_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2126 Manager *m = userdata;
2127 ssize_t n;
2128 struct signalfd_siginfo sfsi;
2129 bool sigchld = false;
2130 int r;
2131
2132 assert(m);
2133 assert(m->signal_fd == fd);
2134
2135 if (revents != EPOLLIN) {
2136 log_warning("Got unexpected events from signal file descriptor.");
2137 return 0;
2138 }
2139
2140 for (;;) {
2141 n = read(m->signal_fd, &sfsi, sizeof(sfsi));
2142 if (n != sizeof(sfsi)) {
2143 if (n >= 0) {
2144 log_warning("Truncated read from signal fd (%zu bytes)!", n);
2145 return 0;
2146 }
2147
2148 if (IN_SET(errno, EINTR, EAGAIN))
2149 break;
2150
2151 /* We return an error here, which will kill this handler,
2152 * to avoid a busy loop on read error. */
2153 return log_error_errno(errno, "Reading from signal fd failed: %m");
2154 }
2155
2156 log_received_signal(sfsi.ssi_signo == SIGCHLD ||
2157 (sfsi.ssi_signo == SIGTERM && MANAGER_IS_USER(m))
2158 ? LOG_DEBUG : LOG_INFO,
2159 &sfsi);
2160
2161 switch (sfsi.ssi_signo) {
2162
2163 case SIGCHLD:
2164 sigchld = true;
2165 break;
2166
2167 case SIGTERM:
2168 if (MANAGER_IS_SYSTEM(m)) {
2169 /* This is for compatibility with the
2170 * original sysvinit */
2171 r = verify_run_space_and_log("Refusing to reexecute");
2172 if (r >= 0)
2173 m->exit_code = MANAGER_REEXECUTE;
2174 break;
2175 }
2176
2177 _fallthrough_;
2178 case SIGINT:
2179 if (MANAGER_IS_SYSTEM(m))
2180 manager_handle_ctrl_alt_del(m);
2181 else
2182 manager_start_target(m, SPECIAL_EXIT_TARGET,
2183 JOB_REPLACE_IRREVERSIBLY);
2184 break;
2185
2186 case SIGWINCH:
2187 if (MANAGER_IS_SYSTEM(m))
2188 manager_start_target(m, SPECIAL_KBREQUEST_TARGET, JOB_REPLACE);
2189
2190 /* This is a nop on non-init */
2191 break;
2192
2193 case SIGPWR:
2194 if (MANAGER_IS_SYSTEM(m))
2195 manager_start_target(m, SPECIAL_SIGPWR_TARGET, JOB_REPLACE);
2196
2197 /* This is a nop on non-init */
2198 break;
2199
2200 case SIGUSR1: {
2201 Unit *u;
2202
2203 u = manager_get_unit(m, SPECIAL_DBUS_SERVICE);
2204
2205 if (!u || UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(u))) {
2206 log_info("Trying to reconnect to bus...");
2207 bus_init(m, true);
2208 }
2209
2210 if (!u || !UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(u))) {
2211 log_info("Loading D-Bus service...");
2212 manager_start_target(m, SPECIAL_DBUS_SERVICE, JOB_REPLACE);
2213 }
2214
2215 break;
2216 }
2217
2218 case SIGUSR2: {
2219 _cleanup_free_ char *dump = NULL;
2220
2221 r = manager_get_dump_string(m, &dump);
2222 if (r < 0) {
2223 log_warning_errno(errno, "Failed to acquire manager dump: %m");
2224 break;
2225 }
2226
2227 log_dump(LOG_INFO, dump);
2228 break;
2229 }
2230
2231 case SIGHUP:
2232 r = verify_run_space_and_log("Refusing to reload");
2233 if (r >= 0)
2234 m->exit_code = MANAGER_RELOAD;
2235 break;
2236
2237 default: {
2238
2239 /* Starting SIGRTMIN+0 */
2240 static const struct {
2241 const char *target;
2242 JobMode mode;
2243 } target_table[] = {
2244 [0] = { SPECIAL_DEFAULT_TARGET, JOB_ISOLATE },
2245 [1] = { SPECIAL_RESCUE_TARGET, JOB_ISOLATE },
2246 [2] = { SPECIAL_EMERGENCY_TARGET, JOB_ISOLATE },
2247 [3] = { SPECIAL_HALT_TARGET, JOB_REPLACE_IRREVERSIBLY },
2248 [4] = { SPECIAL_POWEROFF_TARGET, JOB_REPLACE_IRREVERSIBLY },
2249 [5] = { SPECIAL_REBOOT_TARGET, JOB_REPLACE_IRREVERSIBLY },
2250 [6] = { SPECIAL_KEXEC_TARGET, JOB_REPLACE_IRREVERSIBLY }
2251 };
2252
2253 /* Starting SIGRTMIN+13, so that target halt and system halt are 10 apart */
2254 static const ManagerExitCode code_table[] = {
2255 [0] = MANAGER_HALT,
2256 [1] = MANAGER_POWEROFF,
2257 [2] = MANAGER_REBOOT,
2258 [3] = MANAGER_KEXEC
2259 };
2260
2261 if ((int) sfsi.ssi_signo >= SIGRTMIN+0 &&
2262 (int) sfsi.ssi_signo < SIGRTMIN+(int) ELEMENTSOF(target_table)) {
2263 int idx = (int) sfsi.ssi_signo - SIGRTMIN;
2264 manager_start_target(m, target_table[idx].target,
2265 target_table[idx].mode);
2266 break;
2267 }
2268
2269 if ((int) sfsi.ssi_signo >= SIGRTMIN+13 &&
2270 (int) sfsi.ssi_signo < SIGRTMIN+13+(int) ELEMENTSOF(code_table)) {
2271 m->exit_code = code_table[sfsi.ssi_signo - SIGRTMIN - 13];
2272 break;
2273 }
2274
2275 switch (sfsi.ssi_signo - SIGRTMIN) {
2276
2277 case 20:
2278 manager_set_show_status(m, SHOW_STATUS_YES);
2279 break;
2280
2281 case 21:
2282 manager_set_show_status(m, SHOW_STATUS_NO);
2283 break;
2284
2285 case 22:
2286 log_set_max_level(LOG_DEBUG);
2287 log_info("Setting log level to debug.");
2288 break;
2289
2290 case 23:
2291 log_set_max_level(LOG_INFO);
2292 log_info("Setting log level to info.");
2293 break;
2294
2295 case 24:
2296 if (MANAGER_IS_USER(m)) {
2297 m->exit_code = MANAGER_EXIT;
2298 return 0;
2299 }
2300
2301 /* This is a nop on init */
2302 break;
2303
2304 case 26:
2305 case 29: /* compatibility: used to be mapped to LOG_TARGET_SYSLOG_OR_KMSG */
2306 log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
2307 log_notice("Setting log target to journal-or-kmsg.");
2308 break;
2309
2310 case 27:
2311 log_set_target(LOG_TARGET_CONSOLE);
2312 log_notice("Setting log target to console.");
2313 break;
2314
2315 case 28:
2316 log_set_target(LOG_TARGET_KMSG);
2317 log_notice("Setting log target to kmsg.");
2318 break;
2319
2320 default:
2321 log_warning("Got unhandled signal <%s>.", signal_to_string(sfsi.ssi_signo));
2322 }
2323 }
2324 }
2325 }
2326
2327 if (sigchld)
2328 manager_dispatch_sigchld(m);
2329
2330 return 0;
2331 }
2332
2333 static int manager_dispatch_time_change_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2334 Manager *m = userdata;
2335 Iterator i;
2336 Unit *u;
2337
2338 assert(m);
2339 assert(m->time_change_fd == fd);
2340
2341 log_struct(LOG_DEBUG,
2342 "MESSAGE_ID=" SD_MESSAGE_TIME_CHANGE_STR,
2343 LOG_MESSAGE("Time has been changed"),
2344 NULL);
2345
2346 /* Restart the watch */
2347 m->time_change_event_source = sd_event_source_unref(m->time_change_event_source);
2348 m->time_change_fd = safe_close(m->time_change_fd);
2349
2350 manager_setup_time_change(m);
2351
2352 HASHMAP_FOREACH(u, m->units, i)
2353 if (UNIT_VTABLE(u)->time_change)
2354 UNIT_VTABLE(u)->time_change(u);
2355
2356 return 0;
2357 }
2358
2359 static int manager_dispatch_idle_pipe_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2360 Manager *m = userdata;
2361
2362 assert(m);
2363 assert(m->idle_pipe[2] == fd);
2364
2365 m->no_console_output = m->n_on_console > 0;
2366
2367 manager_close_idle_pipe(m);
2368
2369 return 0;
2370 }
2371
2372 static int manager_dispatch_jobs_in_progress(sd_event_source *source, usec_t usec, void *userdata) {
2373 Manager *m = userdata;
2374 int r;
2375 uint64_t next;
2376
2377 assert(m);
2378 assert(source);
2379
2380 manager_print_jobs_in_progress(m);
2381
2382 next = now(CLOCK_MONOTONIC) + JOBS_IN_PROGRESS_PERIOD_USEC;
2383 r = sd_event_source_set_time(source, next);
2384 if (r < 0)
2385 return r;
2386
2387 return sd_event_source_set_enabled(source, SD_EVENT_ONESHOT);
2388 }
2389
2390 int manager_loop(Manager *m) {
2391 int r;
2392
2393 RATELIMIT_DEFINE(rl, 1*USEC_PER_SEC, 50000);
2394
2395 assert(m);
2396 m->exit_code = MANAGER_OK;
2397
2398 /* Release the path cache */
2399 m->unit_path_cache = set_free_free(m->unit_path_cache);
2400
2401 manager_check_finished(m);
2402
2403 /* There might still be some zombies hanging around from
2404 * before we were exec()'ed. Let's reap them. */
2405 r = manager_dispatch_sigchld(m);
2406 if (r < 0)
2407 return r;
2408
2409 while (m->exit_code == MANAGER_OK) {
2410 usec_t wait_usec;
2411
2412 if (m->runtime_watchdog > 0 && m->runtime_watchdog != USEC_INFINITY && MANAGER_IS_SYSTEM(m))
2413 watchdog_ping();
2414
2415 if (!ratelimit_test(&rl)) {
2416 /* Yay, something is going seriously wrong, pause a little */
2417 log_warning("Looping too fast. Throttling execution a little.");
2418 sleep(1);
2419 }
2420
2421 if (manager_dispatch_load_queue(m) > 0)
2422 continue;
2423
2424 if (manager_dispatch_gc_job_queue(m) > 0)
2425 continue;
2426
2427 if (manager_dispatch_gc_unit_queue(m) > 0)
2428 continue;
2429
2430 if (manager_dispatch_cleanup_queue(m) > 0)
2431 continue;
2432
2433 if (manager_dispatch_cgroup_realize_queue(m) > 0)
2434 continue;
2435
2436 if (manager_dispatch_dbus_queue(m) > 0)
2437 continue;
2438
2439 /* Sleep for half the watchdog time */
2440 if (m->runtime_watchdog > 0 && m->runtime_watchdog != USEC_INFINITY && MANAGER_IS_SYSTEM(m)) {
2441 wait_usec = m->runtime_watchdog / 2;
2442 if (wait_usec <= 0)
2443 wait_usec = 1;
2444 } else
2445 wait_usec = USEC_INFINITY;
2446
2447 r = sd_event_run(m->event, wait_usec);
2448 if (r < 0)
2449 return log_error_errno(r, "Failed to run event loop: %m");
2450 }
2451
2452 return m->exit_code;
2453 }
2454
2455 int manager_load_unit_from_dbus_path(Manager *m, const char *s, sd_bus_error *e, Unit **_u) {
2456 _cleanup_free_ char *n = NULL;
2457 sd_id128_t invocation_id;
2458 Unit *u;
2459 int r;
2460
2461 assert(m);
2462 assert(s);
2463 assert(_u);
2464
2465 r = unit_name_from_dbus_path(s, &n);
2466 if (r < 0)
2467 return r;
2468
2469 /* Permit addressing units by invocation ID: if the passed bus path is suffixed by a 128bit ID then we use it
2470 * as invocation ID. */
2471 r = sd_id128_from_string(n, &invocation_id);
2472 if (r >= 0) {
2473 u = hashmap_get(m->units_by_invocation_id, &invocation_id);
2474 if (u) {
2475 *_u = u;
2476 return 0;
2477 }
2478
2479 return sd_bus_error_setf(e, BUS_ERROR_NO_UNIT_FOR_INVOCATION_ID, "No unit with the specified invocation ID " SD_ID128_FORMAT_STR " known.", SD_ID128_FORMAT_VAL(invocation_id));
2480 }
2481
2482 /* If this didn't work, we check if this is a unit name */
2483 if (!unit_name_is_valid(n, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE))
2484 return sd_bus_error_setf(e, SD_BUS_ERROR_INVALID_ARGS, "Unit name %s is neither a valid invocation ID nor unit name.", n);
2485
2486 r = manager_load_unit(m, n, NULL, e, &u);
2487 if (r < 0)
2488 return r;
2489
2490 *_u = u;
2491 return 0;
2492 }
2493
2494 int manager_get_job_from_dbus_path(Manager *m, const char *s, Job **_j) {
2495 const char *p;
2496 unsigned id;
2497 Job *j;
2498 int r;
2499
2500 assert(m);
2501 assert(s);
2502 assert(_j);
2503
2504 p = startswith(s, "/org/freedesktop/systemd1/job/");
2505 if (!p)
2506 return -EINVAL;
2507
2508 r = safe_atou(p, &id);
2509 if (r < 0)
2510 return r;
2511
2512 j = manager_get_job(m, id);
2513 if (!j)
2514 return -ENOENT;
2515
2516 *_j = j;
2517
2518 return 0;
2519 }
2520
2521 void manager_send_unit_audit(Manager *m, Unit *u, int type, bool success) {
2522
2523 #if HAVE_AUDIT
2524 _cleanup_free_ char *p = NULL;
2525 const char *msg;
2526 int audit_fd, r;
2527
2528 if (!MANAGER_IS_SYSTEM(m))
2529 return;
2530
2531 audit_fd = get_audit_fd();
2532 if (audit_fd < 0)
2533 return;
2534
2535 /* Don't generate audit events if the service was already
2536 * started and we're just deserializing */
2537 if (MANAGER_IS_RELOADING(m))
2538 return;
2539
2540 if (u->type != UNIT_SERVICE)
2541 return;
2542
2543 r = unit_name_to_prefix_and_instance(u->id, &p);
2544 if (r < 0) {
2545 log_error_errno(r, "Failed to extract prefix and instance of unit name: %m");
2546 return;
2547 }
2548
2549 msg = strjoina("unit=", p);
2550 if (audit_log_user_comm_message(audit_fd, type, msg, "systemd", NULL, NULL, NULL, success) < 0) {
2551 if (errno == EPERM)
2552 /* We aren't allowed to send audit messages?
2553 * Then let's not retry again. */
2554 close_audit_fd();
2555 else
2556 log_warning_errno(errno, "Failed to send audit message: %m");
2557 }
2558 #endif
2559
2560 }
2561
2562 void manager_send_unit_plymouth(Manager *m, Unit *u) {
2563 static const union sockaddr_union sa = PLYMOUTH_SOCKET;
2564 _cleanup_free_ char *message = NULL;
2565 _cleanup_close_ int fd = -1;
2566 int n = 0;
2567
2568 /* Don't generate plymouth events if the service was already
2569 * started and we're just deserializing */
2570 if (MANAGER_IS_RELOADING(m))
2571 return;
2572
2573 if (!MANAGER_IS_SYSTEM(m))
2574 return;
2575
2576 if (detect_container() > 0)
2577 return;
2578
2579 if (!IN_SET(u->type, UNIT_SERVICE, UNIT_MOUNT, UNIT_SWAP))
2580 return;
2581
2582 /* We set SOCK_NONBLOCK here so that we rather drop the
2583 * message then wait for plymouth */
2584 fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
2585 if (fd < 0) {
2586 log_error_errno(errno, "socket() failed: %m");
2587 return;
2588 }
2589
2590 if (connect(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) {
2591
2592 if (!IN_SET(errno, EPIPE, EAGAIN, ENOENT, ECONNREFUSED, ECONNRESET, ECONNABORTED))
2593 log_error_errno(errno, "connect() failed: %m");
2594 return;
2595 }
2596
2597 if (asprintf(&message, "U\002%c%s%n", (int) (strlen(u->id) + 1), u->id, &n) < 0) {
2598 log_oom();
2599 return;
2600 }
2601
2602 errno = 0;
2603 if (write(fd, message, n + 1) != n + 1)
2604 if (!IN_SET(errno, EPIPE, EAGAIN, ENOENT, ECONNREFUSED, ECONNRESET, ECONNABORTED))
2605 log_error_errno(errno, "Failed to write Plymouth message: %m");
2606 }
2607
2608 int manager_open_serialization(Manager *m, FILE **_f) {
2609 int fd;
2610 FILE *f;
2611
2612 assert(_f);
2613
2614 fd = open_serialization_fd("systemd-state");
2615 if (fd < 0)
2616 return fd;
2617
2618 f = fdopen(fd, "w+");
2619 if (!f) {
2620 safe_close(fd);
2621 return -errno;
2622 }
2623
2624 *_f = f;
2625 return 0;
2626 }
2627
2628 int manager_serialize(Manager *m, FILE *f, FDSet *fds, bool switching_root) {
2629 ManagerTimestamp q;
2630 const char *t;
2631 Iterator i;
2632 Unit *u;
2633 int r;
2634
2635 assert(m);
2636 assert(f);
2637 assert(fds);
2638
2639 m->n_reloading++;
2640
2641 fprintf(f, "current-job-id=%"PRIu32"\n", m->current_job_id);
2642 fprintf(f, "n-installed-jobs=%u\n", m->n_installed_jobs);
2643 fprintf(f, "n-failed-jobs=%u\n", m->n_failed_jobs);
2644 fprintf(f, "taint-usr=%s\n", yes_no(m->taint_usr));
2645 fprintf(f, "ready-sent=%s\n", yes_no(m->ready_sent));
2646
2647 for (q = 0; q < _MANAGER_TIMESTAMP_MAX; q++) {
2648 /* The userspace and finish timestamps only apply to the host system, hence only serialize them there */
2649 if (in_initrd() && IN_SET(q, MANAGER_TIMESTAMP_USERSPACE, MANAGER_TIMESTAMP_FINISH))
2650 continue;
2651
2652 t = manager_timestamp_to_string(q);
2653 {
2654 char field[strlen(t) + strlen("-timestamp") + 1];
2655 strcpy(stpcpy(field, t), "-timestamp");
2656 dual_timestamp_serialize(f, field, m->timestamps + q);
2657 }
2658 }
2659
2660 if (!switching_root)
2661 (void) serialize_environment(f, m->environment);
2662
2663 if (m->notify_fd >= 0) {
2664 int copy;
2665
2666 copy = fdset_put_dup(fds, m->notify_fd);
2667 if (copy < 0)
2668 return copy;
2669
2670 fprintf(f, "notify-fd=%i\n", copy);
2671 fprintf(f, "notify-socket=%s\n", m->notify_socket);
2672 }
2673
2674 if (m->cgroups_agent_fd >= 0) {
2675 int copy;
2676
2677 copy = fdset_put_dup(fds, m->cgroups_agent_fd);
2678 if (copy < 0)
2679 return copy;
2680
2681 fprintf(f, "cgroups-agent-fd=%i\n", copy);
2682 }
2683
2684 if (m->user_lookup_fds[0] >= 0) {
2685 int copy0, copy1;
2686
2687 copy0 = fdset_put_dup(fds, m->user_lookup_fds[0]);
2688 if (copy0 < 0)
2689 return copy0;
2690
2691 copy1 = fdset_put_dup(fds, m->user_lookup_fds[1]);
2692 if (copy1 < 0)
2693 return copy1;
2694
2695 fprintf(f, "user-lookup=%i %i\n", copy0, copy1);
2696 }
2697
2698 bus_track_serialize(m->subscribed, f, "subscribed");
2699
2700 r = dynamic_user_serialize(m, f, fds);
2701 if (r < 0)
2702 return r;
2703
2704 manager_serialize_uid_refs(m, f);
2705 manager_serialize_gid_refs(m, f);
2706
2707 fputc_unlocked('\n', f);
2708
2709 HASHMAP_FOREACH_KEY(u, t, m->units, i) {
2710 if (u->id != t)
2711 continue;
2712
2713 /* Start marker */
2714 fputs_unlocked(u->id, f);
2715 fputc_unlocked('\n', f);
2716
2717 r = unit_serialize(u, f, fds, !switching_root);
2718 if (r < 0) {
2719 m->n_reloading--;
2720 return r;
2721 }
2722 }
2723
2724 assert(m->n_reloading > 0);
2725 m->n_reloading--;
2726
2727 if (ferror(f))
2728 return -EIO;
2729
2730 r = bus_fdset_add_all(m, fds);
2731 if (r < 0)
2732 return r;
2733
2734 return 0;
2735 }
2736
2737 int manager_deserialize(Manager *m, FILE *f, FDSet *fds) {
2738 int r = 0;
2739
2740 assert(m);
2741 assert(f);
2742
2743 log_debug("Deserializing state...");
2744
2745 m->n_reloading++;
2746
2747 for (;;) {
2748 char line[LINE_MAX];
2749 const char *val, *l;
2750
2751 if (!fgets(line, sizeof(line), f)) {
2752 if (feof(f))
2753 r = 0;
2754 else
2755 r = -errno;
2756
2757 goto finish;
2758 }
2759
2760 char_array_0(line);
2761 l = strstrip(line);
2762
2763 if (l[0] == 0)
2764 break;
2765
2766 if ((val = startswith(l, "current-job-id="))) {
2767 uint32_t id;
2768
2769 if (safe_atou32(val, &id) < 0)
2770 log_notice("Failed to parse current job id value %s", val);
2771 else
2772 m->current_job_id = MAX(m->current_job_id, id);
2773
2774 } else if ((val = startswith(l, "n-installed-jobs="))) {
2775 uint32_t n;
2776
2777 if (safe_atou32(val, &n) < 0)
2778 log_notice("Failed to parse installed jobs counter %s", val);
2779 else
2780 m->n_installed_jobs += n;
2781
2782 } else if ((val = startswith(l, "n-failed-jobs="))) {
2783 uint32_t n;
2784
2785 if (safe_atou32(val, &n) < 0)
2786 log_notice("Failed to parse failed jobs counter %s", val);
2787 else
2788 m->n_failed_jobs += n;
2789
2790 } else if ((val = startswith(l, "taint-usr="))) {
2791 int b;
2792
2793 b = parse_boolean(val);
2794 if (b < 0)
2795 log_notice("Failed to parse taint /usr flag %s", val);
2796 else
2797 m->taint_usr = m->taint_usr || b;
2798
2799 } else if ((val = startswith(l, "ready-sent="))) {
2800 int b;
2801
2802 b = parse_boolean(val);
2803 if (b < 0)
2804 log_notice("Failed to parse ready-sent flag %s", val);
2805 else
2806 m->ready_sent = m->ready_sent || b;
2807
2808 } else if (startswith(l, "env=")) {
2809 r = deserialize_environment(&m->environment, l);
2810 if (r == -ENOMEM)
2811 goto finish;
2812 if (r < 0)
2813 log_notice_errno(r, "Failed to parse environment entry: \"%s\": %m", l);
2814
2815 } else if ((val = startswith(l, "notify-fd="))) {
2816 int fd;
2817
2818 if (safe_atoi(val, &fd) < 0 || fd < 0 || !fdset_contains(fds, fd))
2819 log_notice("Failed to parse notify fd: \"%s\"", val);
2820 else {
2821 m->notify_event_source = sd_event_source_unref(m->notify_event_source);
2822 safe_close(m->notify_fd);
2823 m->notify_fd = fdset_remove(fds, fd);
2824 }
2825
2826 } else if ((val = startswith(l, "notify-socket="))) {
2827 char *n;
2828
2829 n = strdup(val);
2830 if (!n) {
2831 r = -ENOMEM;
2832 goto finish;
2833 }
2834
2835 free(m->notify_socket);
2836 m->notify_socket = n;
2837
2838 } else if ((val = startswith(l, "cgroups-agent-fd="))) {
2839 int fd;
2840
2841 if (safe_atoi(val, &fd) < 0 || fd < 0 || !fdset_contains(fds, fd))
2842 log_notice("Failed to parse cgroups agent fd: %s", val);
2843 else {
2844 m->cgroups_agent_event_source = sd_event_source_unref(m->cgroups_agent_event_source);
2845 safe_close(m->cgroups_agent_fd);
2846 m->cgroups_agent_fd = fdset_remove(fds, fd);
2847 }
2848
2849 } else if ((val = startswith(l, "user-lookup="))) {
2850 int fd0, fd1;
2851
2852 if (sscanf(val, "%i %i", &fd0, &fd1) != 2 || fd0 < 0 || fd1 < 0 || fd0 == fd1 || !fdset_contains(fds, fd0) || !fdset_contains(fds, fd1))
2853 log_notice("Failed to parse user lookup fd: %s", val);
2854 else {
2855 m->user_lookup_event_source = sd_event_source_unref(m->user_lookup_event_source);
2856 safe_close_pair(m->user_lookup_fds);
2857 m->user_lookup_fds[0] = fdset_remove(fds, fd0);
2858 m->user_lookup_fds[1] = fdset_remove(fds, fd1);
2859 }
2860
2861 } else if ((val = startswith(l, "dynamic-user=")))
2862 dynamic_user_deserialize_one(m, val, fds);
2863 else if ((val = startswith(l, "destroy-ipc-uid=")))
2864 manager_deserialize_uid_refs_one(m, val);
2865 else if ((val = startswith(l, "destroy-ipc-gid=")))
2866 manager_deserialize_gid_refs_one(m, val);
2867 else if ((val = startswith(l, "subscribed="))) {
2868
2869 if (strv_extend(&m->deserialized_subscribed, val) < 0)
2870 log_oom();
2871 } else {
2872 ManagerTimestamp q;
2873
2874 for (q = 0; q < _MANAGER_TIMESTAMP_MAX; q++) {
2875 val = startswith(l, manager_timestamp_to_string(q));
2876 if (!val)
2877 continue;
2878
2879 val = startswith(val, "-timestamp=");
2880 if (val)
2881 break;
2882 }
2883
2884 if (q < _MANAGER_TIMESTAMP_MAX) /* found it */
2885 dual_timestamp_deserialize(val, m->timestamps + q);
2886 else if (!startswith(l, "kdbus-fd=")) /* ignore kdbus */
2887 log_notice("Unknown serialization item '%s'", l);
2888 }
2889 }
2890
2891 for (;;) {
2892 Unit *u;
2893 char name[UNIT_NAME_MAX+2];
2894 const char* unit_name;
2895
2896 /* Start marker */
2897 if (!fgets(name, sizeof(name), f)) {
2898 if (feof(f))
2899 r = 0;
2900 else
2901 r = -errno;
2902
2903 goto finish;
2904 }
2905
2906 char_array_0(name);
2907 unit_name = strstrip(name);
2908
2909 r = manager_load_unit(m, unit_name, NULL, NULL, &u);
2910 if (r < 0) {
2911 log_notice_errno(r, "Failed to load unit \"%s\", skipping deserialization: %m", unit_name);
2912 if (r == -ENOMEM)
2913 goto finish;
2914 unit_deserialize_skip(f);
2915 continue;
2916 }
2917
2918 r = unit_deserialize(u, f, fds);
2919 if (r < 0) {
2920 log_notice_errno(r, "Failed to deserialize unit \"%s\": %m", unit_name);
2921 if (r == -ENOMEM)
2922 goto finish;
2923 }
2924 }
2925
2926 finish:
2927 if (ferror(f))
2928 r = -EIO;
2929
2930 assert(m->n_reloading > 0);
2931 m->n_reloading--;
2932
2933 return r;
2934 }
2935
2936 int manager_reload(Manager *m) {
2937 int r, q;
2938 _cleanup_fclose_ FILE *f = NULL;
2939 _cleanup_fdset_free_ FDSet *fds = NULL;
2940
2941 assert(m);
2942
2943 r = manager_open_serialization(m, &f);
2944 if (r < 0)
2945 return r;
2946
2947 m->n_reloading++;
2948 bus_manager_send_reloading(m, true);
2949
2950 fds = fdset_new();
2951 if (!fds) {
2952 m->n_reloading--;
2953 return -ENOMEM;
2954 }
2955
2956 r = manager_serialize(m, f, fds, false);
2957 if (r < 0) {
2958 m->n_reloading--;
2959 return r;
2960 }
2961
2962 if (fseeko(f, 0, SEEK_SET) < 0) {
2963 m->n_reloading--;
2964 return -errno;
2965 }
2966
2967 /* From here on there is no way back. */
2968 manager_clear_jobs_and_units(m);
2969 lookup_paths_flush_generator(&m->lookup_paths);
2970 lookup_paths_free(&m->lookup_paths);
2971 dynamic_user_vacuum(m, false);
2972 m->uid_refs = hashmap_free(m->uid_refs);
2973 m->gid_refs = hashmap_free(m->gid_refs);
2974
2975 q = lookup_paths_init(&m->lookup_paths, m->unit_file_scope, 0, NULL);
2976 if (q < 0 && r >= 0)
2977 r = q;
2978
2979 q = manager_run_environment_generators(m);
2980 if (q < 0 && r >= 0)
2981 r = q;
2982
2983 /* Find new unit paths */
2984 q = manager_run_generators(m);
2985 if (q < 0 && r >= 0)
2986 r = q;
2987
2988 lookup_paths_reduce(&m->lookup_paths);
2989 manager_build_unit_path_cache(m);
2990
2991 /* First, enumerate what we can from all config files */
2992 manager_enumerate(m);
2993
2994 /* Second, deserialize our stored data */
2995 q = manager_deserialize(m, f, fds);
2996 if (q < 0) {
2997 log_error_errno(q, "Deserialization failed: %m");
2998
2999 if (r >= 0)
3000 r = q;
3001 }
3002
3003 fclose(f);
3004 f = NULL;
3005
3006 /* Re-register notify_fd as event source */
3007 q = manager_setup_notify(m);
3008 if (q < 0 && r >= 0)
3009 r = q;
3010
3011 q = manager_setup_cgroups_agent(m);
3012 if (q < 0 && r >= 0)
3013 r = q;
3014
3015 q = manager_setup_user_lookup_fd(m);
3016 if (q < 0 && r >= 0)
3017 r = q;
3018
3019 /* Third, fire things up! */
3020 manager_coldplug(m);
3021
3022 /* Release any dynamic users no longer referenced */
3023 dynamic_user_vacuum(m, true);
3024
3025 /* Release any references to UIDs/GIDs no longer referenced, and destroy any IPC owned by them */
3026 manager_vacuum_uid_refs(m);
3027 manager_vacuum_gid_refs(m);
3028
3029 /* Sync current state of bus names with our set of listening units */
3030 if (m->api_bus)
3031 manager_sync_bus_names(m, m->api_bus);
3032
3033 assert(m->n_reloading > 0);
3034 m->n_reloading--;
3035
3036 m->send_reloading_done = true;
3037
3038 return r;
3039 }
3040
3041 void manager_reset_failed(Manager *m) {
3042 Unit *u;
3043 Iterator i;
3044
3045 assert(m);
3046
3047 HASHMAP_FOREACH(u, m->units, i)
3048 unit_reset_failed(u);
3049 }
3050
3051 bool manager_unit_inactive_or_pending(Manager *m, const char *name) {
3052 Unit *u;
3053
3054 assert(m);
3055 assert(name);
3056
3057 /* Returns true if the unit is inactive or going down */
3058 u = manager_get_unit(m, name);
3059 if (!u)
3060 return true;
3061
3062 return unit_inactive_or_pending(u);
3063 }
3064
3065 static void manager_notify_finished(Manager *m) {
3066 char userspace[FORMAT_TIMESPAN_MAX], initrd[FORMAT_TIMESPAN_MAX], kernel[FORMAT_TIMESPAN_MAX], sum[FORMAT_TIMESPAN_MAX];
3067 usec_t firmware_usec, loader_usec, kernel_usec, initrd_usec, userspace_usec, total_usec;
3068
3069 if (m->test_run_flags)
3070 return;
3071
3072 if (MANAGER_IS_SYSTEM(m) && detect_container() <= 0) {
3073
3074 /* Note that MANAGER_TIMESTAMP_KERNEL's monotonic value is always at 0, and
3075 * MANAGER_TIMESTAMP_FIRMWARE's and MANAGER_TIMESTAMP_LOADER's monotonic value should be considered
3076 * negative values. */
3077
3078 firmware_usec = m->timestamps[MANAGER_TIMESTAMP_FIRMWARE].monotonic - m->timestamps[MANAGER_TIMESTAMP_LOADER].monotonic;
3079 loader_usec = m->timestamps[MANAGER_TIMESTAMP_LOADER].monotonic - m->timestamps[MANAGER_TIMESTAMP_KERNEL].monotonic;
3080 userspace_usec = m->timestamps[MANAGER_TIMESTAMP_FINISH].monotonic - m->timestamps[MANAGER_TIMESTAMP_USERSPACE].monotonic;
3081 total_usec = m->timestamps[MANAGER_TIMESTAMP_FIRMWARE].monotonic + m->timestamps[MANAGER_TIMESTAMP_FINISH].monotonic;
3082
3083 if (dual_timestamp_is_set(&m->timestamps[MANAGER_TIMESTAMP_INITRD])) {
3084
3085 /* The initrd case on bare-metal*/
3086 kernel_usec = m->timestamps[MANAGER_TIMESTAMP_INITRD].monotonic - m->timestamps[MANAGER_TIMESTAMP_KERNEL].monotonic;
3087 initrd_usec = m->timestamps[MANAGER_TIMESTAMP_USERSPACE].monotonic - m->timestamps[MANAGER_TIMESTAMP_INITRD].monotonic;
3088
3089 log_struct(LOG_INFO,
3090 "MESSAGE_ID=" SD_MESSAGE_STARTUP_FINISHED_STR,
3091 "KERNEL_USEC="USEC_FMT, kernel_usec,
3092 "INITRD_USEC="USEC_FMT, initrd_usec,
3093 "USERSPACE_USEC="USEC_FMT, userspace_usec,
3094 LOG_MESSAGE("Startup finished in %s (kernel) + %s (initrd) + %s (userspace) = %s.",
3095 format_timespan(kernel, sizeof(kernel), kernel_usec, USEC_PER_MSEC),
3096 format_timespan(initrd, sizeof(initrd), initrd_usec, USEC_PER_MSEC),
3097 format_timespan(userspace, sizeof(userspace), userspace_usec, USEC_PER_MSEC),
3098 format_timespan(sum, sizeof(sum), total_usec, USEC_PER_MSEC)),
3099 NULL);
3100 } else {
3101 /* The initrd-less case on bare-metal*/
3102
3103 kernel_usec = m->timestamps[MANAGER_TIMESTAMP_USERSPACE].monotonic - m->timestamps[MANAGER_TIMESTAMP_KERNEL].monotonic;
3104 initrd_usec = 0;
3105
3106 log_struct(LOG_INFO,
3107 "MESSAGE_ID=" SD_MESSAGE_STARTUP_FINISHED_STR,
3108 "KERNEL_USEC="USEC_FMT, kernel_usec,
3109 "USERSPACE_USEC="USEC_FMT, userspace_usec,
3110 LOG_MESSAGE("Startup finished in %s (kernel) + %s (userspace) = %s.",
3111 format_timespan(kernel, sizeof(kernel), kernel_usec, USEC_PER_MSEC),
3112 format_timespan(userspace, sizeof(userspace), userspace_usec, USEC_PER_MSEC),
3113 format_timespan(sum, sizeof(sum), total_usec, USEC_PER_MSEC)),
3114 NULL);
3115 }
3116 } else {
3117 /* The container case */
3118 firmware_usec = loader_usec = initrd_usec = kernel_usec = 0;
3119 total_usec = userspace_usec = m->timestamps[MANAGER_TIMESTAMP_FINISH].monotonic - m->timestamps[MANAGER_TIMESTAMP_USERSPACE].monotonic;
3120
3121 log_struct(LOG_INFO,
3122 "MESSAGE_ID=" SD_MESSAGE_USER_STARTUP_FINISHED_STR,
3123 "USERSPACE_USEC="USEC_FMT, userspace_usec,
3124 LOG_MESSAGE("Startup finished in %s.",
3125 format_timespan(sum, sizeof(sum), total_usec, USEC_PER_MSEC)),
3126 NULL);
3127 }
3128
3129 bus_manager_send_finished(m, firmware_usec, loader_usec, kernel_usec, initrd_usec, userspace_usec, total_usec);
3130
3131 sd_notifyf(false,
3132 m->ready_sent ? "STATUS=Startup finished in %s."
3133 : "READY=1\n"
3134 "STATUS=Startup finished in %s.",
3135 format_timespan(sum, sizeof(sum), total_usec, USEC_PER_MSEC));
3136 m->ready_sent = true;
3137 }
3138
3139 void manager_check_finished(Manager *m) {
3140 assert(m);
3141
3142 if (MANAGER_IS_RELOADING(m))
3143 return;
3144
3145 /* Verify that we are actually running currently. Initially
3146 * the exit code is set to invalid, and during operation it is
3147 * then set to MANAGER_OK */
3148 if (m->exit_code != MANAGER_OK)
3149 return;
3150
3151 /* For user managers, send out READY=1 as soon as we reach basic.target */
3152 if (MANAGER_IS_USER(m) && !m->ready_sent) {
3153 Unit *u;
3154
3155 u = manager_get_unit(m, SPECIAL_BASIC_TARGET);
3156 if (u && !u->job) {
3157 sd_notifyf(false,
3158 "READY=1\n"
3159 "STATUS=Reached " SPECIAL_BASIC_TARGET ".");
3160 m->ready_sent = true;
3161 }
3162 }
3163
3164 if (hashmap_size(m->jobs) > 0) {
3165 if (m->jobs_in_progress_event_source)
3166 /* Ignore any failure, this is only for feedback */
3167 (void) sd_event_source_set_time(m->jobs_in_progress_event_source, now(CLOCK_MONOTONIC) + JOBS_IN_PROGRESS_WAIT_USEC);
3168
3169 return;
3170 }
3171
3172 manager_flip_auto_status(m, false);
3173
3174 /* Notify Type=idle units that we are done now */
3175 manager_close_idle_pipe(m);
3176
3177 /* Turn off confirm spawn now */
3178 m->confirm_spawn = NULL;
3179
3180 /* No need to update ask password status when we're going non-interactive */
3181 manager_close_ask_password(m);
3182
3183 /* This is no longer the first boot */
3184 manager_set_first_boot(m, false);
3185
3186 if (MANAGER_IS_FINISHED(m))
3187 return;
3188
3189 dual_timestamp_get(m->timestamps + MANAGER_TIMESTAMP_FINISH);
3190
3191 manager_notify_finished(m);
3192
3193 manager_invalidate_startup_units(m);
3194 }
3195
3196 static bool generator_path_any(const char* const* paths) {
3197 char **path;
3198 bool found = false;
3199
3200 /* Optimize by skipping the whole process by not creating output directories
3201 * if no generators are found. */
3202 STRV_FOREACH(path, (char**) paths)
3203 if (access(*path, F_OK) == 0)
3204 found = true;
3205 else if (errno != ENOENT)
3206 log_warning_errno(errno, "Failed to open generator directory %s: %m", *path);
3207
3208 return found;
3209 }
3210
3211 static const char* system_env_generator_binary_paths[] = {
3212 "/run/systemd/system-environment-generators",
3213 "/etc/systemd/system-environment-generators",
3214 "/usr/local/lib/systemd/system-environment-generators",
3215 SYSTEM_ENV_GENERATOR_PATH,
3216 NULL
3217 };
3218
3219 static const char* user_env_generator_binary_paths[] = {
3220 "/run/systemd/user-environment-generators",
3221 "/etc/systemd/user-environment-generators",
3222 "/usr/local/lib/systemd/user-environment-generators",
3223 USER_ENV_GENERATOR_PATH,
3224 NULL
3225 };
3226
3227 static int manager_run_environment_generators(Manager *m) {
3228 char **tmp = NULL; /* this is only used in the forked process, no cleanup here */
3229 const char **paths;
3230 void* args[] = {&tmp, &tmp, &m->environment};
3231
3232 if (m->test_run_flags && !(m->test_run_flags & MANAGER_TEST_RUN_ENV_GENERATORS))
3233 return 0;
3234
3235 paths = MANAGER_IS_SYSTEM(m) ? system_env_generator_binary_paths : user_env_generator_binary_paths;
3236
3237 if (!generator_path_any(paths))
3238 return 0;
3239
3240 return execute_directories(paths, DEFAULT_TIMEOUT_USEC, gather_environment, args, NULL);
3241 }
3242
3243 static int manager_run_generators(Manager *m) {
3244 _cleanup_strv_free_ char **paths = NULL;
3245 const char *argv[5];
3246 int r;
3247
3248 assert(m);
3249
3250 if (m->test_run_flags && !(m->test_run_flags & MANAGER_TEST_RUN_GENERATORS))
3251 return 0;
3252
3253 paths = generator_binary_paths(m->unit_file_scope);
3254 if (!paths)
3255 return log_oom();
3256
3257 if (!generator_path_any((const char* const*) paths))
3258 return 0;
3259
3260 r = lookup_paths_mkdir_generator(&m->lookup_paths);
3261 if (r < 0)
3262 goto finish;
3263
3264 argv[0] = NULL; /* Leave this empty, execute_directory() will fill something in */
3265 argv[1] = m->lookup_paths.generator;
3266 argv[2] = m->lookup_paths.generator_early;
3267 argv[3] = m->lookup_paths.generator_late;
3268 argv[4] = NULL;
3269
3270 RUN_WITH_UMASK(0022)
3271 execute_directories((const char* const*) paths, DEFAULT_TIMEOUT_USEC,
3272 NULL, NULL, (char**) argv);
3273
3274 finish:
3275 lookup_paths_trim_generator(&m->lookup_paths);
3276 return r;
3277 }
3278
3279 int manager_environment_add(Manager *m, char **minus, char **plus) {
3280 char **a = NULL, **b = NULL, **l;
3281 assert(m);
3282
3283 l = m->environment;
3284
3285 if (!strv_isempty(minus)) {
3286 a = strv_env_delete(l, 1, minus);
3287 if (!a)
3288 return -ENOMEM;
3289
3290 l = a;
3291 }
3292
3293 if (!strv_isempty(plus)) {
3294 b = strv_env_merge(2, l, plus);
3295 if (!b) {
3296 strv_free(a);
3297 return -ENOMEM;
3298 }
3299
3300 l = b;
3301 }
3302
3303 if (m->environment != l)
3304 strv_free(m->environment);
3305 if (a != l)
3306 strv_free(a);
3307 if (b != l)
3308 strv_free(b);
3309
3310 m->environment = l;
3311 manager_clean_environment(m);
3312 strv_sort(m->environment);
3313
3314 return 0;
3315 }
3316
3317 int manager_set_default_rlimits(Manager *m, struct rlimit **default_rlimit) {
3318 int i;
3319
3320 assert(m);
3321
3322 for (i = 0; i < _RLIMIT_MAX; i++) {
3323 m->rlimit[i] = mfree(m->rlimit[i]);
3324
3325 if (!default_rlimit[i])
3326 continue;
3327
3328 m->rlimit[i] = newdup(struct rlimit, default_rlimit[i], 1);
3329 if (!m->rlimit[i])
3330 return log_oom();
3331 }
3332
3333 return 0;
3334 }
3335
3336 void manager_recheck_journal(Manager *m) {
3337 Unit *u;
3338
3339 assert(m);
3340
3341 if (!MANAGER_IS_SYSTEM(m))
3342 return;
3343
3344 u = manager_get_unit(m, SPECIAL_JOURNALD_SOCKET);
3345 if (u && SOCKET(u)->state != SOCKET_RUNNING) {
3346 log_close_journal();
3347 return;
3348 }
3349
3350 u = manager_get_unit(m, SPECIAL_JOURNALD_SERVICE);
3351 if (u && SERVICE(u)->state != SERVICE_RUNNING) {
3352 log_close_journal();
3353 return;
3354 }
3355
3356 /* Hmm, OK, so the socket is fully up and the service is up
3357 * too, then let's make use of the thing. */
3358 log_open();
3359 }
3360
3361 void manager_set_show_status(Manager *m, ShowStatus mode) {
3362 assert(m);
3363 assert(IN_SET(mode, SHOW_STATUS_AUTO, SHOW_STATUS_NO, SHOW_STATUS_YES, SHOW_STATUS_TEMPORARY));
3364
3365 if (!MANAGER_IS_SYSTEM(m))
3366 return;
3367
3368 if (m->show_status != mode)
3369 log_debug("%s showing of status.",
3370 mode == SHOW_STATUS_NO ? "Disabling" : "Enabling");
3371 m->show_status = mode;
3372
3373 if (mode > 0)
3374 (void) touch("/run/systemd/show-status");
3375 else
3376 (void) unlink("/run/systemd/show-status");
3377 }
3378
3379 static bool manager_get_show_status(Manager *m, StatusType type) {
3380 assert(m);
3381
3382 if (!MANAGER_IS_SYSTEM(m))
3383 return false;
3384
3385 if (m->no_console_output)
3386 return false;
3387
3388 if (!IN_SET(manager_state(m), MANAGER_INITIALIZING, MANAGER_STARTING, MANAGER_STOPPING))
3389 return false;
3390
3391 /* If we cannot find out the status properly, just proceed. */
3392 if (type != STATUS_TYPE_EMERGENCY && manager_check_ask_password(m) > 0)
3393 return false;
3394
3395 if (m->show_status > 0)
3396 return true;
3397
3398 return false;
3399 }
3400
3401 const char *manager_get_confirm_spawn(Manager *m) {
3402 static int last_errno = 0;
3403 const char *vc = m->confirm_spawn;
3404 struct stat st;
3405 int r;
3406
3407 /* Here's the deal: we want to test the validity of the console but don't want
3408 * PID1 to go through the whole console process which might block. But we also
3409 * want to warn the user only once if something is wrong with the console so we
3410 * cannot do the sanity checks after spawning our children. So here we simply do
3411 * really basic tests to hopefully trap common errors.
3412 *
3413 * If the console suddenly disappear at the time our children will really it
3414 * then they will simply fail to acquire it and a positive answer will be
3415 * assumed. New children will fallback to /dev/console though.
3416 *
3417 * Note: TTYs are devices that can come and go any time, and frequently aren't
3418 * available yet during early boot (consider a USB rs232 dongle...). If for any
3419 * reason the configured console is not ready, we fallback to the default
3420 * console. */
3421
3422 if (!vc || path_equal(vc, "/dev/console"))
3423 return vc;
3424
3425 r = stat(vc, &st);
3426 if (r < 0)
3427 goto fail;
3428
3429 if (!S_ISCHR(st.st_mode)) {
3430 errno = ENOTTY;
3431 goto fail;
3432 }
3433
3434 last_errno = 0;
3435 return vc;
3436 fail:
3437 if (last_errno != errno) {
3438 last_errno = errno;
3439 log_warning_errno(errno, "Failed to open %s: %m, using default console", vc);
3440 }
3441 return "/dev/console";
3442 }
3443
3444 void manager_set_first_boot(Manager *m, bool b) {
3445 assert(m);
3446
3447 if (!MANAGER_IS_SYSTEM(m))
3448 return;
3449
3450 if (m->first_boot != (int) b) {
3451 if (b)
3452 (void) touch("/run/systemd/first-boot");
3453 else
3454 (void) unlink("/run/systemd/first-boot");
3455 }
3456
3457 m->first_boot = b;
3458 }
3459
3460 void manager_disable_confirm_spawn(void) {
3461 (void) touch("/run/systemd/confirm_spawn_disabled");
3462 }
3463
3464 bool manager_is_confirm_spawn_disabled(Manager *m) {
3465 if (!m->confirm_spawn)
3466 return true;
3467
3468 return access("/run/systemd/confirm_spawn_disabled", F_OK) >= 0;
3469 }
3470
3471 void manager_status_printf(Manager *m, StatusType type, const char *status, const char *format, ...) {
3472 va_list ap;
3473
3474 /* If m is NULL, assume we're after shutdown and let the messages through. */
3475
3476 if (m && !manager_get_show_status(m, type))
3477 return;
3478
3479 /* XXX We should totally drop the check for ephemeral here
3480 * and thus effectively make 'Type=idle' pointless. */
3481 if (type == STATUS_TYPE_EPHEMERAL && m && m->n_on_console > 0)
3482 return;
3483
3484 va_start(ap, format);
3485 status_vprintf(status, true, type == STATUS_TYPE_EPHEMERAL, format, ap);
3486 va_end(ap);
3487 }
3488
3489 Set *manager_get_units_requiring_mounts_for(Manager *m, const char *path) {
3490 char p[strlen(path)+1];
3491
3492 assert(m);
3493 assert(path);
3494
3495 strcpy(p, path);
3496 path_kill_slashes(p);
3497
3498 return hashmap_get(m->units_requiring_mounts_for, streq(p, "/") ? "" : p);
3499 }
3500
3501 void manager_set_exec_params(Manager *m, ExecParameters *p) {
3502 assert(m);
3503 assert(p);
3504
3505 p->environment = m->environment;
3506 p->confirm_spawn = manager_get_confirm_spawn(m);
3507 p->cgroup_supported = m->cgroup_supported;
3508 p->prefix = m->prefix;
3509
3510 SET_FLAG(p->flags, EXEC_PASS_LOG_UNIT|EXEC_CHOWN_DIRECTORIES, MANAGER_IS_SYSTEM(m));
3511 }
3512
3513 int manager_update_failed_units(Manager *m, Unit *u, bool failed) {
3514 unsigned size;
3515 int r;
3516
3517 assert(m);
3518 assert(u->manager == m);
3519
3520 size = set_size(m->failed_units);
3521
3522 if (failed) {
3523 r = set_ensure_allocated(&m->failed_units, NULL);
3524 if (r < 0)
3525 return log_oom();
3526
3527 if (set_put(m->failed_units, u) < 0)
3528 return log_oom();
3529 } else
3530 (void) set_remove(m->failed_units, u);
3531
3532 if (set_size(m->failed_units) != size)
3533 bus_manager_send_change_signal(m);
3534
3535 return 0;
3536 }
3537
3538 ManagerState manager_state(Manager *m) {
3539 Unit *u;
3540
3541 assert(m);
3542
3543 /* Did we ever finish booting? If not then we are still starting up */
3544 if (!MANAGER_IS_FINISHED(m)) {
3545
3546 u = manager_get_unit(m, SPECIAL_BASIC_TARGET);
3547 if (!u || !UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(u)))
3548 return MANAGER_INITIALIZING;
3549
3550 return MANAGER_STARTING;
3551 }
3552
3553 /* Is the special shutdown target active or queued? If so, we are in shutdown state */
3554 u = manager_get_unit(m, SPECIAL_SHUTDOWN_TARGET);
3555 if (u && unit_active_or_pending(u))
3556 return MANAGER_STOPPING;
3557
3558 if (MANAGER_IS_SYSTEM(m)) {
3559 /* Are the rescue or emergency targets active or queued? If so we are in maintenance state */
3560 u = manager_get_unit(m, SPECIAL_RESCUE_TARGET);
3561 if (u && unit_active_or_pending(u))
3562 return MANAGER_MAINTENANCE;
3563
3564 u = manager_get_unit(m, SPECIAL_EMERGENCY_TARGET);
3565 if (u && unit_active_or_pending(u))
3566 return MANAGER_MAINTENANCE;
3567 }
3568
3569 /* Are there any failed units? If so, we are in degraded mode */
3570 if (set_size(m->failed_units) > 0)
3571 return MANAGER_DEGRADED;
3572
3573 return MANAGER_RUNNING;
3574 }
3575
3576 #define DESTROY_IPC_FLAG (UINT32_C(1) << 31)
3577
3578 static void manager_unref_uid_internal(
3579 Manager *m,
3580 Hashmap **uid_refs,
3581 uid_t uid,
3582 bool destroy_now,
3583 int (*_clean_ipc)(uid_t uid)) {
3584
3585 uint32_t c, n;
3586
3587 assert(m);
3588 assert(uid_refs);
3589 assert(uid_is_valid(uid));
3590 assert(_clean_ipc);
3591
3592 /* A generic implementation, covering both manager_unref_uid() and manager_unref_gid(), under the assumption
3593 * that uid_t and gid_t are actually defined the same way, with the same validity rules.
3594 *
3595 * We store a hashmap where the UID/GID is they key and the value is a 32bit reference counter, whose highest
3596 * bit is used as flag for marking UIDs/GIDs whose IPC objects to remove when the last reference to the UID/GID
3597 * is dropped. The flag is set to on, once at least one reference from a unit where RemoveIPC= is set is added
3598 * on a UID/GID. It is reset when the UID's/GID's reference counter drops to 0 again. */
3599
3600 assert_cc(sizeof(uid_t) == sizeof(gid_t));
3601 assert_cc(UID_INVALID == (uid_t) GID_INVALID);
3602
3603 if (uid == 0) /* We don't keep track of root, and will never destroy it */
3604 return;
3605
3606 c = PTR_TO_UINT32(hashmap_get(*uid_refs, UID_TO_PTR(uid)));
3607
3608 n = c & ~DESTROY_IPC_FLAG;
3609 assert(n > 0);
3610 n--;
3611
3612 if (destroy_now && n == 0) {
3613 hashmap_remove(*uid_refs, UID_TO_PTR(uid));
3614
3615 if (c & DESTROY_IPC_FLAG) {
3616 log_debug("%s " UID_FMT " is no longer referenced, cleaning up its IPC.",
3617 _clean_ipc == clean_ipc_by_uid ? "UID" : "GID",
3618 uid);
3619 (void) _clean_ipc(uid);
3620 }
3621 } else {
3622 c = n | (c & DESTROY_IPC_FLAG);
3623 assert_se(hashmap_update(*uid_refs, UID_TO_PTR(uid), UINT32_TO_PTR(c)) >= 0);
3624 }
3625 }
3626
3627 void manager_unref_uid(Manager *m, uid_t uid, bool destroy_now) {
3628 manager_unref_uid_internal(m, &m->uid_refs, uid, destroy_now, clean_ipc_by_uid);
3629 }
3630
3631 void manager_unref_gid(Manager *m, gid_t gid, bool destroy_now) {
3632 manager_unref_uid_internal(m, &m->gid_refs, (uid_t) gid, destroy_now, clean_ipc_by_gid);
3633 }
3634
3635 static int manager_ref_uid_internal(
3636 Manager *m,
3637 Hashmap **uid_refs,
3638 uid_t uid,
3639 bool clean_ipc) {
3640
3641 uint32_t c, n;
3642 int r;
3643
3644 assert(m);
3645 assert(uid_refs);
3646 assert(uid_is_valid(uid));
3647
3648 /* A generic implementation, covering both manager_ref_uid() and manager_ref_gid(), under the assumption
3649 * that uid_t and gid_t are actually defined the same way, with the same validity rules. */
3650
3651 assert_cc(sizeof(uid_t) == sizeof(gid_t));
3652 assert_cc(UID_INVALID == (uid_t) GID_INVALID);
3653
3654 if (uid == 0) /* We don't keep track of root, and will never destroy it */
3655 return 0;
3656
3657 r = hashmap_ensure_allocated(uid_refs, &trivial_hash_ops);
3658 if (r < 0)
3659 return r;
3660
3661 c = PTR_TO_UINT32(hashmap_get(*uid_refs, UID_TO_PTR(uid)));
3662
3663 n = c & ~DESTROY_IPC_FLAG;
3664 n++;
3665
3666 if (n & DESTROY_IPC_FLAG) /* check for overflow */
3667 return -EOVERFLOW;
3668
3669 c = n | (c & DESTROY_IPC_FLAG) | (clean_ipc ? DESTROY_IPC_FLAG : 0);
3670
3671 return hashmap_replace(*uid_refs, UID_TO_PTR(uid), UINT32_TO_PTR(c));
3672 }
3673
3674 int manager_ref_uid(Manager *m, uid_t uid, bool clean_ipc) {
3675 return manager_ref_uid_internal(m, &m->uid_refs, uid, clean_ipc);
3676 }
3677
3678 int manager_ref_gid(Manager *m, gid_t gid, bool clean_ipc) {
3679 return manager_ref_uid_internal(m, &m->gid_refs, (uid_t) gid, clean_ipc);
3680 }
3681
3682 static void manager_vacuum_uid_refs_internal(
3683 Manager *m,
3684 Hashmap **uid_refs,
3685 int (*_clean_ipc)(uid_t uid)) {
3686
3687 Iterator i;
3688 void *p, *k;
3689
3690 assert(m);
3691 assert(uid_refs);
3692 assert(_clean_ipc);
3693
3694 HASHMAP_FOREACH_KEY(p, k, *uid_refs, i) {
3695 uint32_t c, n;
3696 uid_t uid;
3697
3698 uid = PTR_TO_UID(k);
3699 c = PTR_TO_UINT32(p);
3700
3701 n = c & ~DESTROY_IPC_FLAG;
3702 if (n > 0)
3703 continue;
3704
3705 if (c & DESTROY_IPC_FLAG) {
3706 log_debug("Found unreferenced %s " UID_FMT " after reload/reexec. Cleaning up.",
3707 _clean_ipc == clean_ipc_by_uid ? "UID" : "GID",
3708 uid);
3709 (void) _clean_ipc(uid);
3710 }
3711
3712 assert_se(hashmap_remove(*uid_refs, k) == p);
3713 }
3714 }
3715
3716 void manager_vacuum_uid_refs(Manager *m) {
3717 manager_vacuum_uid_refs_internal(m, &m->uid_refs, clean_ipc_by_uid);
3718 }
3719
3720 void manager_vacuum_gid_refs(Manager *m) {
3721 manager_vacuum_uid_refs_internal(m, &m->gid_refs, clean_ipc_by_gid);
3722 }
3723
3724 static void manager_serialize_uid_refs_internal(
3725 Manager *m,
3726 FILE *f,
3727 Hashmap **uid_refs,
3728 const char *field_name) {
3729
3730 Iterator i;
3731 void *p, *k;
3732
3733 assert(m);
3734 assert(f);
3735 assert(uid_refs);
3736 assert(field_name);
3737
3738 /* Serialize the UID reference table. Or actually, just the IPC destruction flag of it, as the actual counter
3739 * of it is better rebuild after a reload/reexec. */
3740
3741 HASHMAP_FOREACH_KEY(p, k, *uid_refs, i) {
3742 uint32_t c;
3743 uid_t uid;
3744
3745 uid = PTR_TO_UID(k);
3746 c = PTR_TO_UINT32(p);
3747
3748 if (!(c & DESTROY_IPC_FLAG))
3749 continue;
3750
3751 fprintf(f, "%s=" UID_FMT "\n", field_name, uid);
3752 }
3753 }
3754
3755 void manager_serialize_uid_refs(Manager *m, FILE *f) {
3756 manager_serialize_uid_refs_internal(m, f, &m->uid_refs, "destroy-ipc-uid");
3757 }
3758
3759 void manager_serialize_gid_refs(Manager *m, FILE *f) {
3760 manager_serialize_uid_refs_internal(m, f, &m->gid_refs, "destroy-ipc-gid");
3761 }
3762
3763 static void manager_deserialize_uid_refs_one_internal(
3764 Manager *m,
3765 Hashmap** uid_refs,
3766 const char *value) {
3767
3768 uid_t uid;
3769 uint32_t c;
3770 int r;
3771
3772 assert(m);
3773 assert(uid_refs);
3774 assert(value);
3775
3776 r = parse_uid(value, &uid);
3777 if (r < 0 || uid == 0) {
3778 log_debug("Unable to parse UID reference serialization");
3779 return;
3780 }
3781
3782 r = hashmap_ensure_allocated(uid_refs, &trivial_hash_ops);
3783 if (r < 0) {
3784 log_oom();
3785 return;
3786 }
3787
3788 c = PTR_TO_UINT32(hashmap_get(*uid_refs, UID_TO_PTR(uid)));
3789 if (c & DESTROY_IPC_FLAG)
3790 return;
3791
3792 c |= DESTROY_IPC_FLAG;
3793
3794 r = hashmap_replace(*uid_refs, UID_TO_PTR(uid), UINT32_TO_PTR(c));
3795 if (r < 0) {
3796 log_debug("Failed to add UID reference entry");
3797 return;
3798 }
3799 }
3800
3801 void manager_deserialize_uid_refs_one(Manager *m, const char *value) {
3802 manager_deserialize_uid_refs_one_internal(m, &m->uid_refs, value);
3803 }
3804
3805 void manager_deserialize_gid_refs_one(Manager *m, const char *value) {
3806 manager_deserialize_uid_refs_one_internal(m, &m->gid_refs, value);
3807 }
3808
3809 int manager_dispatch_user_lookup_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
3810 struct buffer {
3811 uid_t uid;
3812 gid_t gid;
3813 char unit_name[UNIT_NAME_MAX+1];
3814 } _packed_ buffer;
3815
3816 Manager *m = userdata;
3817 ssize_t l;
3818 size_t n;
3819 Unit *u;
3820
3821 assert_se(source);
3822 assert_se(m);
3823
3824 /* Invoked whenever a child process succeeded resolving its user/group to use and sent us the resulting UID/GID
3825 * in a datagram. We parse the datagram here and pass it off to the unit, so that it can add a reference to the
3826 * UID/GID so that it can destroy the UID/GID's IPC objects when the reference counter drops to 0. */
3827
3828 l = recv(fd, &buffer, sizeof(buffer), MSG_DONTWAIT);
3829 if (l < 0) {
3830 if (IN_SET(errno, EINTR, EAGAIN))
3831 return 0;
3832
3833 return log_error_errno(errno, "Failed to read from user lookup fd: %m");
3834 }
3835
3836 if ((size_t) l <= offsetof(struct buffer, unit_name)) {
3837 log_warning("Received too short user lookup message, ignoring.");
3838 return 0;
3839 }
3840
3841 if ((size_t) l > offsetof(struct buffer, unit_name) + UNIT_NAME_MAX) {
3842 log_warning("Received too long user lookup message, ignoring.");
3843 return 0;
3844 }
3845
3846 if (!uid_is_valid(buffer.uid) && !gid_is_valid(buffer.gid)) {
3847 log_warning("Got user lookup message with invalid UID/GID pair, ignoring.");
3848 return 0;
3849 }
3850
3851 n = (size_t) l - offsetof(struct buffer, unit_name);
3852 if (memchr(buffer.unit_name, 0, n)) {
3853 log_warning("Received lookup message with embedded NUL character, ignoring.");
3854 return 0;
3855 }
3856
3857 buffer.unit_name[n] = 0;
3858 u = manager_get_unit(m, buffer.unit_name);
3859 if (!u) {
3860 log_debug("Got user lookup message but unit doesn't exist, ignoring.");
3861 return 0;
3862 }
3863
3864 log_unit_debug(u, "User lookup succeeded: uid=" UID_FMT " gid=" GID_FMT, buffer.uid, buffer.gid);
3865
3866 unit_notify_user_lookup(u, buffer.uid, buffer.gid);
3867 return 0;
3868 }
3869
3870 char *manager_taint_string(Manager *m) {
3871 _cleanup_free_ char *destination = NULL, *overflowuid = NULL, *overflowgid = NULL;
3872 char *buf, *e;
3873 int r;
3874
3875 /* Returns a "taint string", e.g. "local-hwclock:var-run-bad".
3876 * Only things that are detected at runtime should be tagged
3877 * here. For stuff that is set during compilation, emit a warning
3878 * in the configuration phase. */
3879
3880 assert(m);
3881
3882 buf = new(char, sizeof("split-usr:"
3883 "cgroups-missing:"
3884 "local-hwclock:"
3885 "var-run-bad:"
3886 "overflowuid-not-65534:"
3887 "overflowgid-not-65534:"));
3888 if (!buf)
3889 return NULL;
3890
3891 e = buf;
3892 buf[0] = 0;
3893
3894 if (m->taint_usr)
3895 e = stpcpy(e, "split-usr:");
3896
3897 if (access("/proc/cgroups", F_OK) < 0)
3898 e = stpcpy(e, "cgroups-missing:");
3899
3900 if (clock_is_localtime(NULL) > 0)
3901 e = stpcpy(e, "local-hwclock:");
3902
3903 r = readlink_malloc("/var/run", &destination);
3904 if (r < 0 || !PATH_IN_SET(destination, "../run", "/run"))
3905 e = stpcpy(e, "var-run-bad:");
3906
3907 r = read_one_line_file("/proc/sys/kernel/overflowuid", &overflowuid);
3908 if (r >= 0 && !streq(overflowuid, "65534"))
3909 e = stpcpy(e, "overflowuid-not-65534:");
3910
3911 r = read_one_line_file("/proc/sys/kernel/overflowgid", &overflowgid);
3912 if (r >= 0 && !streq(overflowgid, "65534"))
3913 e = stpcpy(e, "overflowgid-not-65534:");
3914
3915 /* remove the last ':' */
3916 if (e != buf)
3917 e[-1] = 0;
3918
3919 return buf;
3920 }
3921
3922 static const char *const manager_state_table[_MANAGER_STATE_MAX] = {
3923 [MANAGER_INITIALIZING] = "initializing",
3924 [MANAGER_STARTING] = "starting",
3925 [MANAGER_RUNNING] = "running",
3926 [MANAGER_DEGRADED] = "degraded",
3927 [MANAGER_MAINTENANCE] = "maintenance",
3928 [MANAGER_STOPPING] = "stopping",
3929 };
3930
3931 DEFINE_STRING_TABLE_LOOKUP(manager_state, ManagerState);
3932
3933 static const char *const manager_timestamp_table[_MANAGER_TIMESTAMP_MAX] = {
3934 [MANAGER_TIMESTAMP_FIRMWARE] = "firmware",
3935 [MANAGER_TIMESTAMP_LOADER] = "loader",
3936 [MANAGER_TIMESTAMP_KERNEL] = "kernel",
3937 [MANAGER_TIMESTAMP_INITRD] = "initrd",
3938 [MANAGER_TIMESTAMP_USERSPACE] = "userspace",
3939 [MANAGER_TIMESTAMP_FINISH] = "finish",
3940 [MANAGER_TIMESTAMP_SECURITY_START] = "security-start",
3941 [MANAGER_TIMESTAMP_SECURITY_FINISH] = "security-finish",
3942 [MANAGER_TIMESTAMP_GENERATORS_START] = "generators-start",
3943 [MANAGER_TIMESTAMP_GENERATORS_FINISH] = "generators-finish",
3944 [MANAGER_TIMESTAMP_UNITS_LOAD_START] = "units-load-start",
3945 [MANAGER_TIMESTAMP_UNITS_LOAD_FINISH] = "units-load-finish",
3946 };
3947
3948 DEFINE_STRING_TABLE_LOOKUP(manager_timestamp, ManagerTimestamp);
Unnamed repository; edit this file 'description' to name the repository.