1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
26 #include <sys/epoll.h>
28 #include <arpa/inet.h>
29 #include <netinet/tcp.h>
36 #include "path-util.h"
37 #include "unit-name.h"
38 #include "unit-printf.h"
42 #include "exit-status.h"
44 #include "smack-util.h"
46 #include "bus-error.h"
47 #include "selinux-util.h"
48 #include "dbus-socket.h"
52 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
53 [SOCKET_DEAD] = UNIT_INACTIVE,
54 [SOCKET_START_PRE] = UNIT_ACTIVATING,
55 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
56 [SOCKET_START_POST] = UNIT_ACTIVATING,
57 [SOCKET_LISTENING] = UNIT_ACTIVE,
58 [SOCKET_RUNNING] = UNIT_ACTIVE,
59 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
60 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
61 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
62 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
63 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
64 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
65 [SOCKET_FAILED] = UNIT_FAILED
68 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
69 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
71 static void socket_init(Unit *u) {
72 Socket *s = SOCKET(u);
75 assert(u->load_state == UNIT_STUB);
77 s->backlog = SOMAXCONN;
78 s->timeout_usec = u->manager->default_timeout_start_usec;
79 s->directory_mode = 0755;
80 s->socket_mode = 0666;
82 s->max_connections = 64;
89 s->exec_context.std_output = u->manager->default_std_output;
90 s->exec_context.std_error = u->manager->default_std_error;
92 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
95 static void socket_unwatch_control_pid(Socket *s) {
98 if (s->control_pid <= 0)
101 unit_unwatch_pid(UNIT(s), s->control_pid);
105 void socket_free_ports(Socket *s) {
110 while ((p = s->ports)) {
111 LIST_REMOVE(port, s->ports, p);
113 sd_event_source_unref(p->event_source);
121 static void socket_done(Unit *u) {
122 Socket *s = SOCKET(u);
126 socket_free_ports(s);
128 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
129 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
130 s->control_command = NULL;
132 socket_unwatch_control_pid(s);
134 unit_ref_unset(&s->service);
136 free(s->tcp_congestion);
137 s->tcp_congestion = NULL;
139 free(s->bind_to_device);
140 s->bind_to_device = NULL;
143 free(s->smack_ip_in);
144 free(s->smack_ip_out);
146 strv_free(s->symlinks);
151 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
154 static int socket_arm_timer(Socket *s) {
159 if (s->timeout_usec <= 0) {
160 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
164 if (s->timer_event_source) {
165 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
169 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
172 return sd_event_add_time(
173 UNIT(s)->manager->event,
174 &s->timer_event_source,
176 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
177 socket_dispatch_timer, s);
180 int socket_instantiate_service(Socket *s) {
181 _cleanup_free_ char *prefix = NULL, *name = NULL;
187 /* This fills in s->service if it isn't filled in yet. For
188 * Accept=yes sockets we create the next connection service
189 * here. For Accept=no this is mostly a NOP since the service
190 * is figured out at load time anyway. */
192 if (UNIT_DEREF(s->service) || !s->accept)
195 prefix = unit_name_to_prefix(UNIT(s)->id);
199 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
202 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
207 unit_ref_set(&s->service, u);
209 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
212 static bool have_non_accept_socket(Socket *s) {
220 LIST_FOREACH(port, p, s->ports) {
222 if (p->type != SOCKET_SOCKET)
225 if (!socket_address_can_accept(&p->address))
232 static int socket_add_mount_links(Socket *s) {
238 LIST_FOREACH(port, p, s->ports) {
239 const char *path = NULL;
241 if (p->type == SOCKET_SOCKET)
242 path = socket_address_get_path(&p->address);
243 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
249 r = unit_require_mounts_for(UNIT(s), path);
257 static int socket_add_device_link(Socket *s) {
262 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
265 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
266 return unit_add_node_link(UNIT(s), t, false);
269 static int socket_add_default_dependencies(Socket *s) {
273 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
277 if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
278 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
283 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
286 _pure_ static bool socket_has_exec(Socket *s) {
290 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
291 if (s->exec_command[i])
297 static int socket_add_extras(Socket *s) {
303 if (have_non_accept_socket(s)) {
305 if (!UNIT_DEREF(s->service)) {
308 r = unit_load_related_unit(u, ".service", &x);
312 unit_ref_set(&s->service, x);
315 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
320 r = socket_add_mount_links(s);
324 r = socket_add_device_link(s);
328 r = unit_patch_contexts(u);
332 if (socket_has_exec(s)) {
333 r = unit_add_exec_dependencies(u, &s->exec_context);
337 r = unit_add_default_slice(u, &s->cgroup_context);
342 if (u->default_dependencies) {
343 r = socket_add_default_dependencies(s);
351 static const char *socket_find_symlink_target(Socket *s) {
352 const char *found = NULL;
355 LIST_FOREACH(port, p, s->ports) {
356 const char *f = NULL;
365 if (p->address.sockaddr.un.sun_path[0] != 0)
366 f = p->address.sockaddr.un.sun_path;
384 static int socket_verify(Socket *s) {
387 if (UNIT(s)->load_state != UNIT_LOADED)
391 log_unit_error(UNIT(s)->id, "%s lacks Listen setting. Refusing.", UNIT(s)->id);
395 if (s->accept && have_non_accept_socket(s)) {
396 log_unit_error(UNIT(s)->id, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
401 if (s->accept && s->max_connections <= 0) {
402 log_unit_error(UNIT(s)->id, "%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
406 if (s->accept && UNIT_DEREF(s->service)) {
407 log_unit_error(UNIT(s)->id, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
411 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
412 log_unit_error(UNIT(s)->id, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
416 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
417 log_unit_error(UNIT(s)->id, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s)->id);
424 static int socket_load(Unit *u) {
425 Socket *s = SOCKET(u);
429 assert(u->load_state == UNIT_STUB);
431 r = unit_load_fragment_and_dropin(u);
435 if (u->load_state == UNIT_LOADED) {
436 /* This is a new unit? Then let's add in some extras */
437 r = socket_add_extras(s);
442 return socket_verify(s);
445 _const_ static const char* listen_lookup(int family, int type) {
447 if (family == AF_NETLINK)
448 return "ListenNetlink";
450 if (type == SOCK_STREAM)
451 return "ListenStream";
452 else if (type == SOCK_DGRAM)
453 return "ListenDatagram";
454 else if (type == SOCK_SEQPACKET)
455 return "ListenSequentialPacket";
457 assert_not_reached("Unknown socket type");
461 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
462 char time_string[FORMAT_TIMESPAN_MAX];
464 Socket *s = SOCKET(u);
471 prefix = strempty(prefix);
472 prefix2 = strjoina(prefix, "\t");
475 "%sSocket State: %s\n"
477 "%sBindIPv6Only: %s\n"
479 "%sSocketMode: %04o\n"
480 "%sDirectoryMode: %04o\n"
484 "%sTransparent: %s\n"
486 "%sPassCredentials: %s\n"
487 "%sPassSecurity: %s\n"
488 "%sTCPCongestion: %s\n"
489 "%sRemoveOnStop: %s\n"
490 "%sSELinuxContextFromNet: %s\n",
491 prefix, socket_state_to_string(s->state),
492 prefix, socket_result_to_string(s->result),
493 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
495 prefix, s->socket_mode,
496 prefix, s->directory_mode,
497 prefix, yes_no(s->keep_alive),
498 prefix, yes_no(s->no_delay),
499 prefix, yes_no(s->free_bind),
500 prefix, yes_no(s->transparent),
501 prefix, yes_no(s->broadcast),
502 prefix, yes_no(s->pass_cred),
503 prefix, yes_no(s->pass_sec),
504 prefix, strna(s->tcp_congestion),
505 prefix, yes_no(s->remove_on_stop),
506 prefix, yes_no(s->selinux_context_from_net));
508 if (s->control_pid > 0)
510 "%sControl PID: "PID_FMT"\n",
511 prefix, s->control_pid);
513 if (s->bind_to_device)
515 "%sBindToDevice: %s\n",
516 prefix, s->bind_to_device);
521 "%sNConnections: %u\n"
522 "%sMaxConnections: %u\n",
523 prefix, s->n_accepted,
524 prefix, s->n_connections,
525 prefix, s->max_connections);
527 if (s->priority >= 0)
530 prefix, s->priority);
532 if (s->receive_buffer > 0)
534 "%sReceiveBuffer: %zu\n",
535 prefix, s->receive_buffer);
537 if (s->send_buffer > 0)
539 "%sSendBuffer: %zu\n",
540 prefix, s->send_buffer);
552 if (s->pipe_size > 0)
555 prefix, s->pipe_size);
562 if (s->mq_maxmsg > 0)
564 "%sMessageQueueMaxMessages: %li\n",
565 prefix, s->mq_maxmsg);
567 if (s->mq_msgsize > 0)
569 "%sMessageQueueMessageSize: %li\n",
570 prefix, s->mq_msgsize);
575 prefix, yes_no(s->reuse_port));
579 "%sSmackLabel: %s\n",
584 "%sSmackLabelIPIn: %s\n",
585 prefix, s->smack_ip_in);
589 "%sSmackLabelIPOut: %s\n",
590 prefix, s->smack_ip_out);
592 if (!isempty(s->user) || !isempty(s->group))
595 "%sOwnerGroup: %s\n",
596 prefix, strna(s->user),
597 prefix, strna(s->group));
599 if (s->keep_alive_time > 0)
601 "%sKeepAliveTimeSec: %s\n",
602 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
604 if (s->keep_alive_interval)
606 "%sKeepAliveIntervalSec: %s\n",
607 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
609 if (s->keep_alive_cnt)
611 "%sKeepAliveProbes: %u\n",
612 prefix, s->keep_alive_cnt);
616 "%sDeferAcceptSec: %s\n",
617 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
619 LIST_FOREACH(port, p, s->ports) {
621 if (p->type == SOCKET_SOCKET) {
626 if ((r = socket_address_print(&p->address, &k)) < 0)
631 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
633 } else if (p->type == SOCKET_SPECIAL)
634 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
635 else if (p->type == SOCKET_MQUEUE)
636 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
638 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
641 exec_context_dump(&s->exec_context, f, prefix);
642 kill_context_dump(&s->kill_context, f, prefix);
644 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
645 if (!s->exec_command[c])
648 fprintf(f, "%s-> %s:\n",
649 prefix, socket_exec_command_to_string(c));
651 exec_command_dump_list(s->exec_command[c], f, prefix2);
655 static int instance_from_socket(int fd, unsigned nr, char **instance) {
658 union sockaddr_union local, remote;
664 if (getsockname(fd, &local.sa, &l) < 0)
668 if (getpeername(fd, &remote.sa, &l) < 0)
671 switch (local.sa.sa_family) {
675 a = ntohl(local.in.sin_addr.s_addr),
676 b = ntohl(remote.in.sin_addr.s_addr);
679 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
681 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
682 ntohs(local.in.sin_port),
683 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
684 ntohs(remote.in.sin_port)) < 0)
691 static const unsigned char ipv4_prefix[] = {
692 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
695 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
696 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
698 *a = local.in6.sin6_addr.s6_addr+12,
699 *b = remote.in6.sin6_addr.s6_addr+12;
702 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
704 a[0], a[1], a[2], a[3],
705 ntohs(local.in6.sin6_port),
706 b[0], b[1], b[2], b[3],
707 ntohs(remote.in6.sin6_port)) < 0)
710 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
715 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
716 ntohs(local.in6.sin6_port),
717 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
718 ntohs(remote.in6.sin6_port)) < 0)
729 k = getpeercred(fd, &ucred);
732 "%u-"PID_FMT"-"UID_FMT,
733 nr, ucred.pid, ucred.uid) < 0)
735 } else if (k == -ENODATA) {
736 /* This handles the case where somebody is
737 * connecting from another pid/uid namespace
738 * (e.g. from outside of our container). */
750 assert_not_reached("Unhandled socket type.");
757 static void socket_close_fds(Socket *s) {
763 LIST_FOREACH(port, p, s->ports) {
765 p->event_source = sd_event_source_unref(p->event_source);
770 p->fd = safe_close(p->fd);
772 /* One little note: we should normally not delete any
773 * sockets in the file system here! After all some
774 * other process we spawned might still have a
775 * reference of this fd and wants to continue to use
776 * it. Therefore we delete sockets in the file system
777 * before we create a new one, not after we stopped
780 if (s->remove_on_stop) {
792 socket_address_unlink(&p->address);
801 if (s->remove_on_stop)
802 STRV_FOREACH(i, s->symlinks)
806 static void socket_apply_socket_options(Socket *s, int fd) {
813 int b = s->keep_alive;
814 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
815 log_unit_warning(UNIT(s)->id, "SO_KEEPALIVE failed: %m");
818 if (s->keep_alive_time) {
819 int value = s->keep_alive_time / USEC_PER_SEC;
820 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
821 log_unit_warning(UNIT(s)->id, "TCP_KEEPIDLE failed: %m");
824 if (s->keep_alive_interval) {
825 int value = s->keep_alive_interval / USEC_PER_SEC;
826 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
827 log_unit_warning(UNIT(s)->id, "TCP_KEEPINTVL failed: %m");
830 if (s->keep_alive_cnt) {
831 int value = s->keep_alive_cnt;
832 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
833 log_unit_warning(UNIT(s)->id, "TCP_KEEPCNT failed: %m");
836 if (s->defer_accept) {
837 int value = s->defer_accept / USEC_PER_SEC;
838 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
839 log_unit_warning(UNIT(s)->id, "TCP_DEFER_ACCEPT failed: %m");
844 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
845 log_unit_warning(UNIT(s)->id, "TCP_NODELAY failed: %m");
850 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
851 log_unit_warning(UNIT(s)->id, "SO_BROADCAST failed: %m");
856 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
857 log_unit_warning(UNIT(s)->id, "SO_PASSCRED failed: %m");
862 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
863 log_unit_warning(UNIT(s)->id, "SO_PASSSEC failed: %m");
866 if (s->priority >= 0)
867 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
868 log_unit_warning(UNIT(s)->id, "SO_PRIORITY failed: %m");
870 if (s->receive_buffer > 0) {
871 int value = (int) s->receive_buffer;
873 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
875 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
876 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
877 log_unit_warning(UNIT(s)->id, "SO_RCVBUF failed: %m");
880 if (s->send_buffer > 0) {
881 int value = (int) s->send_buffer;
882 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
883 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
884 log_unit_warning(UNIT(s)->id, "SO_SNDBUF failed: %m");
888 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
889 log_unit_warning(UNIT(s)->id, "SO_MARK failed: %m");
892 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
893 log_unit_warning(UNIT(s)->id, "IP_TOS failed: %m");
895 if (s->ip_ttl >= 0) {
898 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
900 if (socket_ipv6_is_supported())
901 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
904 errno = EAFNOSUPPORT;
908 log_unit_warning(UNIT(s)->id,
909 "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
912 if (s->tcp_congestion)
913 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
914 log_unit_warning(UNIT(s)->id, "TCP_CONGESTION failed: %m");
917 int b = s->reuse_port;
918 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
919 log_unit_warning(UNIT(s)->id, "SO_REUSEPORT failed: %m");
922 if (s->smack_ip_in) {
923 r = mac_smack_apply_ip_in_fd(fd, s->smack_ip_in);
925 log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_ip_in_fd: %m");
928 if (s->smack_ip_out) {
929 r = mac_smack_apply_ip_out_fd(fd, s->smack_ip_out);
931 log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_ip_out_fd: %m");
935 static void socket_apply_fifo_options(Socket *s, int fd) {
941 if (s->pipe_size > 0)
942 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
943 log_unit_warning(UNIT(s)->id, "F_SETPIPE_SZ: %m");
946 r = mac_smack_apply_fd(fd, s->smack);
948 log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_fd: %m");
952 static int fifo_address_create(
954 mode_t directory_mode,
965 mkdir_parents_label(path, directory_mode);
967 r = mac_selinux_create_file_prepare(path, S_IFIFO);
971 /* Enforce the right access mode for the fifo */
972 old_mask = umask(~ socket_mode);
974 /* Include the original umask in our mask */
975 umask(~socket_mode | old_mask);
977 r = mkfifo(path, socket_mode);
980 if (r < 0 && errno != EEXIST) {
985 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
990 mac_selinux_create_file_clear();
992 if (fstat(fd, &st) < 0) {
997 if (!S_ISFIFO(st.st_mode) ||
998 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
999 st.st_uid != getuid() ||
1000 st.st_gid != getgid()) {
1010 mac_selinux_create_file_clear();
1016 static int special_address_create(
1026 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1032 if (fstat(fd, &st) < 0) {
1037 /* Check whether this is a /proc, /sys or /dev file or char device */
1038 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1052 static int mq_address_create(
1062 struct mq_attr _attr, *attr = NULL;
1067 if (maxmsg > 0 && msgsize > 0) {
1069 _attr.mq_flags = O_NONBLOCK;
1070 _attr.mq_maxmsg = maxmsg;
1071 _attr.mq_msgsize = msgsize;
1075 /* Enforce the right access mode for the mq */
1076 old_mask = umask(~ mq_mode);
1078 /* Include the original umask in our mask */
1079 umask(~mq_mode | old_mask);
1080 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1088 if (fstat(fd, &st) < 0) {
1093 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1094 st.st_uid != getuid() ||
1095 st.st_gid != getgid()) {
1109 static int socket_symlink(Socket *s) {
1115 p = socket_find_symlink_target(s);
1119 STRV_FOREACH(i, s->symlinks)
1120 symlink_label(p, *i);
1125 static int socket_open_fds(Socket *s) {
1129 bool know_label = false;
1133 LIST_FOREACH(port, p, s->ports) {
1138 if (p->type == SOCKET_SOCKET) {
1141 /* Figure out label, if we don't it know
1142 * yet. We do it once, for the first
1143 * socket where we need this and
1144 * remember it for the rest. */
1146 if (s->selinux_context_from_net) {
1147 /* Get it from the network label */
1149 r = mac_selinux_get_our_label(&label);
1150 if (r < 0 && r != -EOPNOTSUPP)
1154 /* Get it from the executable we are about to start */
1156 r = socket_instantiate_service(s);
1160 if (UNIT_ISSET(s->service) &&
1161 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1162 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1163 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
1171 r = socket_address_listen(
1173 SOCK_CLOEXEC|SOCK_NONBLOCK,
1186 socket_apply_socket_options(s, p->fd);
1189 } else if (p->type == SOCKET_SPECIAL) {
1191 r = special_address_create(
1197 } else if (p->type == SOCKET_FIFO) {
1199 r = fifo_address_create(
1207 socket_apply_fifo_options(s, p->fd);
1210 } else if (p->type == SOCKET_MQUEUE) {
1212 r = mq_address_create(
1221 assert_not_reached("Unknown port type");
1224 mac_selinux_free(label);
1228 socket_close_fds(s);
1229 mac_selinux_free(label);
1234 static void socket_unwatch_fds(Socket *s) {
1240 LIST_FOREACH(port, p, s->ports) {
1244 if (!p->event_source)
1247 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1249 log_unit_debug(UNIT(s)->id, "Failed to disable event source.");
1253 static int socket_watch_fds(Socket *s) {
1259 LIST_FOREACH(port, p, s->ports) {
1263 if (p->event_source)
1264 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1266 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1269 log_unit_warning_errno(UNIT(s)->id, r, "Failed to watch listening fds: %m");
1277 socket_unwatch_fds(s);
1281 static void socket_set_state(Socket *s, SocketState state) {
1282 SocketState old_state;
1285 old_state = s->state;
1293 SOCKET_STOP_PRE_SIGTERM,
1294 SOCKET_STOP_PRE_SIGKILL,
1296 SOCKET_FINAL_SIGTERM,
1297 SOCKET_FINAL_SIGKILL)) {
1299 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1300 socket_unwatch_control_pid(s);
1301 s->control_command = NULL;
1302 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1305 if (state != SOCKET_LISTENING)
1306 socket_unwatch_fds(s);
1314 SOCKET_STOP_PRE_SIGTERM,
1315 SOCKET_STOP_PRE_SIGKILL))
1316 socket_close_fds(s);
1318 if (state != old_state)
1319 log_unit_debug(UNIT(s)->id, "%s changed %s -> %s",
1320 UNIT(s)->id, socket_state_to_string(old_state), socket_state_to_string(state));
1322 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1325 static int socket_coldplug(Unit *u, Hashmap *deferred_work) {
1326 Socket *s = SOCKET(u);
1330 assert(s->state == SOCKET_DEAD);
1332 if (s->deserialized_state == s->state)
1335 if (IN_SET(s->deserialized_state,
1340 SOCKET_STOP_PRE_SIGTERM,
1341 SOCKET_STOP_PRE_SIGKILL,
1343 SOCKET_FINAL_SIGTERM,
1344 SOCKET_FINAL_SIGKILL)) {
1346 if (s->control_pid <= 0)
1349 r = unit_watch_pid(UNIT(s), s->control_pid);
1353 r = socket_arm_timer(s);
1358 if (IN_SET(s->deserialized_state,
1364 SOCKET_STOP_PRE_SIGTERM,
1365 SOCKET_STOP_PRE_SIGKILL)) {
1366 r = socket_open_fds(s);
1371 if (s->deserialized_state == SOCKET_LISTENING) {
1372 r = socket_watch_fds(s);
1377 socket_set_state(s, s->deserialized_state);
1381 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1382 _cleanup_free_ char **argv = NULL;
1385 ExecParameters exec_params = {
1386 .apply_permissions = true,
1387 .apply_chroot = true,
1388 .apply_tty_stdin = true,
1395 (void) unit_realize_cgroup(UNIT(s));
1396 if (s->reset_cpu_usage) {
1397 (void) unit_reset_cpu_usage(UNIT(s));
1398 s->reset_cpu_usage = false;
1401 r = unit_setup_exec_runtime(UNIT(s));
1405 r = socket_arm_timer(s);
1409 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1413 exec_params.argv = argv;
1414 exec_params.environment = UNIT(s)->manager->environment;
1415 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1416 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1417 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1418 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1419 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1420 exec_params.unit_id = UNIT(s)->id;
1430 r = unit_watch_pid(UNIT(s), pid);
1432 /* FIXME: we need to do something here */
1439 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1443 static int socket_chown(Socket *s, pid_t *_pid) {
1447 r = socket_arm_timer(s);
1451 /* We have to resolve the user names out-of-process, hence
1452 * let's fork here. It's messy, but well, what can we do? */
1460 uid_t uid = UID_INVALID;
1461 gid_t gid = GID_INVALID;
1464 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1465 ignore_signals(SIGPIPE, -1);
1468 if (!isempty(s->user)) {
1469 const char *user = s->user;
1471 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1478 if (!isempty(s->group)) {
1479 const char *group = s->group;
1481 r = get_group_creds(&group, &gid);
1488 LIST_FOREACH(port, p, s->ports) {
1489 const char *path = NULL;
1491 if (p->type == SOCKET_SOCKET)
1492 path = socket_address_get_path(&p->address);
1493 else if (p->type == SOCKET_FIFO)
1499 if (chown(path, uid, gid) < 0) {
1510 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1515 r = unit_watch_pid(UNIT(s), pid);
1523 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1527 static void socket_enter_dead(Socket *s, SocketResult f) {
1530 if (f != SOCKET_SUCCESS)
1533 exec_runtime_destroy(s->exec_runtime);
1534 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1536 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1538 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1541 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1543 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1547 if (f != SOCKET_SUCCESS)
1550 socket_unwatch_control_pid(s);
1551 s->control_command_id = SOCKET_EXEC_STOP_POST;
1552 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1554 if (s->control_command) {
1555 r = socket_spawn(s, s->control_command, &s->control_pid);
1559 socket_set_state(s, SOCKET_STOP_POST);
1561 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1566 log_unit_warning(UNIT(s)->id,
1567 "%s failed to run 'stop-post' task: %s",
1568 UNIT(s)->id, strerror(-r));
1569 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1572 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1577 if (f != SOCKET_SUCCESS)
1580 r = unit_kill_context(
1583 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1584 KILL_KILL : KILL_TERMINATE,
1592 r = socket_arm_timer(s);
1596 socket_set_state(s, state);
1597 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1598 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1599 else if (state == SOCKET_STOP_PRE_SIGKILL)
1600 socket_enter_stop_post(s, SOCKET_SUCCESS);
1601 else if (state == SOCKET_FINAL_SIGTERM)
1602 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1604 socket_enter_dead(s, SOCKET_SUCCESS);
1609 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to kill processes: %m", UNIT(s)->id);
1611 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1612 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1614 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1617 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1621 if (f != SOCKET_SUCCESS)
1624 socket_unwatch_control_pid(s);
1625 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1626 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1628 if (s->control_command) {
1629 r = socket_spawn(s, s->control_command, &s->control_pid);
1633 socket_set_state(s, SOCKET_STOP_PRE);
1635 socket_enter_stop_post(s, SOCKET_SUCCESS);
1640 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'stop-pre' task: %m", UNIT(s)->id);
1641 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1644 static void socket_enter_listening(Socket *s) {
1648 r = socket_watch_fds(s);
1650 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to watch sockets: %m", UNIT(s)->id);
1654 socket_set_state(s, SOCKET_LISTENING);
1658 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1661 static void socket_enter_start_post(Socket *s) {
1665 socket_unwatch_control_pid(s);
1666 s->control_command_id = SOCKET_EXEC_START_POST;
1667 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1669 if (s->control_command) {
1670 r = socket_spawn(s, s->control_command, &s->control_pid);
1672 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'start-post' task: %m", UNIT(s)->id);
1676 socket_set_state(s, SOCKET_START_POST);
1678 socket_enter_listening(s);
1683 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1686 static void socket_enter_start_chown(Socket *s) {
1691 r = socket_open_fds(s);
1693 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to listen on sockets: %m", UNIT(s)->id);
1697 if (!isempty(s->user) || !isempty(s->group)) {
1699 socket_unwatch_control_pid(s);
1700 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1701 s->control_command = NULL;
1703 r = socket_chown(s, &s->control_pid);
1705 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to fork 'start-chown' task: %m", UNIT(s)->id);
1709 socket_set_state(s, SOCKET_START_CHOWN);
1711 socket_enter_start_post(s);
1716 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1719 static void socket_enter_start_pre(Socket *s) {
1723 socket_unwatch_control_pid(s);
1724 s->control_command_id = SOCKET_EXEC_START_PRE;
1725 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1727 if (s->control_command) {
1728 r = socket_spawn(s, s->control_command, &s->control_pid);
1730 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'start-pre' task: %m", UNIT(s)->id);
1734 socket_set_state(s, SOCKET_START_PRE);
1736 socket_enter_start_chown(s);
1741 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1744 static void socket_enter_running(Socket *s, int cfd) {
1745 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1750 /* We don't take connections anymore if we are supposed to
1751 * shut down anyway */
1752 if (unit_stop_pending(UNIT(s))) {
1754 log_unit_debug(UNIT(s)->id, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
1759 /* Flush all sockets by closing and reopening them */
1760 socket_close_fds(s);
1762 r = socket_open_fds(s);
1764 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to listen on sockets: %m", UNIT(s)->id);
1765 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1769 r = socket_watch_fds(s);
1771 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to watch sockets: %m", UNIT(s)->id);
1772 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1782 bool pending = false;
1784 /* If there's already a start pending don't bother to
1786 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1787 if (unit_active_or_pending(other)) {
1793 if (!UNIT_ISSET(s->service)) {
1794 log_unit_error(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
1799 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1804 socket_set_state(s, SOCKET_RUNNING);
1806 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1809 if (s->n_connections >= s->max_connections) {
1810 log_unit_warning(UNIT(s)->id, "%s: Too many incoming connections (%u)", UNIT(s)->id, s->n_connections);
1815 r = socket_instantiate_service(s);
1819 r = instance_from_socket(cfd, s->n_accepted, &instance);
1824 /* ENOTCONN is legitimate if TCP RST was received.
1825 * This connection is over, but the socket unit lives on. */
1830 prefix = unit_name_to_prefix(UNIT(s)->id);
1836 name = unit_name_build(prefix, instance, ".service");
1842 r = unit_add_name(UNIT_DEREF(s->service), name);
1846 service = SERVICE(UNIT_DEREF(s->service));
1847 unit_ref_unset(&s->service);
1850 UNIT(service)->no_gc = false;
1852 unit_choose_id(UNIT(service), name);
1854 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1859 s->n_connections ++;
1861 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1865 /* Notify clients about changed counters */
1866 unit_add_to_dbus_queue(UNIT(s));
1872 log_unit_warning(UNIT(s)->id, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1873 UNIT(s)->id, cfd >= 0 ? "template" : "non-template",
1874 bus_error_message(&error, r));
1876 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1880 static void socket_run_next(Socket *s) {
1884 assert(s->control_command);
1885 assert(s->control_command->command_next);
1887 socket_unwatch_control_pid(s);
1889 s->control_command = s->control_command->command_next;
1891 r = socket_spawn(s, s->control_command, &s->control_pid);
1898 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run next task: %m", UNIT(s)->id);
1900 if (s->state == SOCKET_START_POST)
1901 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1902 else if (s->state == SOCKET_STOP_POST)
1903 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1905 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1908 static int socket_start(Unit *u) {
1909 Socket *s = SOCKET(u);
1913 /* We cannot fulfill this request right now, try again later
1915 if (IN_SET(s->state,
1917 SOCKET_STOP_PRE_SIGKILL,
1918 SOCKET_STOP_PRE_SIGTERM,
1920 SOCKET_FINAL_SIGTERM,
1921 SOCKET_FINAL_SIGKILL))
1924 /* Already on it! */
1925 if (IN_SET(s->state,
1931 /* Cannot run this without the service being around */
1932 if (UNIT_ISSET(s->service)) {
1935 service = SERVICE(UNIT_DEREF(s->service));
1937 if (UNIT(service)->load_state != UNIT_LOADED) {
1938 log_unit_error(u->id, "Socket service %s not loaded, refusing.", UNIT(service)->id);
1942 /* If the service is already active we cannot start the
1944 if (service->state != SERVICE_DEAD &&
1945 service->state != SERVICE_FAILED &&
1946 service->state != SERVICE_AUTO_RESTART) {
1947 log_unit_error(u->id, "Socket service %s already active, refusing.", UNIT(service)->id);
1952 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1954 s->result = SOCKET_SUCCESS;
1955 s->reset_cpu_usage = true;
1957 socket_enter_start_pre(s);
1962 static int socket_stop(Unit *u) {
1963 Socket *s = SOCKET(u);
1968 if (IN_SET(s->state,
1970 SOCKET_STOP_PRE_SIGTERM,
1971 SOCKET_STOP_PRE_SIGKILL,
1973 SOCKET_FINAL_SIGTERM,
1974 SOCKET_FINAL_SIGKILL))
1977 /* If there's already something running we go directly into
1979 if (IN_SET(s->state,
1982 SOCKET_START_POST)) {
1983 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
1987 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1989 socket_enter_stop_pre(s, SOCKET_SUCCESS);
1993 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1994 Socket *s = SOCKET(u);
2002 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2003 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2004 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2006 if (s->control_pid > 0)
2007 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2009 if (s->control_command_id >= 0)
2010 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2012 LIST_FOREACH(port, p, s->ports) {
2018 copy = fdset_put_dup(fds, p->fd);
2022 if (p->type == SOCKET_SOCKET) {
2023 _cleanup_free_ char *t = NULL;
2025 r = socket_address_print(&p->address, &t);
2029 if (socket_address_family(&p->address) == AF_NETLINK)
2030 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2032 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2034 } else if (p->type == SOCKET_SPECIAL)
2035 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2036 else if (p->type == SOCKET_MQUEUE)
2037 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2039 assert(p->type == SOCKET_FIFO);
2040 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2047 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2048 Socket *s = SOCKET(u);
2054 if (streq(key, "state")) {
2057 state = socket_state_from_string(value);
2059 log_unit_debug(u->id, "Failed to parse state value %s", value);
2061 s->deserialized_state = state;
2062 } else if (streq(key, "result")) {
2065 f = socket_result_from_string(value);
2067 log_unit_debug(u->id, "Failed to parse result value %s", value);
2068 else if (f != SOCKET_SUCCESS)
2071 } else if (streq(key, "n-accepted")) {
2074 if (safe_atou(value, &k) < 0)
2075 log_unit_debug(u->id, "Failed to parse n-accepted value %s", value);
2078 } else if (streq(key, "control-pid")) {
2081 if (parse_pid(value, &pid) < 0)
2082 log_unit_debug(u->id, "Failed to parse control-pid value %s", value);
2084 s->control_pid = pid;
2085 } else if (streq(key, "control-command")) {
2086 SocketExecCommand id;
2088 id = socket_exec_command_from_string(value);
2090 log_unit_debug(u->id, "Failed to parse exec-command value %s", value);
2092 s->control_command_id = id;
2093 s->control_command = s->exec_command[id];
2095 } else if (streq(key, "fifo")) {
2099 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2100 log_unit_debug(u->id, "Failed to parse fifo value %s", value);
2103 LIST_FOREACH(port, p, s->ports)
2104 if (p->type == SOCKET_FIFO &&
2105 path_equal_or_files_same(p->path, value+skip))
2110 p->fd = fdset_remove(fds, fd);
2114 } else if (streq(key, "special")) {
2118 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2119 log_unit_debug(u->id, "Failed to parse special value %s", value);
2122 LIST_FOREACH(port, p, s->ports)
2123 if (p->type == SOCKET_SPECIAL &&
2124 path_equal_or_files_same(p->path, value+skip))
2129 p->fd = fdset_remove(fds, fd);
2133 } else if (streq(key, "mqueue")) {
2137 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2138 log_unit_debug(u->id, "Failed to parse mqueue value %s", value);
2141 LIST_FOREACH(port, p, s->ports)
2142 if (p->type == SOCKET_MQUEUE &&
2143 streq(p->path, value+skip))
2148 p->fd = fdset_remove(fds, fd);
2152 } else if (streq(key, "socket")) {
2153 int fd, type, skip = 0;
2156 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2157 log_unit_debug(u->id, "Failed to parse socket value %s", value);
2160 LIST_FOREACH(port, p, s->ports)
2161 if (socket_address_is(&p->address, value+skip, type))
2166 p->fd = fdset_remove(fds, fd);
2170 } else if (streq(key, "netlink")) {
2174 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2175 log_unit_debug(u->id, "Failed to parse socket value %s", value);
2178 LIST_FOREACH(port, p, s->ports)
2179 if (socket_address_is_netlink(&p->address, value+skip))
2184 p->fd = fdset_remove(fds, fd);
2188 log_unit_debug(UNIT(s)->id, "Unknown serialization key '%s'", key);
2193 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2194 Socket *s = SOCKET(u);
2199 LIST_FOREACH(port, p, s->ports) {
2203 if (p->type != SOCKET_SOCKET)
2209 FDSET_FOREACH(fd, fds, i) {
2210 if (socket_address_matches_fd(&p->address, fd)) {
2211 p->fd = fdset_remove(fds, fd);
2212 s->deserialized_state = SOCKET_LISTENING;
2221 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2224 return state_translation_table[SOCKET(u)->state];
2227 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2230 return socket_state_to_string(SOCKET(u)->state);
2233 const char* socket_port_type_to_string(SocketPort *p) {
2241 switch (p->address.type) {
2249 case SOCK_SEQPACKET:
2250 return "SequentialPacket";
2253 if (socket_address_family(&p->address) == AF_NETLINK)
2260 case SOCKET_SPECIAL:
2264 return "MessageQueue";
2274 _pure_ static bool socket_check_gc(Unit *u) {
2275 Socket *s = SOCKET(u);
2279 return s->n_connections > 0;
2282 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2283 SocketPort *p = userdata;
2289 if (p->socket->state != SOCKET_LISTENING)
2292 log_unit_debug(UNIT(p->socket)->id, "Incoming traffic on %s", UNIT(p->socket)->id);
2294 if (revents != EPOLLIN) {
2296 if (revents & EPOLLHUP)
2297 log_unit_error(UNIT(p->socket)->id, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
2298 UNIT(p->socket)->id);
2300 log_unit_error(UNIT(p->socket)->id, "%s: Got unexpected poll event (0x%x) on socket.",
2301 UNIT(p->socket)->id, revents);
2306 if (p->socket->accept &&
2307 p->type == SOCKET_SOCKET &&
2308 socket_address_can_accept(&p->address)) {
2312 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2318 log_unit_error(UNIT(p->socket)->id,
2319 "Failed to accept socket: %m");
2326 socket_apply_socket_options(p->socket, cfd);
2329 socket_enter_running(p->socket, cfd);
2333 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2337 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2338 Socket *s = SOCKET(u);
2344 if (pid != s->control_pid)
2349 if (is_clean_exit(code, status, NULL))
2351 else if (code == CLD_EXITED)
2352 f = SOCKET_FAILURE_EXIT_CODE;
2353 else if (code == CLD_KILLED)
2354 f = SOCKET_FAILURE_SIGNAL;
2355 else if (code == CLD_DUMPED)
2356 f = SOCKET_FAILURE_CORE_DUMP;
2358 assert_not_reached("Unknown sigchld code");
2360 if (s->control_command) {
2361 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2363 if (s->control_command->ignore)
2367 log_unit_full(u->id,
2368 f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
2369 "%s control process exited, code=%s status=%i",
2370 u->id, sigchld_code_to_string(code), status);
2372 if (f != SOCKET_SUCCESS)
2375 if (s->control_command &&
2376 s->control_command->command_next &&
2377 f == SOCKET_SUCCESS) {
2379 log_unit_debug(u->id,
2380 "%s running next command for state %s",
2381 u->id, socket_state_to_string(s->state));
2384 s->control_command = NULL;
2385 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2387 /* No further commands for this step, so let's figure
2388 * out what to do next */
2390 log_unit_debug(u->id,
2391 "%s got final SIGCHLD for state %s",
2392 u->id, socket_state_to_string(s->state));
2396 case SOCKET_START_PRE:
2397 if (f == SOCKET_SUCCESS)
2398 socket_enter_start_chown(s);
2400 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2403 case SOCKET_START_CHOWN:
2404 if (f == SOCKET_SUCCESS)
2405 socket_enter_start_post(s);
2407 socket_enter_stop_pre(s, f);
2410 case SOCKET_START_POST:
2411 if (f == SOCKET_SUCCESS)
2412 socket_enter_listening(s);
2414 socket_enter_stop_pre(s, f);
2417 case SOCKET_STOP_PRE:
2418 case SOCKET_STOP_PRE_SIGTERM:
2419 case SOCKET_STOP_PRE_SIGKILL:
2420 socket_enter_stop_post(s, f);
2423 case SOCKET_STOP_POST:
2424 case SOCKET_FINAL_SIGTERM:
2425 case SOCKET_FINAL_SIGKILL:
2426 socket_enter_dead(s, f);
2430 assert_not_reached("Uh, control process died at wrong time.");
2434 /* Notify clients about changed exit status */
2435 unit_add_to_dbus_queue(u);
2438 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2439 Socket *s = SOCKET(userdata);
2442 assert(s->timer_event_source == source);
2446 case SOCKET_START_PRE:
2447 log_unit_warning(UNIT(s)->id, "%s starting timed out. Terminating.", UNIT(s)->id);
2448 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2451 case SOCKET_START_CHOWN:
2452 case SOCKET_START_POST:
2453 log_unit_warning(UNIT(s)->id, "%s starting timed out. Stopping.", UNIT(s)->id);
2454 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2457 case SOCKET_STOP_PRE:
2458 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Terminating.", UNIT(s)->id);
2459 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2462 case SOCKET_STOP_PRE_SIGTERM:
2463 if (s->kill_context.send_sigkill) {
2464 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Killing.", UNIT(s)->id);
2465 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2467 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2468 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2472 case SOCKET_STOP_PRE_SIGKILL:
2473 log_unit_warning(UNIT(s)->id, "%s still around after SIGKILL. Ignoring.", UNIT(s)->id);
2474 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2477 case SOCKET_STOP_POST:
2478 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Terminating.", UNIT(s)->id);
2479 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2482 case SOCKET_FINAL_SIGTERM:
2483 if (s->kill_context.send_sigkill) {
2484 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Killing.", UNIT(s)->id);
2485 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2487 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2488 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2492 case SOCKET_FINAL_SIGKILL:
2493 log_unit_warning(UNIT(s)->id, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s)->id);
2494 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2498 assert_not_reached("Timeout at wrong time.");
2504 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2513 /* Called from the service code for requesting our fds */
2516 LIST_FOREACH(port, p, s->ports)
2526 if (!(rfds = new(int, rn_fds)))
2530 LIST_FOREACH(port, p, s->ports)
2534 assert(k == rn_fds);
2542 static void socket_reset_failed(Unit *u) {
2543 Socket *s = SOCKET(u);
2547 if (s->state == SOCKET_FAILED)
2548 socket_set_state(s, SOCKET_DEAD);
2550 s->result = SOCKET_SUCCESS;
2553 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2556 /* The service is dead. Dang!
2558 * This is strictly for one-instance-for-all-connections
2561 if (s->state == SOCKET_RUNNING) {
2562 log_unit_debug(UNIT(s)->id, "%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
2563 if (failed_permanent)
2564 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2566 socket_enter_listening(s);
2570 void socket_connection_unref(Socket *s) {
2573 /* The service is dead. Yay!
2575 * This is strictly for one-instance-per-connection
2578 assert(s->n_connections > 0);
2581 log_unit_debug(UNIT(s)->id, "%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
2584 static void socket_trigger_notify(Unit *u, Unit *other) {
2585 Socket *s = SOCKET(u);
2591 /* Don't propagate state changes from the service if we are
2592 already down or accepting connections */
2593 if ((s->state != SOCKET_RUNNING &&
2594 s->state != SOCKET_LISTENING) ||
2598 if (other->load_state != UNIT_LOADED ||
2599 other->type != UNIT_SERVICE)
2602 se = SERVICE(other);
2604 if (se->state == SERVICE_FAILED)
2605 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2607 if (se->state == SERVICE_DEAD ||
2608 se->state == SERVICE_FINAL_SIGTERM ||
2609 se->state == SERVICE_FINAL_SIGKILL ||
2610 se->state == SERVICE_AUTO_RESTART)
2611 socket_notify_service_dead(s, false);
2613 if (se->state == SERVICE_RUNNING)
2614 socket_set_state(s, SOCKET_RUNNING);
2617 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2618 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2621 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2622 Socket *s = SOCKET(u);
2625 if (!s->timer_event_source)
2628 r = sd_event_source_get_time(s->timer_event_source, timeout);
2635 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2636 [SOCKET_DEAD] = "dead",
2637 [SOCKET_START_PRE] = "start-pre",
2638 [SOCKET_START_CHOWN] = "start-chown",
2639 [SOCKET_START_POST] = "start-post",
2640 [SOCKET_LISTENING] = "listening",
2641 [SOCKET_RUNNING] = "running",
2642 [SOCKET_STOP_PRE] = "stop-pre",
2643 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2644 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2645 [SOCKET_STOP_POST] = "stop-post",
2646 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2647 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2648 [SOCKET_FAILED] = "failed"
2651 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2653 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2654 [SOCKET_EXEC_START_PRE] = "StartPre",
2655 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2656 [SOCKET_EXEC_START_POST] = "StartPost",
2657 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2658 [SOCKET_EXEC_STOP_POST] = "StopPost"
2661 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2663 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2664 [SOCKET_SUCCESS] = "success",
2665 [SOCKET_FAILURE_RESOURCES] = "resources",
2666 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2667 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2668 [SOCKET_FAILURE_SIGNAL] = "signal",
2669 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2670 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2673 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2675 const UnitVTable socket_vtable = {
2676 .object_size = sizeof(Socket),
2677 .exec_context_offset = offsetof(Socket, exec_context),
2678 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2679 .kill_context_offset = offsetof(Socket, kill_context),
2680 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2686 .private_section = "Socket",
2688 .init = socket_init,
2689 .done = socket_done,
2690 .load = socket_load,
2692 .coldplug = socket_coldplug,
2694 .dump = socket_dump,
2696 .start = socket_start,
2697 .stop = socket_stop,
2699 .kill = socket_kill,
2701 .get_timeout = socket_get_timeout,
2703 .serialize = socket_serialize,
2704 .deserialize_item = socket_deserialize_item,
2705 .distribute_fds = socket_distribute_fds,
2707 .active_state = socket_active_state,
2708 .sub_state_to_string = socket_sub_state_to_string,
2710 .check_gc = socket_check_gc,
2712 .sigchld_event = socket_sigchld_event,
2714 .trigger_notify = socket_trigger_notify,
2716 .reset_failed = socket_reset_failed,
2718 .bus_interface = "org.freedesktop.systemd1.Socket",
2719 .bus_vtable = bus_socket_vtable,
2720 .bus_set_property = bus_socket_set_property,
2721 .bus_commit_properties = bus_socket_commit_properties,
2723 .status_message_formats = {
2724 /*.starting_stopping = {
2725 [0] = "Starting socket %s...",
2726 [1] = "Stopping socket %s...",
2728 .finished_start_job = {
2729 [JOB_DONE] = "Listening on %s.",
2730 [JOB_FAILED] = "Failed to listen on %s.",
2731 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2732 [JOB_TIMEOUT] = "Timed out starting %s.",
2734 .finished_stop_job = {
2735 [JOB_DONE] = "Closed %s.",
2736 [JOB_FAILED] = "Failed stopping %s.",
2737 [JOB_TIMEOUT] = "Timed out stopping %s.",