resolved: support socket activation via varlink sockets

Add two new socket units, one for each of systemd-resolved's varlink
servers:

 systemd-resolved-varlink.socket
 systemd-resolved-monitor.socket

Add logic to grab socket fds via sd_varlink_server_listen_name(), but
fallback to the existing sd_varlink_server_listen_address() calls if no
fds were given.

This will be used to make systemd-networkd-wait-online --dns more robust
against systemd-resolved restarts etc.

diff --git a/src/resolve/resolved-varlink.c b/src/resolve/resolved-varlink.c
index dd4c137c75cb2d87a7b606900ece7246801ef46b..1a50f64a85bb1312686d953e8c89b2bde2cdb3b4 100644 (file)
--- a/src/resolve/resolved-varlink.c
+++ b/src/resolve/resolved-varlink.c
@@ -1423,9 +1423,14 @@ static int varlink_monitor_server_init(Manager *m) {
         if (r < 0)
                 return log_error_errno(r, "Failed to register varlink disconnect handler: %m");
 
-        r = sd_varlink_server_listen_address(server, "/run/systemd/resolve/io.systemd.Resolve.Monitor", 0666);
+        r = sd_varlink_server_listen_name(server, "varlink-monitor");
         if (r < 0)
-                return log_error_errno(r, "Failed to bind to varlink socket: %m");
+                return log_error_errno(r, "Failed to get varlink listen fd: %m");
+        if (r == 0) {
+                r = sd_varlink_server_listen_address(server, "/run/systemd/resolve/io.systemd.Resolve.Monitor", 0666);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to bind to varlink socket: %m");
+        }
 
         r = sd_varlink_server_attach_event(server, m->event, SD_EVENT_PRIORITY_NORMAL);
         if (r < 0)
@@ -1472,9 +1477,14 @@ static int varlink_main_server_init(Manager *m) {
         if (r < 0)
                 return log_error_errno(r, "Failed to register varlink disconnect handler: %m");
 
-        r = sd_varlink_server_listen_address(s, "/run/systemd/resolve/io.systemd.Resolve", 0666);
+        r = sd_varlink_server_listen_auto(s);
         if (r < 0)
-                return log_error_errno(r, "Failed to bind to varlink socket: %m");
+                return log_error_errno(r, "Failed to get varlink listen fd: %m");
+        if (r == 0) {
+                r = sd_varlink_server_listen_address(s, "/run/systemd/resolve/io.systemd.Resolve", 0666);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to bind to varlink socket: %m");
+        }
 
         r = sd_varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL);
         if (r < 0)

diff --git a/units/meson.build b/units/meson.build
index cacb1524d690cc0dd26fc573d55d0d97cdeb2db6..3dd135942d37ce2108f6b78a3715192cc3e8b0b5 100644 (file)
--- a/units/meson.build
+++ b/units/meson.build
@@ -662,6 +662,14 @@ units = [
           'file' : 'systemd-resolved.service.in',
           'conditions' : ['ENABLE_RESOLVE'],
         },
+        {
+          'file' : 'systemd-resolved-varlink.socket',
+          'conditions' : ['ENABLE_RESOLVE'],
+        },
+        {
+          'file' : 'systemd-resolved-monitor.socket',
+          'conditions' : ['ENABLE_RESOLVE'],
+        },
         {
           'file' : 'systemd-rfkill.service.in',
           'conditions' : ['ENABLE_RFKILL'],

diff --git a/units/systemd-resolved-monitor.socket b/units/systemd-resolved-monitor.socket
new file mode 100644 (file)
index 0000000..a778e60
--- /dev/null
+++ b/units/systemd-resolved-monitor.socket
@@ -0,0 +1,24 @@
+#  SPDX-License-Identifier: LGPL-2.1-or-later
+#
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+[Unit]
+Description=Resolve Monitor Varlink Socket
+Documentation=man:systemd-resolved.service(8)
+DefaultDependencies=no
+Before=sockets.target shutdown.target
+Conflicts=shutdown.target
+
+[Socket]
+Service=systemd-resolved.service
+ListenStream=/run/systemd/resolve/io.systemd.Resolve.Monitor
+FileDescriptorName=varlink-monitor
+SocketMode=0666
+
+[Install]
+WantedBy=sockets.target

diff --git a/units/systemd-resolved-varlink.socket b/units/systemd-resolved-varlink.socket
new file mode 100644 (file)
index 0000000..7ac83e5
--- /dev/null
+++ b/units/systemd-resolved-varlink.socket
@@ -0,0 +1,24 @@
+#  SPDX-License-Identifier: LGPL-2.1-or-later
+#
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+[Unit]
+Description=Resolve Service Varlink Socket
+Documentation=man:systemd-resolved.service(8)
+DefaultDependencies=no
+Before=sockets.target shutdown.target
+Conflicts=shutdown.target
+
+[Socket]
+Service=systemd-resolved.service
+ListenStream=/run/systemd/resolve/io.systemd.Resolve
+FileDescriptorName=varlink
+SocketMode=0666
+
+[Install]
+WantedBy=sockets.target

diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in
index f18fbd89e80731b8c80871f902be04524d51e946..a9224f09dae433f378f8f4a468cc95b8b49ca171 100644 (file)
--- a/units/systemd-resolved.service.in
+++ b/units/systemd-resolved.service.in
@@ -15,10 +15,10 @@ Documentation=https://systemd.io/WRITING_NETWORK_CONFIGURATION_MANAGERS
 Documentation=https://systemd.io/WRITING_RESOLVER_CLIENTS
 
 DefaultDependencies=no
-After=systemd-sysctl.service systemd-sysusers.service
+After=systemd-sysctl.service systemd-sysusers.service systemd-resolved-varlink.socket systemd-resolved-monitor.socket
 Before=sysinit.target network.target nss-lookup.target shutdown.target initrd-switch-root.target
 Conflicts=shutdown.target initrd-switch-root.target
-Wants=nss-lookup.target
+Wants=nss-lookup.target systemd-resolved-varlink.socket systemd-resolved-monitor.socket
 
 [Service]
 AmbientCapabilities=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE
@@ -57,3 +57,4 @@ ImportCredential=network.search_domains
 [Install]
 WantedBy=sysinit.target
 Alias=dbus-org.freedesktop.resolve1.service
+Also=systemd-resolved-varlink.socket systemd-resolved-monitor.socket