1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 #include <sys/types.h>
27 #include <sys/epoll.h>
29 #include <arpa/inet.h>
30 #include <netinet/tcp.h>
32 #include <sys/xattr.h>
36 #include "load-dropin.h"
37 #include "load-fragment.h"
40 #include "path-util.h"
41 #include "unit-name.h"
42 #include "unit-printf.h"
46 #include "exit-status.h"
48 #include "smack-util.h"
50 #include "bus-error.h"
51 #include "selinux-util.h"
52 #include "dbus-socket.h"
56 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
57 [SOCKET_DEAD] = UNIT_INACTIVE,
58 [SOCKET_START_PRE] = UNIT_ACTIVATING,
59 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
60 [SOCKET_START_POST] = UNIT_ACTIVATING,
61 [SOCKET_LISTENING] = UNIT_ACTIVE,
62 [SOCKET_RUNNING] = UNIT_ACTIVE,
63 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
65 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
66 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
67 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
68 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
69 [SOCKET_FAILED] = UNIT_FAILED
72 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
73 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
75 static void socket_init(Unit *u) {
76 Socket *s = SOCKET(u);
79 assert(u->load_state == UNIT_STUB);
81 s->backlog = SOMAXCONN;
82 s->timeout_usec = u->manager->default_timeout_start_usec;
83 s->directory_mode = 0755;
84 s->socket_mode = 0666;
86 s->max_connections = 64;
93 s->exec_context.std_output = u->manager->default_std_output;
94 s->exec_context.std_error = u->manager->default_std_error;
96 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
99 static void socket_unwatch_control_pid(Socket *s) {
102 if (s->control_pid <= 0)
105 unit_unwatch_pid(UNIT(s), s->control_pid);
109 void socket_free_ports(Socket *s) {
114 while ((p = s->ports)) {
115 LIST_REMOVE(port, s->ports, p);
117 sd_event_source_unref(p->event_source);
125 static void socket_done(Unit *u) {
126 Socket *s = SOCKET(u);
130 socket_free_ports(s);
132 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
133 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
134 s->control_command = NULL;
136 socket_unwatch_control_pid(s);
138 unit_ref_unset(&s->service);
140 free(s->tcp_congestion);
141 s->tcp_congestion = NULL;
143 free(s->bind_to_device);
144 s->bind_to_device = NULL;
147 free(s->smack_ip_in);
148 free(s->smack_ip_out);
150 strv_free(s->symlinks);
155 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
158 static int socket_arm_timer(Socket *s) {
163 if (s->timeout_usec <= 0) {
164 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
168 if (s->timer_event_source) {
169 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
173 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
176 return sd_event_add_time(
177 UNIT(s)->manager->event,
178 &s->timer_event_source,
180 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
181 socket_dispatch_timer, s);
184 int socket_instantiate_service(Socket *s) {
185 _cleanup_free_ char *prefix = NULL, *name = NULL;
191 /* This fills in s->service if it isn't filled in yet. For
192 * Accept=yes sockets we create the next connection service
193 * here. For Accept=no this is mostly a NOP since the service
194 * is figured out at load time anyway. */
196 if (UNIT_DEREF(s->service) || !s->accept)
199 prefix = unit_name_to_prefix(UNIT(s)->id);
203 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
206 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
211 unit_ref_set(&s->service, u);
213 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
216 static bool have_non_accept_socket(Socket *s) {
224 LIST_FOREACH(port, p, s->ports) {
226 if (p->type != SOCKET_SOCKET)
229 if (!socket_address_can_accept(&p->address))
236 static int socket_add_mount_links(Socket *s) {
242 LIST_FOREACH(port, p, s->ports) {
243 const char *path = NULL;
245 if (p->type == SOCKET_SOCKET)
246 path = socket_address_get_path(&p->address);
247 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
253 r = unit_require_mounts_for(UNIT(s), path);
261 static int socket_add_device_link(Socket *s) {
266 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
269 t = strappenda("/sys/subsystem/net/devices/", s->bind_to_device);
270 return unit_add_node_link(UNIT(s), t, false);
273 static int socket_add_default_dependencies(Socket *s) {
277 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
281 if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
282 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
287 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
290 _pure_ static bool socket_has_exec(Socket *s) {
294 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
295 if (s->exec_command[i])
301 static int socket_add_extras(Socket *s) {
307 if (have_non_accept_socket(s)) {
309 if (!UNIT_DEREF(s->service)) {
312 r = unit_load_related_unit(u, ".service", &x);
316 unit_ref_set(&s->service, x);
319 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
324 r = socket_add_mount_links(s);
328 r = socket_add_device_link(s);
332 r = unit_patch_contexts(u);
336 if (socket_has_exec(s)) {
337 r = unit_add_exec_dependencies(u, &s->exec_context);
341 r = unit_add_default_slice(u, &s->cgroup_context);
346 if (u->default_dependencies) {
347 r = socket_add_default_dependencies(s);
355 static const char *socket_find_symlink_target(Socket *s) {
356 const char *found = NULL;
359 LIST_FOREACH(port, p, s->ports) {
360 const char *f = NULL;
369 if (p->address.sockaddr.un.sun_path[0] != 0)
370 f = p->address.sockaddr.un.sun_path;
388 static int socket_verify(Socket *s) {
391 if (UNIT(s)->load_state != UNIT_LOADED)
395 log_unit_error(UNIT(s)->id, "%s lacks Listen setting. Refusing.", UNIT(s)->id);
399 if (s->accept && have_non_accept_socket(s)) {
400 log_unit_error(UNIT(s)->id, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
405 if (s->accept && s->max_connections <= 0) {
406 log_unit_error(UNIT(s)->id, "%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
410 if (s->accept && UNIT_DEREF(s->service)) {
411 log_unit_error(UNIT(s)->id, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
415 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
416 log_unit_error(UNIT(s)->id, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
420 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
421 log_unit_error(UNIT(s)->id, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s)->id);
428 static int socket_load(Unit *u) {
429 Socket *s = SOCKET(u);
433 assert(u->load_state == UNIT_STUB);
435 r = unit_load_fragment_and_dropin(u);
439 if (u->load_state == UNIT_LOADED) {
440 /* This is a new unit? Then let's add in some extras */
441 r = socket_add_extras(s);
446 return socket_verify(s);
449 _const_ static const char* listen_lookup(int family, int type) {
451 if (family == AF_NETLINK)
452 return "ListenNetlink";
454 if (type == SOCK_STREAM)
455 return "ListenStream";
456 else if (type == SOCK_DGRAM)
457 return "ListenDatagram";
458 else if (type == SOCK_SEQPACKET)
459 return "ListenSequentialPacket";
461 assert_not_reached("Unknown socket type");
465 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
466 char time_string[FORMAT_TIMESPAN_MAX];
468 Socket *s = SOCKET(u);
475 prefix = strempty(prefix);
476 prefix2 = strappenda(prefix, "\t");
479 "%sSocket State: %s\n"
481 "%sBindIPv6Only: %s\n"
483 "%sSocketMode: %04o\n"
484 "%sDirectoryMode: %04o\n"
488 "%sTransparent: %s\n"
490 "%sPassCredentials: %s\n"
491 "%sPassSecurity: %s\n"
492 "%sTCPCongestion: %s\n"
493 "%sRemoveOnStop: %s\n"
494 "%sSELinuxContextFromNet: %s\n",
495 prefix, socket_state_to_string(s->state),
496 prefix, socket_result_to_string(s->result),
497 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
499 prefix, s->socket_mode,
500 prefix, s->directory_mode,
501 prefix, yes_no(s->keep_alive),
502 prefix, yes_no(s->no_delay),
503 prefix, yes_no(s->free_bind),
504 prefix, yes_no(s->transparent),
505 prefix, yes_no(s->broadcast),
506 prefix, yes_no(s->pass_cred),
507 prefix, yes_no(s->pass_sec),
508 prefix, strna(s->tcp_congestion),
509 prefix, yes_no(s->remove_on_stop),
510 prefix, yes_no(s->selinux_context_from_net));
512 if (s->control_pid > 0)
514 "%sControl PID: "PID_FMT"\n",
515 prefix, s->control_pid);
517 if (s->bind_to_device)
519 "%sBindToDevice: %s\n",
520 prefix, s->bind_to_device);
525 "%sNConnections: %u\n"
526 "%sMaxConnections: %u\n",
527 prefix, s->n_accepted,
528 prefix, s->n_connections,
529 prefix, s->max_connections);
531 if (s->priority >= 0)
534 prefix, s->priority);
536 if (s->receive_buffer > 0)
538 "%sReceiveBuffer: %zu\n",
539 prefix, s->receive_buffer);
541 if (s->send_buffer > 0)
543 "%sSendBuffer: %zu\n",
544 prefix, s->send_buffer);
556 if (s->pipe_size > 0)
559 prefix, s->pipe_size);
566 if (s->mq_maxmsg > 0)
568 "%sMessageQueueMaxMessages: %li\n",
569 prefix, s->mq_maxmsg);
571 if (s->mq_msgsize > 0)
573 "%sMessageQueueMessageSize: %li\n",
574 prefix, s->mq_msgsize);
579 prefix, yes_no(s->reuse_port));
583 "%sSmackLabel: %s\n",
588 "%sSmackLabelIPIn: %s\n",
589 prefix, s->smack_ip_in);
593 "%sSmackLabelIPOut: %s\n",
594 prefix, s->smack_ip_out);
596 if (!isempty(s->user) || !isempty(s->group))
599 "%sOwnerGroup: %s\n",
600 prefix, strna(s->user),
601 prefix, strna(s->group));
603 if (s->keep_alive_time > 0)
605 "%sKeepAliveTimeSec: %s\n",
606 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
608 if (s->keep_alive_interval)
610 "%sKeepAliveIntervalSec: %s\n",
611 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
613 if (s->keep_alive_cnt)
615 "%sKeepAliveProbes: %u\n",
616 prefix, s->keep_alive_cnt);
620 "%sDeferAcceptSec: %s\n",
621 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
623 LIST_FOREACH(port, p, s->ports) {
625 if (p->type == SOCKET_SOCKET) {
630 if ((r = socket_address_print(&p->address, &k)) < 0)
635 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
637 } else if (p->type == SOCKET_SPECIAL)
638 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
639 else if (p->type == SOCKET_MQUEUE)
640 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
642 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
645 exec_context_dump(&s->exec_context, f, prefix);
646 kill_context_dump(&s->kill_context, f, prefix);
648 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
649 if (!s->exec_command[c])
652 fprintf(f, "%s-> %s:\n",
653 prefix, socket_exec_command_to_string(c));
655 exec_command_dump_list(s->exec_command[c], f, prefix2);
659 static int instance_from_socket(int fd, unsigned nr, char **instance) {
662 union sockaddr_union local, remote;
668 if (getsockname(fd, &local.sa, &l) < 0)
672 if (getpeername(fd, &remote.sa, &l) < 0)
675 switch (local.sa.sa_family) {
679 a = ntohl(local.in.sin_addr.s_addr),
680 b = ntohl(remote.in.sin_addr.s_addr);
683 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
685 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
686 ntohs(local.in.sin_port),
687 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
688 ntohs(remote.in.sin_port)) < 0)
695 static const unsigned char ipv4_prefix[] = {
696 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
699 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
700 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
702 *a = local.in6.sin6_addr.s6_addr+12,
703 *b = remote.in6.sin6_addr.s6_addr+12;
706 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
708 a[0], a[1], a[2], a[3],
709 ntohs(local.in6.sin6_port),
710 b[0], b[1], b[2], b[3],
711 ntohs(remote.in6.sin6_port)) < 0)
714 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
719 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
720 ntohs(local.in6.sin6_port),
721 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
722 ntohs(remote.in6.sin6_port)) < 0)
733 k = getpeercred(fd, &ucred);
736 "%u-"PID_FMT"-"UID_FMT,
737 nr, ucred.pid, ucred.uid) < 0)
739 } else if (k == -ENODATA) {
740 /* This handles the case where somebody is
741 * connecting from another pid/uid namespace
742 * (e.g. from outside of our container). */
754 assert_not_reached("Unhandled socket type.");
761 static void socket_close_fds(Socket *s) {
767 LIST_FOREACH(port, p, s->ports) {
769 p->event_source = sd_event_source_unref(p->event_source);
774 p->fd = safe_close(p->fd);
776 /* One little note: we should normally not delete any
777 * sockets in the file system here! After all some
778 * other process we spawned might still have a
779 * reference of this fd and wants to continue to use
780 * it. Therefore we delete sockets in the file system
781 * before we create a new one, not after we stopped
784 if (s->remove_on_stop) {
796 socket_address_unlink(&p->address);
805 if (s->remove_on_stop)
806 STRV_FOREACH(i, s->symlinks)
810 static void socket_apply_socket_options(Socket *s, int fd) {
817 int b = s->keep_alive;
818 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
819 log_unit_warning(UNIT(s)->id, "SO_KEEPALIVE failed: %m");
822 if (s->keep_alive_time) {
823 int value = s->keep_alive_time / USEC_PER_SEC;
824 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
825 log_unit_warning(UNIT(s)->id, "TCP_KEEPIDLE failed: %m");
828 if (s->keep_alive_interval) {
829 int value = s->keep_alive_interval / USEC_PER_SEC;
830 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
831 log_unit_warning(UNIT(s)->id, "TCP_KEEPINTVL failed: %m");
834 if (s->keep_alive_cnt) {
835 int value = s->keep_alive_cnt;
836 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
837 log_unit_warning(UNIT(s)->id, "TCP_KEEPCNT failed: %m");
840 if (s->defer_accept) {
841 int value = s->defer_accept / USEC_PER_SEC;
842 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
843 log_unit_warning(UNIT(s)->id, "TCP_DEFER_ACCEPT failed: %m");
848 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
849 log_unit_warning(UNIT(s)->id, "TCP_NODELAY failed: %m");
854 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
855 log_unit_warning(UNIT(s)->id, "SO_BROADCAST failed: %m");
860 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
861 log_unit_warning(UNIT(s)->id, "SO_PASSCRED failed: %m");
866 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
867 log_unit_warning(UNIT(s)->id, "SO_PASSSEC failed: %m");
870 if (s->priority >= 0)
871 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
872 log_unit_warning(UNIT(s)->id, "SO_PRIORITY failed: %m");
874 if (s->receive_buffer > 0) {
875 int value = (int) s->receive_buffer;
877 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
879 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
880 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
881 log_unit_warning(UNIT(s)->id, "SO_RCVBUF failed: %m");
884 if (s->send_buffer > 0) {
885 int value = (int) s->send_buffer;
886 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
887 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
888 log_unit_warning(UNIT(s)->id, "SO_SNDBUF failed: %m");
892 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
893 log_unit_warning(UNIT(s)->id, "SO_MARK failed: %m");
896 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
897 log_unit_warning(UNIT(s)->id, "IP_TOS failed: %m");
899 if (s->ip_ttl >= 0) {
902 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
904 if (socket_ipv6_is_supported())
905 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
908 errno = EAFNOSUPPORT;
912 log_unit_warning(UNIT(s)->id,
913 "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
916 if (s->tcp_congestion)
917 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
918 log_unit_warning(UNIT(s)->id, "TCP_CONGESTION failed: %m");
921 int b = s->reuse_port;
922 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
923 log_unit_warning(UNIT(s)->id, "SO_REUSEPORT failed: %m");
926 if (s->smack_ip_in) {
927 r = mac_smack_apply_ip_in_fd(fd, s->smack_ip_in);
929 log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_ip_in_fd: %m");
932 if (s->smack_ip_out) {
933 r = mac_smack_apply_ip_out_fd(fd, s->smack_ip_out);
935 log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_ip_out_fd: %m");
939 static void socket_apply_fifo_options(Socket *s, int fd) {
945 if (s->pipe_size > 0)
946 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
947 log_unit_warning(UNIT(s)->id, "F_SETPIPE_SZ: %m");
950 r = mac_smack_apply_fd(fd, s->smack);
952 log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_fd: %m");
956 static int fifo_address_create(
958 mode_t directory_mode,
969 mkdir_parents_label(path, directory_mode);
971 r = mac_selinux_create_file_prepare(path, S_IFIFO);
975 /* Enforce the right access mode for the fifo */
976 old_mask = umask(~ socket_mode);
978 /* Include the original umask in our mask */
979 umask(~socket_mode | old_mask);
981 r = mkfifo(path, socket_mode);
984 if (r < 0 && errno != EEXIST) {
989 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
994 mac_selinux_create_file_clear();
996 if (fstat(fd, &st) < 0) {
1001 if (!S_ISFIFO(st.st_mode) ||
1002 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1003 st.st_uid != getuid() ||
1004 st.st_gid != getgid()) {
1014 mac_selinux_create_file_clear();
1020 static int special_address_create(
1030 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1036 if (fstat(fd, &st) < 0) {
1041 /* Check whether this is a /proc, /sys or /dev file or char device */
1042 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1056 static int mq_address_create(
1066 struct mq_attr _attr, *attr = NULL;
1071 if (maxmsg > 0 && msgsize > 0) {
1073 _attr.mq_flags = O_NONBLOCK;
1074 _attr.mq_maxmsg = maxmsg;
1075 _attr.mq_msgsize = msgsize;
1079 /* Enforce the right access mode for the mq */
1080 old_mask = umask(~ mq_mode);
1082 /* Include the original umask in our mask */
1083 umask(~mq_mode | old_mask);
1084 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1092 if (fstat(fd, &st) < 0) {
1097 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1098 st.st_uid != getuid() ||
1099 st.st_gid != getgid()) {
1113 static int socket_symlink(Socket *s) {
1119 p = socket_find_symlink_target(s);
1123 STRV_FOREACH(i, s->symlinks)
1124 symlink_label(p, *i);
1129 static int socket_open_fds(Socket *s) {
1133 bool know_label = false;
1137 LIST_FOREACH(port, p, s->ports) {
1142 if (p->type == SOCKET_SOCKET) {
1145 /* Figure out label, if we don't it know
1146 * yet. We do it once, for the first
1147 * socket where we need this and
1148 * remember it for the rest. */
1150 if (s->selinux_context_from_net) {
1151 /* Get it from the network label */
1153 r = mac_selinux_get_our_label(&label);
1154 if (r < 0 && r != -EOPNOTSUPP)
1158 /* Get it from the executable we are about to start */
1160 r = socket_instantiate_service(s);
1164 if (UNIT_ISSET(s->service) &&
1165 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1166 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1167 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
1175 r = socket_address_listen(
1177 SOCK_CLOEXEC|SOCK_NONBLOCK,
1190 socket_apply_socket_options(s, p->fd);
1193 } else if (p->type == SOCKET_SPECIAL) {
1195 r = special_address_create(
1201 } else if (p->type == SOCKET_FIFO) {
1203 r = fifo_address_create(
1211 socket_apply_fifo_options(s, p->fd);
1214 } else if (p->type == SOCKET_MQUEUE) {
1216 r = mq_address_create(
1225 assert_not_reached("Unknown port type");
1228 mac_selinux_free(label);
1232 socket_close_fds(s);
1233 mac_selinux_free(label);
1238 static void socket_unwatch_fds(Socket *s) {
1244 LIST_FOREACH(port, p, s->ports) {
1248 if (!p->event_source)
1251 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1253 log_unit_debug(UNIT(s)->id, "Failed to disable event source.");
1257 static int socket_watch_fds(Socket *s) {
1263 LIST_FOREACH(port, p, s->ports) {
1267 if (p->event_source)
1268 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1270 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1273 log_unit_warning_errno(UNIT(s)->id, r, "Failed to watch listening fds: %m");
1281 socket_unwatch_fds(s);
1285 static void socket_set_state(Socket *s, SocketState state) {
1286 SocketState old_state;
1289 old_state = s->state;
1297 SOCKET_STOP_PRE_SIGTERM,
1298 SOCKET_STOP_PRE_SIGKILL,
1300 SOCKET_FINAL_SIGTERM,
1301 SOCKET_FINAL_SIGKILL)) {
1303 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1304 socket_unwatch_control_pid(s);
1305 s->control_command = NULL;
1306 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1309 if (state != SOCKET_LISTENING)
1310 socket_unwatch_fds(s);
1318 SOCKET_STOP_PRE_SIGTERM,
1319 SOCKET_STOP_PRE_SIGKILL))
1320 socket_close_fds(s);
1322 if (state != old_state)
1323 log_unit_debug(UNIT(s)->id, "%s changed %s -> %s",
1324 UNIT(s)->id, socket_state_to_string(old_state), socket_state_to_string(state));
1326 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1329 static int socket_coldplug(Unit *u) {
1330 Socket *s = SOCKET(u);
1334 assert(s->state == SOCKET_DEAD);
1336 if (s->deserialized_state == s->state)
1339 if (IN_SET(s->deserialized_state,
1344 SOCKET_STOP_PRE_SIGTERM,
1345 SOCKET_STOP_PRE_SIGKILL,
1347 SOCKET_FINAL_SIGTERM,
1348 SOCKET_FINAL_SIGKILL)) {
1350 if (s->control_pid <= 0)
1353 r = unit_watch_pid(UNIT(s), s->control_pid);
1357 r = socket_arm_timer(s);
1362 if (IN_SET(s->deserialized_state,
1368 SOCKET_STOP_PRE_SIGTERM,
1369 SOCKET_STOP_PRE_SIGKILL)) {
1370 r = socket_open_fds(s);
1375 if (s->deserialized_state == SOCKET_LISTENING) {
1376 r = socket_watch_fds(s);
1381 socket_set_state(s, s->deserialized_state);
1385 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1386 _cleanup_free_ char **argv = NULL;
1389 ExecParameters exec_params = {
1390 .apply_permissions = true,
1391 .apply_chroot = true,
1392 .apply_tty_stdin = true,
1399 unit_realize_cgroup(UNIT(s));
1401 r = unit_setup_exec_runtime(UNIT(s));
1405 r = socket_arm_timer(s);
1409 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1413 exec_params.argv = argv;
1414 exec_params.environment = UNIT(s)->manager->environment;
1415 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1416 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1417 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1418 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1419 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1420 exec_params.unit_id = UNIT(s)->id;
1430 r = unit_watch_pid(UNIT(s), pid);
1432 /* FIXME: we need to do something here */
1439 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1443 static int socket_chown(Socket *s, pid_t *_pid) {
1447 r = socket_arm_timer(s);
1451 /* We have to resolve the user names out-of-process, hence
1452 * let's fork here. It's messy, but well, what can we do? */
1460 uid_t uid = UID_INVALID;
1461 gid_t gid = GID_INVALID;
1464 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1465 ignore_signals(SIGPIPE, -1);
1468 if (!isempty(s->user)) {
1469 const char *user = s->user;
1471 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1478 if (!isempty(s->group)) {
1479 const char *group = s->group;
1481 r = get_group_creds(&group, &gid);
1488 LIST_FOREACH(port, p, s->ports) {
1489 const char *path = NULL;
1491 if (p->type == SOCKET_SOCKET)
1492 path = socket_address_get_path(&p->address);
1493 else if (p->type == SOCKET_FIFO)
1499 if (chown(path, uid, gid) < 0) {
1510 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1515 r = unit_watch_pid(UNIT(s), pid);
1523 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1527 static void socket_enter_dead(Socket *s, SocketResult f) {
1530 if (f != SOCKET_SUCCESS)
1533 exec_runtime_destroy(s->exec_runtime);
1534 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1536 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1538 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1541 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1543 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1547 if (f != SOCKET_SUCCESS)
1550 socket_unwatch_control_pid(s);
1551 s->control_command_id = SOCKET_EXEC_STOP_POST;
1552 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1554 if (s->control_command) {
1555 r = socket_spawn(s, s->control_command, &s->control_pid);
1559 socket_set_state(s, SOCKET_STOP_POST);
1561 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1566 log_unit_warning(UNIT(s)->id,
1567 "%s failed to run 'stop-post' task: %s",
1568 UNIT(s)->id, strerror(-r));
1569 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1572 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1577 if (f != SOCKET_SUCCESS)
1580 r = unit_kill_context(
1583 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1584 KILL_KILL : KILL_TERMINATE,
1592 r = socket_arm_timer(s);
1596 socket_set_state(s, state);
1597 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1598 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1599 else if (state == SOCKET_STOP_PRE_SIGKILL)
1600 socket_enter_stop_post(s, SOCKET_SUCCESS);
1601 else if (state == SOCKET_FINAL_SIGTERM)
1602 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1604 socket_enter_dead(s, SOCKET_SUCCESS);
1609 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to kill processes: %m", UNIT(s)->id);
1611 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1612 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1614 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1617 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1621 if (f != SOCKET_SUCCESS)
1624 socket_unwatch_control_pid(s);
1625 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1626 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1628 if (s->control_command) {
1629 r = socket_spawn(s, s->control_command, &s->control_pid);
1633 socket_set_state(s, SOCKET_STOP_PRE);
1635 socket_enter_stop_post(s, SOCKET_SUCCESS);
1640 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'stop-pre' task: %m", UNIT(s)->id);
1641 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1644 static void socket_enter_listening(Socket *s) {
1648 r = socket_watch_fds(s);
1650 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to watch sockets: %m", UNIT(s)->id);
1654 socket_set_state(s, SOCKET_LISTENING);
1658 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1661 static void socket_enter_start_post(Socket *s) {
1665 socket_unwatch_control_pid(s);
1666 s->control_command_id = SOCKET_EXEC_START_POST;
1667 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1669 if (s->control_command) {
1670 r = socket_spawn(s, s->control_command, &s->control_pid);
1672 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'start-post' task: %m", UNIT(s)->id);
1676 socket_set_state(s, SOCKET_START_POST);
1678 socket_enter_listening(s);
1683 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1686 static void socket_enter_start_chown(Socket *s) {
1691 r = socket_open_fds(s);
1693 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to listen on sockets: %m", UNIT(s)->id);
1697 if (!isempty(s->user) || !isempty(s->group)) {
1699 socket_unwatch_control_pid(s);
1700 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1701 s->control_command = NULL;
1703 r = socket_chown(s, &s->control_pid);
1705 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to fork 'start-chown' task: %m", UNIT(s)->id);
1709 socket_set_state(s, SOCKET_START_CHOWN);
1711 socket_enter_start_post(s);
1716 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1719 static void socket_enter_start_pre(Socket *s) {
1723 socket_unwatch_control_pid(s);
1724 s->control_command_id = SOCKET_EXEC_START_PRE;
1725 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1727 if (s->control_command) {
1728 r = socket_spawn(s, s->control_command, &s->control_pid);
1730 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'start-pre' task: %m", UNIT(s)->id);
1734 socket_set_state(s, SOCKET_START_PRE);
1736 socket_enter_start_chown(s);
1741 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1744 static void socket_enter_running(Socket *s, int cfd) {
1745 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1750 /* We don't take connections anymore if we are supposed to
1751 * shut down anyway */
1752 if (unit_stop_pending(UNIT(s))) {
1754 log_unit_debug(UNIT(s)->id, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
1759 /* Flush all sockets by closing and reopening them */
1760 socket_close_fds(s);
1762 r = socket_open_fds(s);
1764 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to listen on sockets: %m", UNIT(s)->id);
1765 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1769 r = socket_watch_fds(s);
1771 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to watch sockets: %m", UNIT(s)->id);
1772 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1782 bool pending = false;
1784 /* If there's already a start pending don't bother to
1786 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1787 if (unit_active_or_pending(other)) {
1793 if (!UNIT_ISSET(s->service)) {
1794 log_unit_error(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
1799 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1804 socket_set_state(s, SOCKET_RUNNING);
1806 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1809 if (s->n_connections >= s->max_connections) {
1810 log_unit_warning(UNIT(s)->id, "%s: Too many incoming connections (%u)", UNIT(s)->id, s->n_connections);
1815 r = socket_instantiate_service(s);
1819 r = instance_from_socket(cfd, s->n_accepted, &instance);
1824 /* ENOTCONN is legitimate if TCP RST was received.
1825 * This connection is over, but the socket unit lives on. */
1830 prefix = unit_name_to_prefix(UNIT(s)->id);
1836 name = unit_name_build(prefix, instance, ".service");
1842 r = unit_add_name(UNIT_DEREF(s->service), name);
1846 service = SERVICE(UNIT_DEREF(s->service));
1847 unit_ref_unset(&s->service);
1850 UNIT(service)->no_gc = false;
1852 unit_choose_id(UNIT(service), name);
1854 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1859 s->n_connections ++;
1861 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1865 /* Notify clients about changed counters */
1866 unit_add_to_dbus_queue(UNIT(s));
1872 log_unit_warning(UNIT(s)->id, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1873 UNIT(s)->id, cfd >= 0 ? "template" : "non-template",
1874 bus_error_message(&error, r));
1876 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1880 static void socket_run_next(Socket *s) {
1884 assert(s->control_command);
1885 assert(s->control_command->command_next);
1887 socket_unwatch_control_pid(s);
1889 s->control_command = s->control_command->command_next;
1891 r = socket_spawn(s, s->control_command, &s->control_pid);
1898 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run next task: %m", UNIT(s)->id);
1900 if (s->state == SOCKET_START_POST)
1901 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1902 else if (s->state == SOCKET_STOP_POST)
1903 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1905 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1908 static int socket_start(Unit *u) {
1909 Socket *s = SOCKET(u);
1913 /* We cannot fulfill this request right now, try again later
1915 if (IN_SET(s->state,
1917 SOCKET_STOP_PRE_SIGKILL,
1918 SOCKET_STOP_PRE_SIGTERM,
1920 SOCKET_FINAL_SIGTERM,
1921 SOCKET_FINAL_SIGKILL))
1924 /* Already on it! */
1925 if (IN_SET(s->state,
1931 /* Cannot run this without the service being around */
1932 if (UNIT_ISSET(s->service)) {
1935 service = SERVICE(UNIT_DEREF(s->service));
1937 if (UNIT(service)->load_state != UNIT_LOADED) {
1938 log_unit_error(u->id, "Socket service %s not loaded, refusing.", UNIT(service)->id);
1942 /* If the service is already active we cannot start the
1944 if (service->state != SERVICE_DEAD &&
1945 service->state != SERVICE_FAILED &&
1946 service->state != SERVICE_AUTO_RESTART) {
1947 log_unit_error(u->id, "Socket service %s already active, refusing.", UNIT(service)->id);
1952 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1954 s->result = SOCKET_SUCCESS;
1955 socket_enter_start_pre(s);
1960 static int socket_stop(Unit *u) {
1961 Socket *s = SOCKET(u);
1966 if (IN_SET(s->state,
1968 SOCKET_STOP_PRE_SIGTERM,
1969 SOCKET_STOP_PRE_SIGKILL,
1971 SOCKET_FINAL_SIGTERM,
1972 SOCKET_FINAL_SIGKILL))
1975 /* If there's already something running we go directly into
1977 if (IN_SET(s->state,
1980 SOCKET_START_POST)) {
1981 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
1985 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1987 socket_enter_stop_pre(s, SOCKET_SUCCESS);
1991 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1992 Socket *s = SOCKET(u);
2000 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2001 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2002 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2004 if (s->control_pid > 0)
2005 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2007 if (s->control_command_id >= 0)
2008 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2010 LIST_FOREACH(port, p, s->ports) {
2016 copy = fdset_put_dup(fds, p->fd);
2020 if (p->type == SOCKET_SOCKET) {
2021 _cleanup_free_ char *t = NULL;
2023 r = socket_address_print(&p->address, &t);
2027 if (socket_address_family(&p->address) == AF_NETLINK)
2028 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2030 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2032 } else if (p->type == SOCKET_SPECIAL)
2033 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2034 else if (p->type == SOCKET_MQUEUE)
2035 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2037 assert(p->type == SOCKET_FIFO);
2038 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2045 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2046 Socket *s = SOCKET(u);
2052 if (streq(key, "state")) {
2055 state = socket_state_from_string(value);
2057 log_unit_debug(u->id, "Failed to parse state value %s", value);
2059 s->deserialized_state = state;
2060 } else if (streq(key, "result")) {
2063 f = socket_result_from_string(value);
2065 log_unit_debug(u->id, "Failed to parse result value %s", value);
2066 else if (f != SOCKET_SUCCESS)
2069 } else if (streq(key, "n-accepted")) {
2072 if (safe_atou(value, &k) < 0)
2073 log_unit_debug(u->id, "Failed to parse n-accepted value %s", value);
2076 } else if (streq(key, "control-pid")) {
2079 if (parse_pid(value, &pid) < 0)
2080 log_unit_debug(u->id, "Failed to parse control-pid value %s", value);
2082 s->control_pid = pid;
2083 } else if (streq(key, "control-command")) {
2084 SocketExecCommand id;
2086 id = socket_exec_command_from_string(value);
2088 log_unit_debug(u->id, "Failed to parse exec-command value %s", value);
2090 s->control_command_id = id;
2091 s->control_command = s->exec_command[id];
2093 } else if (streq(key, "fifo")) {
2097 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2098 log_unit_debug(u->id, "Failed to parse fifo value %s", value);
2101 LIST_FOREACH(port, p, s->ports)
2102 if (p->type == SOCKET_FIFO &&
2103 streq_ptr(p->path, value+skip))
2108 p->fd = fdset_remove(fds, fd);
2112 } else if (streq(key, "special")) {
2116 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2117 log_unit_debug(u->id, "Failed to parse special value %s", value);
2120 LIST_FOREACH(port, p, s->ports)
2121 if (p->type == SOCKET_SPECIAL &&
2122 streq_ptr(p->path, value+skip))
2127 p->fd = fdset_remove(fds, fd);
2131 } else if (streq(key, "mqueue")) {
2135 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2136 log_unit_debug(u->id, "Failed to parse mqueue value %s", value);
2139 LIST_FOREACH(port, p, s->ports)
2140 if (p->type == SOCKET_MQUEUE &&
2141 streq_ptr(p->path, value+skip))
2146 p->fd = fdset_remove(fds, fd);
2150 } else if (streq(key, "socket")) {
2151 int fd, type, skip = 0;
2154 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2155 log_unit_debug(u->id, "Failed to parse socket value %s", value);
2158 LIST_FOREACH(port, p, s->ports)
2159 if (socket_address_is(&p->address, value+skip, type))
2164 p->fd = fdset_remove(fds, fd);
2168 } else if (streq(key, "netlink")) {
2172 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2173 log_unit_debug(u->id, "Failed to parse socket value %s", value);
2176 LIST_FOREACH(port, p, s->ports)
2177 if (socket_address_is_netlink(&p->address, value+skip))
2182 p->fd = fdset_remove(fds, fd);
2186 log_unit_debug(UNIT(s)->id, "Unknown serialization key '%s'", key);
2191 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2192 Socket *s = SOCKET(u);
2197 LIST_FOREACH(port, p, s->ports) {
2201 if (p->type != SOCKET_SOCKET)
2207 FDSET_FOREACH(fd, fds, i) {
2208 if (socket_address_matches_fd(&p->address, fd)) {
2209 p->fd = fdset_remove(fds, fd);
2210 s->deserialized_state = SOCKET_LISTENING;
2219 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2222 return state_translation_table[SOCKET(u)->state];
2225 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2228 return socket_state_to_string(SOCKET(u)->state);
2231 const char* socket_port_type_to_string(SocketPort *p) {
2239 switch (p->address.type) {
2247 case SOCK_SEQPACKET:
2248 return "SequentialPacket";
2251 if (socket_address_family(&p->address) == AF_NETLINK)
2258 case SOCKET_SPECIAL:
2262 return "MessageQueue";
2272 _pure_ static bool socket_check_gc(Unit *u) {
2273 Socket *s = SOCKET(u);
2277 return s->n_connections > 0;
2280 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2281 SocketPort *p = userdata;
2287 if (p->socket->state != SOCKET_LISTENING)
2290 log_unit_debug(UNIT(p->socket)->id, "Incoming traffic on %s", UNIT(p->socket)->id);
2292 if (revents != EPOLLIN) {
2294 if (revents & EPOLLHUP)
2295 log_unit_error(UNIT(p->socket)->id, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
2296 UNIT(p->socket)->id);
2298 log_unit_error(UNIT(p->socket)->id, "%s: Got unexpected poll event (0x%x) on socket.",
2299 UNIT(p->socket)->id, revents);
2304 if (p->socket->accept &&
2305 p->type == SOCKET_SOCKET &&
2306 socket_address_can_accept(&p->address)) {
2310 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2316 log_unit_error(UNIT(p->socket)->id,
2317 "Failed to accept socket: %m");
2324 socket_apply_socket_options(p->socket, cfd);
2327 socket_enter_running(p->socket, cfd);
2331 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2335 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2336 Socket *s = SOCKET(u);
2342 if (pid != s->control_pid)
2347 if (is_clean_exit(code, status, NULL))
2349 else if (code == CLD_EXITED)
2350 f = SOCKET_FAILURE_EXIT_CODE;
2351 else if (code == CLD_KILLED)
2352 f = SOCKET_FAILURE_SIGNAL;
2353 else if (code == CLD_DUMPED)
2354 f = SOCKET_FAILURE_CORE_DUMP;
2356 assert_not_reached("Unknown sigchld code");
2358 if (s->control_command) {
2359 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2361 if (s->control_command->ignore)
2365 log_unit_full(u->id,
2366 f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
2367 "%s control process exited, code=%s status=%i",
2368 u->id, sigchld_code_to_string(code), status);
2370 if (f != SOCKET_SUCCESS)
2373 if (s->control_command &&
2374 s->control_command->command_next &&
2375 f == SOCKET_SUCCESS) {
2377 log_unit_debug(u->id,
2378 "%s running next command for state %s",
2379 u->id, socket_state_to_string(s->state));
2382 s->control_command = NULL;
2383 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2385 /* No further commands for this step, so let's figure
2386 * out what to do next */
2388 log_unit_debug(u->id,
2389 "%s got final SIGCHLD for state %s",
2390 u->id, socket_state_to_string(s->state));
2394 case SOCKET_START_PRE:
2395 if (f == SOCKET_SUCCESS)
2396 socket_enter_start_chown(s);
2398 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2401 case SOCKET_START_CHOWN:
2402 if (f == SOCKET_SUCCESS)
2403 socket_enter_start_post(s);
2405 socket_enter_stop_pre(s, f);
2408 case SOCKET_START_POST:
2409 if (f == SOCKET_SUCCESS)
2410 socket_enter_listening(s);
2412 socket_enter_stop_pre(s, f);
2415 case SOCKET_STOP_PRE:
2416 case SOCKET_STOP_PRE_SIGTERM:
2417 case SOCKET_STOP_PRE_SIGKILL:
2418 socket_enter_stop_post(s, f);
2421 case SOCKET_STOP_POST:
2422 case SOCKET_FINAL_SIGTERM:
2423 case SOCKET_FINAL_SIGKILL:
2424 socket_enter_dead(s, f);
2428 assert_not_reached("Uh, control process died at wrong time.");
2432 /* Notify clients about changed exit status */
2433 unit_add_to_dbus_queue(u);
2436 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2437 Socket *s = SOCKET(userdata);
2440 assert(s->timer_event_source == source);
2444 case SOCKET_START_PRE:
2445 log_unit_warning(UNIT(s)->id, "%s starting timed out. Terminating.", UNIT(s)->id);
2446 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2449 case SOCKET_START_CHOWN:
2450 case SOCKET_START_POST:
2451 log_unit_warning(UNIT(s)->id, "%s starting timed out. Stopping.", UNIT(s)->id);
2452 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2455 case SOCKET_STOP_PRE:
2456 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Terminating.", UNIT(s)->id);
2457 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2460 case SOCKET_STOP_PRE_SIGTERM:
2461 if (s->kill_context.send_sigkill) {
2462 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Killing.", UNIT(s)->id);
2463 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2465 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2466 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2470 case SOCKET_STOP_PRE_SIGKILL:
2471 log_unit_warning(UNIT(s)->id, "%s still around after SIGKILL. Ignoring.", UNIT(s)->id);
2472 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2475 case SOCKET_STOP_POST:
2476 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Terminating.", UNIT(s)->id);
2477 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2480 case SOCKET_FINAL_SIGTERM:
2481 if (s->kill_context.send_sigkill) {
2482 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Killing.", UNIT(s)->id);
2483 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2485 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2486 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2490 case SOCKET_FINAL_SIGKILL:
2491 log_unit_warning(UNIT(s)->id, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s)->id);
2492 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2496 assert_not_reached("Timeout at wrong time.");
2502 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2511 /* Called from the service code for requesting our fds */
2514 LIST_FOREACH(port, p, s->ports)
2524 if (!(rfds = new(int, rn_fds)))
2528 LIST_FOREACH(port, p, s->ports)
2532 assert(k == rn_fds);
2540 static void socket_reset_failed(Unit *u) {
2541 Socket *s = SOCKET(u);
2545 if (s->state == SOCKET_FAILED)
2546 socket_set_state(s, SOCKET_DEAD);
2548 s->result = SOCKET_SUCCESS;
2551 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2554 /* The service is dead. Dang!
2556 * This is strictly for one-instance-for-all-connections
2559 if (s->state == SOCKET_RUNNING) {
2560 log_unit_debug(UNIT(s)->id, "%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
2561 if (failed_permanent)
2562 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2564 socket_enter_listening(s);
2568 void socket_connection_unref(Socket *s) {
2571 /* The service is dead. Yay!
2573 * This is strictly for one-instance-per-connection
2576 assert(s->n_connections > 0);
2579 log_unit_debug(UNIT(s)->id, "%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
2582 static void socket_trigger_notify(Unit *u, Unit *other) {
2583 Socket *s = SOCKET(u);
2589 /* Don't propagate state changes from the service if we are
2590 already down or accepting connections */
2591 if ((s->state != SOCKET_RUNNING &&
2592 s->state != SOCKET_LISTENING) ||
2596 if (other->load_state != UNIT_LOADED ||
2597 other->type != UNIT_SERVICE)
2600 se = SERVICE(other);
2602 if (se->state == SERVICE_FAILED)
2603 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2605 if (se->state == SERVICE_DEAD ||
2606 se->state == SERVICE_STOP ||
2607 se->state == SERVICE_STOP_SIGTERM ||
2608 se->state == SERVICE_STOP_SIGKILL ||
2609 se->state == SERVICE_STOP_POST ||
2610 se->state == SERVICE_FINAL_SIGTERM ||
2611 se->state == SERVICE_FINAL_SIGKILL ||
2612 se->state == SERVICE_AUTO_RESTART)
2613 socket_notify_service_dead(s, false);
2615 if (se->state == SERVICE_RUNNING)
2616 socket_set_state(s, SOCKET_RUNNING);
2619 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2620 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2623 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2624 Socket *s = SOCKET(u);
2627 if (!s->timer_event_source)
2630 r = sd_event_source_get_time(s->timer_event_source, timeout);
2637 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2638 [SOCKET_DEAD] = "dead",
2639 [SOCKET_START_PRE] = "start-pre",
2640 [SOCKET_START_CHOWN] = "start-chown",
2641 [SOCKET_START_POST] = "start-post",
2642 [SOCKET_LISTENING] = "listening",
2643 [SOCKET_RUNNING] = "running",
2644 [SOCKET_STOP_PRE] = "stop-pre",
2645 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2646 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2647 [SOCKET_STOP_POST] = "stop-post",
2648 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2649 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2650 [SOCKET_FAILED] = "failed"
2653 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2655 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2656 [SOCKET_EXEC_START_PRE] = "StartPre",
2657 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2658 [SOCKET_EXEC_START_POST] = "StartPost",
2659 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2660 [SOCKET_EXEC_STOP_POST] = "StopPost"
2663 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2665 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2666 [SOCKET_SUCCESS] = "success",
2667 [SOCKET_FAILURE_RESOURCES] = "resources",
2668 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2669 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2670 [SOCKET_FAILURE_SIGNAL] = "signal",
2671 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2672 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2675 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2677 const UnitVTable socket_vtable = {
2678 .object_size = sizeof(Socket),
2679 .exec_context_offset = offsetof(Socket, exec_context),
2680 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2681 .kill_context_offset = offsetof(Socket, kill_context),
2682 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2688 .private_section = "Socket",
2690 .init = socket_init,
2691 .done = socket_done,
2692 .load = socket_load,
2694 .coldplug = socket_coldplug,
2696 .dump = socket_dump,
2698 .start = socket_start,
2699 .stop = socket_stop,
2701 .kill = socket_kill,
2703 .get_timeout = socket_get_timeout,
2705 .serialize = socket_serialize,
2706 .deserialize_item = socket_deserialize_item,
2707 .distribute_fds = socket_distribute_fds,
2709 .active_state = socket_active_state,
2710 .sub_state_to_string = socket_sub_state_to_string,
2712 .check_gc = socket_check_gc,
2714 .sigchld_event = socket_sigchld_event,
2716 .trigger_notify = socket_trigger_notify,
2718 .reset_failed = socket_reset_failed,
2720 .bus_interface = "org.freedesktop.systemd1.Socket",
2721 .bus_vtable = bus_socket_vtable,
2722 .bus_set_property = bus_socket_set_property,
2723 .bus_commit_properties = bus_socket_commit_properties,
2725 .status_message_formats = {
2726 /*.starting_stopping = {
2727 [0] = "Starting socket %s...",
2728 [1] = "Stopping socket %s...",
2730 .finished_start_job = {
2731 [JOB_DONE] = "Listening on %s.",
2732 [JOB_FAILED] = "Failed to listen on %s.",
2733 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2734 [JOB_TIMEOUT] = "Timed out starting %s.",
2736 .finished_stop_job = {
2737 [JOB_DONE] = "Closed %s.",
2738 [JOB_FAILED] = "Failed stopping %s.",
2739 [JOB_TIMEOUT] = "Timed out stopping %s.",