From dffde7708a3f731766f529f9b210f094bd494c78 Mon Sep 17 00:00:00 2001 From: Ivan Kruglov Date: Mon, 2 Jun 2025 14:12:44 +0200 Subject: [PATCH] core: adding CGroup context for io.systemd.Unit.List --- src/core/meson.build | 1 + src/core/varlink-cgroup.c | 353 +++++++++++++++++++++++++++ src/core/varlink-cgroup.h | 6 + src/core/varlink-unit.c | 7 +- src/shared/varlink-io.systemd.Unit.c | 246 ++++++++++++++++++- 5 files changed, 610 insertions(+), 3 deletions(-) create mode 100644 src/core/varlink-cgroup.c create mode 100644 src/core/varlink-cgroup.h diff --git a/src/core/meson.build b/src/core/meson.build index 732c4ec43b0..89376426df4 100644 --- a/src/core/meson.build +++ b/src/core/meson.build @@ -63,6 +63,7 @@ libcore_sources = files( 'unit-serialize.c', 'unit.c', 'varlink.c', + 'varlink-cgroup.c', 'varlink-common.c', 'varlink-manager.c', 'varlink-unit.c', diff --git a/src/core/varlink-cgroup.c b/src/core/varlink-cgroup.c new file mode 100644 index 00000000000..5d9ed103147 --- /dev/null +++ b/src/core/varlink-cgroup.c @@ -0,0 +1,353 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ + +#include "sd-json.h" + +#include "bpf-program.h" +#include "cgroup.h" +#include "cpu-set-util.h" +#include "json-util.h" +#include "in-addr-prefix-util.h" +#include "ip-protocol-list.h" +#include "set.h" +#include "unit.h" +#include "varlink-cgroup.h" + +#define JSON_BUILD_PAIR_CONDITION_UNSIGNED(condition, name, value) \ + SD_JSON_BUILD_PAIR_CONDITION(condition, name, SD_JSON_BUILD_UNSIGNED(value)) + +static int cpu_set_build_json(sd_json_variant **ret, const char *name, void *userdata) { + _cleanup_free_ uint8_t *array = NULL; + CPUSet *cpuset = ASSERT_PTR(userdata); + size_t allocated; + int r; + + assert(ret); + assert(name); + + if (!cpuset->set) + goto empty; + + r = cpu_set_to_dbus(cpuset, &array, &allocated); + if (r < 0) + return log_debug_errno(r, "Failed to call cpu_set_to_dbus(): %m"); + + if (allocated == 0) + goto empty; + + return sd_json_variant_new_array_bytes(ret, array, allocated); + +empty: + *ret = NULL; + return 0; +} + +static int tasks_max_build_json(sd_json_variant **ret, const char *name, void *userdata) { + CGroupTasksMax *tasks_max = ASSERT_PTR(userdata); + + assert(ret); + assert(name); + + if (!cgroup_tasks_max_isset(tasks_max)) { + *ret = NULL; + return 0; + } + + return sd_json_buildo( + ret, + SD_JSON_BUILD_PAIR_UNSIGNED("value", tasks_max->value), + SD_JSON_BUILD_PAIR_UNSIGNED("scale", tasks_max->scale)); +} + +static int io_device_weights_build_json(sd_json_variant **ret, const char *name, void *userdata) { + _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL; + CGroupIODeviceWeight *weights = userdata; + int r; + + assert(ret); + assert(name); + + LIST_FOREACH(device_weights, w, weights) { + r = sd_json_variant_append_arraybo( + &v, + SD_JSON_BUILD_PAIR_STRING("path", w->path), + SD_JSON_BUILD_PAIR_UNSIGNED("weight", w->weight)); + if (r < 0) + return r; + } + + *ret = TAKE_PTR(v); + return 0; +} + +static int io_device_limits_build_json(sd_json_variant **ret, const char *name, void *userdata) { + _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL; + CGroupIODeviceLimit *limits = userdata; + int r; + + assert(ret); + assert(name); + + CGroupIOLimitType type = cgroup_io_limit_type_from_string(name); + assert(type >= 0); + + LIST_FOREACH(device_limits, l, limits) { + if (l->limits[type] == cgroup_io_limit_defaults[type]) + continue; + + r = sd_json_variant_append_arraybo( + &v, + SD_JSON_BUILD_PAIR_STRING("path", l->path), + SD_JSON_BUILD_PAIR_UNSIGNED("limit", l->limits[type])); + if (r < 0) + return r; + } + + *ret = TAKE_PTR(v); + return 0; +} + +static int io_device_latencies_build_json(sd_json_variant **ret, const char *name, void *userdata) { + _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL; + CGroupIODeviceLatency *latencies = userdata; + int r; + + assert(ret); + assert(name); + + LIST_FOREACH(device_latencies, l, latencies) { + r = sd_json_variant_append_arraybo( + &v, + SD_JSON_BUILD_PAIR_STRING("path", l->path), + JSON_BUILD_PAIR_FINITE_USEC("targetUSec", l->target_usec)); + if (r < 0) + return r; + } + + *ret = TAKE_PTR(v); + return 0; +} + +static int ip_address_access_build_json(sd_json_variant **ret, const char *name, void *userdata) { + _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL; + Set *prefixes = userdata; + int r; + + assert(ret); + assert(name); + + struct in_addr_prefix *i; + SET_FOREACH(i, prefixes) { + r = sd_json_variant_append_arraybo( + &v, + SD_JSON_BUILD_PAIR_INTEGER("family", i->family), + JSON_BUILD_PAIR_IN_ADDR("address", &i->address, i->family), + SD_JSON_BUILD_PAIR_UNSIGNED("prefixLength", i->prefixlen)); + if (r < 0) + return r; + } + + *ret = TAKE_PTR(v); + return 0; +} + +static int socket_bind_build_json(sd_json_variant **ret, const char *name, void *userdata) { + _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL; + CGroupSocketBindItem *items = userdata; + int r; + + assert(ret); + assert(name); + + LIST_FOREACH(socket_bind_items, i, items) { + r = sd_json_variant_append_arraybo( + &v, + SD_JSON_BUILD_PAIR_INTEGER("family", i->address_family), + SD_JSON_BUILD_PAIR_STRING("protocol", ip_protocol_to_name(i->ip_protocol)), + SD_JSON_BUILD_PAIR_UNSIGNED("numberOfPorts", i->nr_ports), + SD_JSON_BUILD_PAIR_UNSIGNED("minimumPort", i->port_min)); + if (r < 0) + return r; + } + + *ret = TAKE_PTR(v); + return 0; +} + +static int nft_set_build_json(sd_json_variant **ret, const char *name, void *userdata) { + _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL; + NFTSetContext *c = ASSERT_PTR(userdata); + int r; + + assert(ret); + assert(name); + + FOREACH_ARRAY(nft_set, c->sets, c->n_sets) { + r = sd_json_variant_append_arraybo( + &v, + SD_JSON_BUILD_PAIR_STRING("source", nft_set_source_to_string(nft_set->source)), + SD_JSON_BUILD_PAIR_STRING("protocol", nfproto_to_string(nft_set->nfproto)), + SD_JSON_BUILD_PAIR_STRING("table", nft_set->table), + SD_JSON_BUILD_PAIR_STRING("set", nft_set->set)); + if (r < 0) + return r; + } + + *ret = TAKE_PTR(v); + return 0; +} + +static int bpf_program_build_json(sd_json_variant **ret, const char *name, void *userdata) { + _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL; + CGroupBPFForeignProgram *programs = userdata; + int r; + + assert(ret); + assert(name); + + LIST_FOREACH(programs, p, programs) { + r = sd_json_variant_append_arraybo( + &v, + SD_JSON_BUILD_PAIR_STRING("attachType", bpf_cgroup_attach_type_to_string(p->attach_type)), + SD_JSON_BUILD_PAIR_STRING("path", p->bpffs_path)); + if (r < 0) + return r; + } + + *ret = TAKE_PTR(v); + return 0; +} + +static int device_allow_build_json(sd_json_variant **ret, const char *name, void *userdata) { + _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL; + CGroupDeviceAllow *allow = userdata; + int r; + + LIST_FOREACH(device_allow, a, allow) { + r = sd_json_variant_append_arraybo( + &v, + SD_JSON_BUILD_PAIR_STRING("path", a->path), + SD_JSON_BUILD_PAIR_STRING("permissions", cgroup_device_permissions_to_string(a->permissions))); + if (r < 0) + return r; + } + + *ret = TAKE_PTR(v); + return 0; +} + +static int controllers_build_json(sd_json_variant **ret, const char *name, void *userdata) { + _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL; + CGroupMask *mask = ASSERT_PTR(userdata); + int r; + + assert(ret); + assert(name); + + for (CGroupController ctrl = 0; ctrl < _CGROUP_CONTROLLER_MAX; ctrl++) { + if (!FLAGS_SET(*mask, CGROUP_CONTROLLER_TO_MASK(ctrl))) + continue; + + r = sd_json_variant_append_arrayb(&v, SD_JSON_BUILD_STRING(cgroup_controller_to_string(ctrl))); + if (r < 0) + return r; + } + + *ret = TAKE_PTR(v); + return 0; +} + +int unit_cgroup_context_build_json(sd_json_variant **ret, const char *name, void *userdata) { + assert(ret); + assert(name); + + CGroupContext *c = userdata; + if (!c) { + *ret = NULL; + return 0; + } + + return sd_json_buildo( + ret, + + /* CPU Control */ + JSON_BUILD_PAIR_UNSIGNED_NOT_EQUAL("CPUWeight", c->cpu_weight, CGROUP_WEIGHT_INVALID), + JSON_BUILD_PAIR_UNSIGNED_NOT_EQUAL("StartupCPUWeight", c->startup_cpu_weight, CGROUP_WEIGHT_INVALID), + JSON_BUILD_PAIR_FINITE_USEC("CPUQuotaPerSecUSec", c->cpu_quota_per_sec_usec), + JSON_BUILD_PAIR_FINITE_USEC("CPUQuotaPeriodUSec", c->cpu_quota_period_usec), + JSON_BUILD_PAIR_CALLBACK_NON_NULL("AllowedCPUs", cpu_set_build_json, &c->cpuset_cpus), + JSON_BUILD_PAIR_CALLBACK_NON_NULL("StartupAllowedCPUs", cpu_set_build_json, &c->startup_cpuset_cpus), + + /* Memory Accounting and Control */ + SD_JSON_BUILD_PAIR_BOOLEAN("MemoryAccounting", c->memory_accounting), + JSON_BUILD_PAIR_CONDITION_UNSIGNED(c->memory_min_set, "MemoryMin", c->memory_min), + JSON_BUILD_PAIR_CONDITION_UNSIGNED(c->default_memory_min_set, "DefaultMemoryMin", c->default_memory_min), + JSON_BUILD_PAIR_CONDITION_UNSIGNED(c->memory_low_set, "MemoryLow", c->memory_low), + JSON_BUILD_PAIR_CONDITION_UNSIGNED(c->default_memory_low_set, "DefaultMemoryLow", c->default_memory_low), + JSON_BUILD_PAIR_CONDITION_UNSIGNED(c->startup_memory_low_set, "StartupMemoryLow", c->startup_memory_low), + JSON_BUILD_PAIR_CONDITION_UNSIGNED(c->default_startup_memory_low_set, "DefaultStartupMemoryLow", c->default_startup_memory_low), + JSON_BUILD_PAIR_UNSIGNED_NOT_EQUAL("MemoryHigh", c->memory_high, CGROUP_LIMIT_MAX), + JSON_BUILD_PAIR_CONDITION_UNSIGNED(c->startup_memory_high_set, "StartupMemoryHigh", c->startup_memory_high), + JSON_BUILD_PAIR_UNSIGNED_NOT_EQUAL("MemoryMax", c->memory_max, CGROUP_LIMIT_MAX), + JSON_BUILD_PAIR_CONDITION_UNSIGNED(c->startup_memory_max_set, "StartupMemoryMax", c->startup_memory_max), + JSON_BUILD_PAIR_UNSIGNED_NOT_EQUAL("MemorySwapMax", c->memory_swap_max, CGROUP_LIMIT_MAX), + JSON_BUILD_PAIR_CONDITION_UNSIGNED(c->startup_memory_swap_max_set, "StartupMemorySwapMax", c->startup_memory_swap_max), + JSON_BUILD_PAIR_UNSIGNED_NOT_EQUAL("MemoryZSwapMax", c->memory_zswap_max, CGROUP_LIMIT_MAX), + JSON_BUILD_PAIR_CONDITION_UNSIGNED(c->startup_memory_zswap_max_set, "StartupMemoryZSwapMax", c->startup_memory_zswap_max), + SD_JSON_BUILD_PAIR_BOOLEAN("MemoryZSwapWriteback", c->memory_zswap_writeback), + JSON_BUILD_PAIR_CALLBACK_NON_NULL("AllowedMemoryNodes", cpu_set_build_json, &c->cpuset_mems), + JSON_BUILD_PAIR_CALLBACK_NON_NULL("StartupAllowedMemoryNodes", cpu_set_build_json, &c->startup_cpuset_mems), + + /* Process Accounting and Control */ + SD_JSON_BUILD_PAIR_BOOLEAN("TasksAccounting", c->tasks_accounting), + JSON_BUILD_PAIR_CALLBACK_NON_NULL("TasksMax", tasks_max_build_json, &c->tasks_max), + + /* IO Accounting and Control */ + SD_JSON_BUILD_PAIR_BOOLEAN("IOAccounting", c->io_accounting), + JSON_BUILD_PAIR_UNSIGNED_NOT_EQUAL("IOWeight", c->io_weight, CGROUP_WEIGHT_INVALID), + JSON_BUILD_PAIR_UNSIGNED_NOT_EQUAL("StartupIOWeight", c->startup_io_weight, CGROUP_WEIGHT_INVALID), + JSON_BUILD_PAIR_CALLBACK_NON_NULL("IODeviceWeight", io_device_weights_build_json, c->io_device_weights), + JSON_BUILD_PAIR_CALLBACK_NON_NULL("IOReadBandwidthMax", io_device_limits_build_json, c->io_device_limits), + JSON_BUILD_PAIR_CALLBACK_NON_NULL("IOWriteBandwidthMax", io_device_limits_build_json, c->io_device_limits), + JSON_BUILD_PAIR_CALLBACK_NON_NULL("IOReadIOPSMax", io_device_limits_build_json, c->io_device_limits), + JSON_BUILD_PAIR_CALLBACK_NON_NULL("IOWriteIOPSMax", io_device_limits_build_json, c->io_device_limits), + JSON_BUILD_PAIR_CALLBACK_NON_NULL("IODeviceLatencyTargetUSec", io_device_latencies_build_json, c->io_device_latencies), + + /* Network Accounting and Control */ + SD_JSON_BUILD_PAIR_BOOLEAN("IPAccounting", c->ip_accounting), + JSON_BUILD_PAIR_CALLBACK_NON_NULL("IPAddressAllow", ip_address_access_build_json, c->ip_address_allow), + JSON_BUILD_PAIR_CALLBACK_NON_NULL("IPAddressDeny", ip_address_access_build_json, c->ip_address_deny), + JSON_BUILD_PAIR_CALLBACK_NON_NULL("SocketBindAllow", socket_bind_build_json, c->socket_bind_allow), + JSON_BUILD_PAIR_CALLBACK_NON_NULL("SocketBindDeny", socket_bind_build_json, c->socket_bind_deny), + SD_JSON_BUILD_PAIR_CONDITION(!set_isempty(c->restrict_network_interfaces), "RestrictNetworkInterfaces", + SD_JSON_BUILD_OBJECT( + SD_JSON_BUILD_PAIR_BOOLEAN("isAllowList", c->restrict_network_interfaces_is_allow_list), + JSON_BUILD_PAIR_STRING_SET("interfaces", c->restrict_network_interfaces))), + JSON_BUILD_PAIR_CALLBACK_NON_NULL("NFTSet", nft_set_build_json, &c->nft_set_context), + + /* BPF programs */ + JSON_BUILD_PAIR_STRV_NON_EMPTY("IPIngressFilterPath", c->ip_filters_ingress), + JSON_BUILD_PAIR_STRV_NON_EMPTY("IPEgressFilterPath", c->ip_filters_egress), + JSON_BUILD_PAIR_CALLBACK_NON_NULL("BPFProgram", bpf_program_build_json, c->bpf_foreign_programs), + + /* Device Access */ + JSON_BUILD_PAIR_CALLBACK_NON_NULL("DeviceAllow", device_allow_build_json, c->device_allow), + SD_JSON_BUILD_PAIR_STRING("DevicePolicy", cgroup_device_policy_to_string(c->device_policy)), + + /* Control Group Management */ + SD_JSON_BUILD_PAIR_BOOLEAN("Delegate", c->delegate), + JSON_BUILD_PAIR_STRING_NON_EMPTY("DelegateSubgroup", c->delegate_subgroup), + JSON_BUILD_PAIR_CALLBACK_NON_NULL("DelegateControllers", controllers_build_json, &c->delegate_controllers), + JSON_BUILD_PAIR_CALLBACK_NON_NULL("DisableControllers", controllers_build_json, &c->disable_controllers), + + /* Memory Pressure Control */ + SD_JSON_BUILD_PAIR_STRING("ManagedOOMSwap", managed_oom_mode_to_string(c->moom_swap)), + SD_JSON_BUILD_PAIR_STRING("ManagedOOMMemoryPressure", managed_oom_mode_to_string(c->moom_mem_pressure)), + JSON_BUILD_PAIR_UNSIGNED_NON_ZERO("ManagedOOMMemoryPressureLimit", c->moom_mem_pressure_limit), + JSON_BUILD_PAIR_FINITE_USEC("ManagedOOMMemoryPressureDurationUSec", c->moom_mem_pressure_duration_usec), + SD_JSON_BUILD_PAIR_STRING("ManagedOOMPreference", managed_oom_preference_to_string(c->moom_preference)), + SD_JSON_BUILD_PAIR_STRING("MemoryPressureWatch", cgroup_pressure_watch_to_string(c->memory_pressure_watch)), + JSON_BUILD_PAIR_FINITE_USEC("MemoryPressureThresholdUSec", c->memory_pressure_threshold_usec), + + /* Others */ + SD_JSON_BUILD_PAIR_BOOLEAN("CoredumpReceive", c->coredump_receive)); +} diff --git a/src/core/varlink-cgroup.h b/src/core/varlink-cgroup.h new file mode 100644 index 00000000000..37fd07fa945 --- /dev/null +++ b/src/core/varlink-cgroup.h @@ -0,0 +1,6 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ +#pragma once + +#include "forward.h" + +int unit_cgroup_context_build_json(sd_json_variant **ret, const char *name, void *userdata); diff --git a/src/core/varlink-unit.c b/src/core/varlink-unit.c index ef1bafc94df..faf4ab4d4e6 100644 --- a/src/core/varlink-unit.c +++ b/src/core/varlink-unit.c @@ -14,6 +14,7 @@ #include "strv.h" #include "unit.h" #include "unit-name.h" +#include "varlink-cgroup.h" #include "varlink-common.h" #include "varlink-unit.h" #include "varlink-util.h" @@ -176,10 +177,12 @@ static int unit_context_build_json(sd_json_variant **ret, const char *name, void JSON_BUILD_PAIR_STRV_NON_EMPTY("DropInPaths", u->dropin_paths), JSON_BUILD_PAIR_STRING_NON_EMPTY("UnitFilePreset", preset_action_past_tense_to_string(unit_get_unit_file_preset(u))), SD_JSON_BUILD_PAIR_BOOLEAN("Transient", u->transient), - SD_JSON_BUILD_PAIR_BOOLEAN("Perpetual", u->perpetual)); + SD_JSON_BUILD_PAIR_BOOLEAN("Perpetual", u->perpetual), + + /* CGroup */ + JSON_BUILD_PAIR_CALLBACK_NON_NULL("CGroup", unit_cgroup_context_build_json, unit_get_cgroup_context(u))); // TODO follow up PRs: - // JSON_BUILD_PAIR_CALLBACK_NON_NULL("CGroup", cgroup_context_build_json, u) // JSON_BUILD_PAIR_CALLBACK_NON_NULL("Exec", exec_context_build_json, u) // JSON_BUILD_PAIR_CALLBACK_NON_NULL("Kill", kill_context_build_json, u) // Mount/Automount context diff --git a/src/shared/varlink-io.systemd.Unit.c b/src/shared/varlink-io.systemd.Unit.c index 291646446c9..adea53fb26e 100644 --- a/src/shared/varlink-io.systemd.Unit.c +++ b/src/shared/varlink-io.systemd.Unit.c @@ -4,6 +4,236 @@ #include "varlink-idl-common.h" #include "varlink-io.systemd.Unit.h" +static SD_VARLINK_DEFINE_STRUCT_TYPE( + CGroupTasksMax, + SD_VARLINK_FIELD_COMMENT("The maximum amount of tasks"), + SD_VARLINK_DEFINE_FIELD(value, SD_VARLINK_INT, 0), + SD_VARLINK_FIELD_COMMENT("The scaling factor"), + SD_VARLINK_DEFINE_FIELD(scale, SD_VARLINK_INT, 0)); + +static SD_VARLINK_DEFINE_STRUCT_TYPE( + CGroupIODeviceWeight, + SD_VARLINK_FIELD_COMMENT("The device path"), + SD_VARLINK_DEFINE_FIELD(path, SD_VARLINK_STRING, 0), + SD_VARLINK_FIELD_COMMENT("The device IO weight"), + SD_VARLINK_DEFINE_FIELD(weight, SD_VARLINK_INT, 0)); + +static SD_VARLINK_DEFINE_STRUCT_TYPE( + CGroupIODeviceLimit, + SD_VARLINK_FIELD_COMMENT("The device path"), + SD_VARLINK_DEFINE_FIELD(path, SD_VARLINK_STRING, 0), + SD_VARLINK_FIELD_COMMENT("The device IO limit"), + SD_VARLINK_DEFINE_FIELD(limit, SD_VARLINK_INT, 0)); + +static SD_VARLINK_DEFINE_STRUCT_TYPE( + CGroupIODeviceLatency, + SD_VARLINK_FIELD_COMMENT("The device path"), + SD_VARLINK_DEFINE_FIELD(path, SD_VARLINK_STRING, 0), + SD_VARLINK_FIELD_COMMENT("The device target latency"), + SD_VARLINK_DEFINE_FIELD(targetUSec, SD_VARLINK_INT, SD_VARLINK_NULLABLE)); + +static SD_VARLINK_DEFINE_STRUCT_TYPE( + CGroupAddressPrefix, + SD_VARLINK_FIELD_COMMENT("The address family"), + SD_VARLINK_DEFINE_FIELD(family, SD_VARLINK_INT, 0), + SD_VARLINK_FIELD_COMMENT("The address"), + SD_VARLINK_DEFINE_FIELD(address, SD_VARLINK_INT, SD_VARLINK_ARRAY), + SD_VARLINK_FIELD_COMMENT("The address prefix length"), + SD_VARLINK_DEFINE_FIELD(prefixLength, SD_VARLINK_INT, 0)); + +static SD_VARLINK_DEFINE_STRUCT_TYPE( + CGroupSocketBind, + SD_VARLINK_FIELD_COMMENT("The address family"), + SD_VARLINK_DEFINE_FIELD(family, SD_VARLINK_INT, 0), + SD_VARLINK_FIELD_COMMENT("The address protocol"), + SD_VARLINK_DEFINE_FIELD(protocol, SD_VARLINK_STRING, 0), + SD_VARLINK_FIELD_COMMENT("The number of ports"), + SD_VARLINK_DEFINE_FIELD(numberOfPorts, SD_VARLINK_INT, 0), + SD_VARLINK_FIELD_COMMENT("The minimum port"), + SD_VARLINK_DEFINE_FIELD(minimumPort, SD_VARLINK_INT, 0)); + +static SD_VARLINK_DEFINE_STRUCT_TYPE( + CGroupRestrictNetworkInterfaces, + SD_VARLINK_FIELD_COMMENT("Whether this is an allow list"), + SD_VARLINK_DEFINE_FIELD(isAllowList, SD_VARLINK_BOOL, 0), + SD_VARLINK_FIELD_COMMENT("The list of interfaces"), + SD_VARLINK_DEFINE_FIELD(interfaces, SD_VARLINK_STRING, SD_VARLINK_ARRAY)); + +static SD_VARLINK_DEFINE_STRUCT_TYPE( + CGroupNFTSet, + SD_VARLINK_FIELD_COMMENT("The source of this NFT set"), + SD_VARLINK_DEFINE_FIELD(source, SD_VARLINK_STRING, 0), + SD_VARLINK_FIELD_COMMENT("The NFT protocol for this NFT set"), + SD_VARLINK_DEFINE_FIELD(protocol, SD_VARLINK_STRING, 0), + SD_VARLINK_FIELD_COMMENT("The NFT table associated with this NFT set"), + SD_VARLINK_DEFINE_FIELD(table, SD_VARLINK_STRING, 0), + SD_VARLINK_FIELD_COMMENT("The name of the NFT set"), + SD_VARLINK_DEFINE_FIELD(set, SD_VARLINK_STRING, 0)); + +static SD_VARLINK_DEFINE_STRUCT_TYPE( + CGroupBPFProgram, + SD_VARLINK_FIELD_COMMENT("The BPF program attach type"), + SD_VARLINK_DEFINE_FIELD(attachType, SD_VARLINK_STRING, 0), + SD_VARLINK_FIELD_COMMENT("The path to the BPF program"), + SD_VARLINK_DEFINE_FIELD(path, SD_VARLINK_STRING, 0)); + +static SD_VARLINK_DEFINE_STRUCT_TYPE( + CGroupDeviceAllow, + SD_VARLINK_FIELD_COMMENT("The device path"), + SD_VARLINK_DEFINE_FIELD(path, SD_VARLINK_STRING, 0), + SD_VARLINK_FIELD_COMMENT("The device permissions"), + SD_VARLINK_DEFINE_FIELD(permissions, SD_VARLINK_STRING, 0)); + +static SD_VARLINK_DEFINE_STRUCT_TYPE( + CGroupContext, + + /* CPU Control + * https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#CPU%20Control */ + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#CPUWeight=weight"), + SD_VARLINK_DEFINE_FIELD(CPUWeight, SD_VARLINK_INT, SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#CPUWeight=weight"), + SD_VARLINK_DEFINE_FIELD(StartupCPUWeight, SD_VARLINK_INT, SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#CPUQuota="), + SD_VARLINK_DEFINE_FIELD(CPUQuotaPerSecUSec, SD_VARLINK_INT, SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#CPUQuotaPeriodSec="), + SD_VARLINK_DEFINE_FIELD(CPUQuotaPeriodUSec, SD_VARLINK_INT, SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#AllowedCPUs="), + SD_VARLINK_DEFINE_FIELD(AllowedCPUs, SD_VARLINK_INT, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#AllowedCPUs="), + SD_VARLINK_DEFINE_FIELD(StartupAllowedCPUs, SD_VARLINK_INT, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE), + + /* Memory Accounting and Control + * https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Memory%20Accounting%20and%20Control */ + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryAccounting="), + SD_VARLINK_DEFINE_FIELD(MemoryAccounting, SD_VARLINK_BOOL, 0), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryMin=bytes,%20MemoryLow=bytes"), + SD_VARLINK_DEFINE_FIELD(MemoryMin, SD_VARLINK_INT, SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryMin=bytes,%20MemoryLow=bytes"), + SD_VARLINK_DEFINE_FIELD(DefaultMemoryMin, SD_VARLINK_INT, SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryMin=bytes,%20MemoryLow=bytes"), + SD_VARLINK_DEFINE_FIELD(MemoryLow, SD_VARLINK_INT, SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryMin=bytes,%20MemoryLow=bytes"), + SD_VARLINK_DEFINE_FIELD(DefaultMemoryLow, SD_VARLINK_INT, SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemorySwapMax=bytes"), + SD_VARLINK_DEFINE_FIELD(StartupMemoryLow, SD_VARLINK_INT, SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryMin=bytes,%20MemoryLow=bytes"), + SD_VARLINK_DEFINE_FIELD(DefaultStartupMemoryLow, SD_VARLINK_INT, SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryHigh=bytes"), + SD_VARLINK_DEFINE_FIELD(MemoryHigh, SD_VARLINK_INT, SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryHigh=bytes"), + SD_VARLINK_DEFINE_FIELD(StartupMemoryHigh, SD_VARLINK_INT, SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryMax=bytes"), + SD_VARLINK_DEFINE_FIELD(MemoryMax, SD_VARLINK_INT, SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryMax=bytes"), + SD_VARLINK_DEFINE_FIELD(StartupMemoryMax, SD_VARLINK_INT, SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemorySwapMax=bytes"), + SD_VARLINK_DEFINE_FIELD(MemorySwapMax, SD_VARLINK_INT, SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemorySwapMax=bytes"), + SD_VARLINK_DEFINE_FIELD(StartupMemorySwapMax, SD_VARLINK_INT, SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryZSwapMax=bytes"), + SD_VARLINK_DEFINE_FIELD(MemoryZSwapMax, SD_VARLINK_INT, SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryZSwapMax=bytes"), + SD_VARLINK_DEFINE_FIELD(StartupMemoryZSwapMax, SD_VARLINK_INT, SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryZSwapWriteback="), + SD_VARLINK_DEFINE_FIELD(MemoryZSwapWriteback, SD_VARLINK_BOOL, 0), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#AllowedMemoryNodes="), + SD_VARLINK_DEFINE_FIELD(AllowedMemoryNodes, SD_VARLINK_INT, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#AllowedMemoryNodes="), + SD_VARLINK_DEFINE_FIELD(StartupAllowedMemoryNodes, SD_VARLINK_INT, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE), + + /* Process Accounting and Control + * https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Process%20Accounting%20and%20Control */ + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#TasksAccounting="), + SD_VARLINK_DEFINE_FIELD(TasksAccounting, SD_VARLINK_BOOL, 0), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#TasksMax=N"), + SD_VARLINK_DEFINE_FIELD_BY_TYPE(TasksMax, CGroupTasksMax, SD_VARLINK_NULLABLE), + + /* IO Accounting and Control + * https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IO%20Accounting%20and%20Control */ + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IOAccounting="), + SD_VARLINK_DEFINE_FIELD(IOAccounting, SD_VARLINK_BOOL, 0), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IOWeight=weight"), + SD_VARLINK_DEFINE_FIELD(IOWeight, SD_VARLINK_INT, SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IOWeight=weight"), + SD_VARLINK_DEFINE_FIELD(StartupIOWeight, SD_VARLINK_INT, SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IODeviceWeight=device%20weight"), + SD_VARLINK_DEFINE_FIELD_BY_TYPE(IODeviceWeight, CGroupIODeviceWeight, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IOReadBandwidthMax=device%20bytes"), + SD_VARLINK_DEFINE_FIELD_BY_TYPE(IOReadBandwidthMax, CGroupIODeviceLimit, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IOReadBandwidthMax=device%20bytes"), + SD_VARLINK_DEFINE_FIELD_BY_TYPE(IOWriteBandwidthMax, CGroupIODeviceLimit, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IOReadIOPSMax=device%20IOPS"), + SD_VARLINK_DEFINE_FIELD_BY_TYPE(IOReadIOPSMax, CGroupIODeviceLimit, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IOReadIOPSMax=device%20IOPS"), + SD_VARLINK_DEFINE_FIELD_BY_TYPE(IOWriteIOPSMax, CGroupIODeviceLimit, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IODeviceLatencyTargetSec=device%20target"), + SD_VARLINK_DEFINE_FIELD_BY_TYPE(IODeviceLatencyTargetUSec, CGroupIODeviceLatency, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE), + + /* Network Accounting and Control + * https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Network%20Accounting%20and%20Control */ + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IPAccounting="), + SD_VARLINK_DEFINE_FIELD(IPAccounting, SD_VARLINK_BOOL, 0), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IPAddressAllow=ADDRESS%5B/PREFIXLENGTH%5D%E2%80%A6"), + SD_VARLINK_DEFINE_FIELD_BY_TYPE(IPAddressAllow, CGroupAddressPrefix, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IPAddressAllow=ADDRESS%5B/PREFIXLENGTH%5D%E2%80%A6"), + SD_VARLINK_DEFINE_FIELD_BY_TYPE(IPAddressDeny, CGroupAddressPrefix, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#SocketBindAllow=bind-rule"), + SD_VARLINK_DEFINE_FIELD_BY_TYPE(SocketBindAllow, CGroupSocketBind, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#SocketBindAllow=bind-rule"), + SD_VARLINK_DEFINE_FIELD_BY_TYPE(SocketBindDeny, CGroupSocketBind, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#RestrictNetworkInterfaces="), + SD_VARLINK_DEFINE_FIELD_BY_TYPE(RestrictNetworkInterfaces, CGroupRestrictNetworkInterfaces, SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#NFTSet=family:table:set"), + SD_VARLINK_DEFINE_FIELD_BY_TYPE(NFTSet, CGroupNFTSet, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE), + + /* BPF programs + * https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#BPF%20Programs */ + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IPIngressFilterPath=BPF_FS_PROGRAM_PATH"), + SD_VARLINK_DEFINE_FIELD(IPIngressFilterPath, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IPIngressFilterPath=BPF_FS_PROGRAM_PATH"), + SD_VARLINK_DEFINE_FIELD(IPEgressFilterPath, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#BPFProgram=type:program-path"), + SD_VARLINK_DEFINE_FIELD_BY_TYPE(BPFProgram, CGroupBPFProgram, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE), + + /* Device Access + * https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Device%20Access */ + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#DeviceAllow="), + SD_VARLINK_DEFINE_FIELD_BY_TYPE(DeviceAllow, CGroupDeviceAllow, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#DevicePolicy=auto%7Cclosed%7Cstrict"), + SD_VARLINK_DEFINE_FIELD(DevicePolicy, SD_VARLINK_STRING, 0), + + /* Control Group Management + * https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Control%20Group%20Management */ + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Delegate="), + SD_VARLINK_DEFINE_FIELD(Delegate, SD_VARLINK_BOOL, 0), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#DelegateSubgroup="), + SD_VARLINK_DEFINE_FIELD(DelegateSubgroup, SD_VARLINK_STRING, SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#DisableControllers="), + SD_VARLINK_DEFINE_FIELD(DelegateControllers, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#DisableControllers="), + SD_VARLINK_DEFINE_FIELD(DisableControllers, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE), + + /* Memory Pressure Control + * https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#Memory%20Pressure%20Control */ + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#ManagedOOMSwap=auto%7Ckill"), + SD_VARLINK_DEFINE_FIELD(ManagedOOMSwap, SD_VARLINK_STRING, 0), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#ManagedOOMSwap=auto%7Ckill"), + SD_VARLINK_DEFINE_FIELD(ManagedOOMMemoryPressure, SD_VARLINK_STRING, 0), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#ManagedOOMMemoryPressureLimit="), + SD_VARLINK_DEFINE_FIELD(ManagedOOMMemoryPressureLimit, SD_VARLINK_INT, SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#ManagedOOMMemoryPressureDurationSec="), + SD_VARLINK_DEFINE_FIELD(ManagedOOMMemoryPressureDurationUSec, SD_VARLINK_INT, SD_VARLINK_NULLABLE), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#ManagedOOMPreference=none%7Cavoid%7Comit"), + SD_VARLINK_DEFINE_FIELD(ManagedOOMPreference, SD_VARLINK_STRING, 0), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryPressureWatch="), + SD_VARLINK_DEFINE_FIELD(MemoryPressureWatch, SD_VARLINK_STRING, 0), + SD_VARLINK_FIELD_COMMENT("https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#MemoryPressureThresholdSec="), + SD_VARLINK_DEFINE_FIELD(MemoryPressureThresholdUSec, SD_VARLINK_INT, SD_VARLINK_NULLABLE), + + /* Others */ + SD_VARLINK_FIELD_COMMENT("Reflects whether to forward coredumps for processes that crash within this cgroup"), + SD_VARLINK_DEFINE_FIELD(CoredumpReceive, SD_VARLINK_BOOL, 0)); + static SD_VARLINK_DEFINE_STRUCT_TYPE( Condition, SD_VARLINK_FIELD_COMMENT("The condition type"), @@ -152,7 +382,9 @@ static SD_VARLINK_DEFINE_STRUCT_TYPE( SD_VARLINK_FIELD_COMMENT("Whether this unit is transient"), SD_VARLINK_DEFINE_FIELD(Transient, SD_VARLINK_BOOL, 0), SD_VARLINK_FIELD_COMMENT("Whether this unit is perpetual"), - SD_VARLINK_DEFINE_FIELD(Perpetual, SD_VARLINK_BOOL, 0)); + SD_VARLINK_DEFINE_FIELD(Perpetual, SD_VARLINK_BOOL, 0), + SD_VARLINK_FIELD_COMMENT("The cgroup context of the unit"), + SD_VARLINK_DEFINE_FIELD_BY_TYPE(CGroup, CGroupContext, SD_VARLINK_NULLABLE)); static SD_VARLINK_DEFINE_STRUCT_TYPE( ActivationDetails, @@ -252,5 +484,17 @@ SD_VARLINK_DEFINE_INTERFACE( &vl_type_ActivationDetails, SD_VARLINK_SYMBOL_COMMENT("An object for referencing UNIX processes"), &vl_type_ProcessId, + &vl_type_CGroupTasksMax, + &vl_type_CGroupIODeviceWeight, + &vl_type_CGroupIODeviceLimit, + &vl_type_CGroupIODeviceLatency, + &vl_type_CGroupAddressPrefix, + &vl_type_CGroupSocketBind, + &vl_type_CGroupRestrictNetworkInterfaces, + &vl_type_CGroupNFTSet, + &vl_type_CGroupBPFProgram, + &vl_type_CGroupDeviceAllow, + SD_VARLINK_SYMBOL_COMMENT("CGroup context of a unit"), + &vl_type_CGroupContext, SD_VARLINK_SYMBOL_COMMENT("No matching unit found"), &vl_error_NoSuchUnit); -- 2.47.3