X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fcore%2Fsocket.c;h=9606ac2b1c33b085e763f9dde64d3a28a170db42;hb=cbecf9bf929318533fea798c57c10efcf6b2b447;hp=4fb4b991e2e913f4521a232dccd88d9524693b59;hpb=e5a1c18d706c4d5e16100fe4fb8a07a80f2fa339;p=elogind.git
diff --git a/src/core/socket.c b/src/core/socket.c
index 4fb4b991e..9606ac2b1 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -19,7 +19,6 @@
along with systemd; If not, see .
***/
-#include
#include
#include
#include
@@ -29,12 +28,9 @@
#include
#include
#include
-#include
#include "sd-event.h"
#include "log.h"
-#include "load-dropin.h"
-#include "load-fragment.h"
#include "strv.h"
#include "mkdir.h"
#include "path-util.h"
@@ -48,6 +44,7 @@
#include "smack-util.h"
#include "bus-util.h"
#include "bus-error.h"
+#include "selinux-util.h"
#include "dbus-socket.h"
#include "unit.h"
#include "socket.h"
@@ -180,9 +177,8 @@ static int socket_arm_timer(Socket *s) {
socket_dispatch_timer, s);
}
-static int socket_instantiate_service(Socket *s) {
- _cleanup_free_ char *prefix = NULL;
- _cleanup_free_ char *name = NULL;
+int socket_instantiate_service(Socket *s) {
+ _cleanup_free_ char *prefix = NULL, *name = NULL;
int r;
Unit *u;
@@ -193,11 +189,9 @@ static int socket_instantiate_service(Socket *s) {
* here. For Accept=no this is mostly a NOP since the service
* is figured out at load time anyway. */
- if (UNIT_DEREF(s->service))
+ if (UNIT_DEREF(s->service) || !s->accept)
return 0;
- assert(s->accept);
-
prefix = unit_name_to_prefix(UNIT(s)->id);
if (!prefix)
return -ENOMEM;
@@ -209,13 +203,6 @@ static int socket_instantiate_service(Socket *s) {
if (r < 0)
return r;
-#ifdef HAVE_SYSV_COMPAT
- if (SERVICE(u)->is_sysv) {
- log_error("Using SysV services for socket activation is not supported. Refusing.");
- return -ENOENT;
- }
-#endif
-
u->no_gc = true;
unit_ref_set(&s->service, u);
@@ -275,7 +262,7 @@ static int socket_add_device_link(Socket *s) {
if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
return 0;
- t = strappenda("/sys/subsystem/net/devices/", s->bind_to_device);
+ t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
return unit_add_node_link(UNIT(s), t, false);
}
@@ -401,33 +388,33 @@ static int socket_verify(Socket *s) {
return 0;
if (!s->ports) {
- log_error_unit(UNIT(s)->id, "%s lacks Listen setting. Refusing.", UNIT(s)->id);
+ log_unit_error(UNIT(s)->id, "%s lacks Listen setting. Refusing.", UNIT(s)->id);
return -EINVAL;
}
if (s->accept && have_non_accept_socket(s)) {
- log_error_unit(UNIT(s)->id, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
+ log_unit_error(UNIT(s)->id, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
UNIT(s)->id);
return -EINVAL;
}
if (s->accept && s->max_connections <= 0) {
- log_error_unit(UNIT(s)->id, "%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
+ log_unit_error(UNIT(s)->id, "%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
return -EINVAL;
}
if (s->accept && UNIT_DEREF(s->service)) {
- log_error_unit(UNIT(s)->id, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
+ log_unit_error(UNIT(s)->id, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
return -EINVAL;
}
if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
- log_error_unit(UNIT(s)->id, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
+ log_unit_error(UNIT(s)->id, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
return -EINVAL;
}
if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
- log_error_unit(UNIT(s)->id, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s)->id);
+ log_unit_error(UNIT(s)->id, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s)->id);
return -EINVAL;
}
@@ -472,6 +459,7 @@ _const_ static const char* listen_lookup(int family, int type) {
}
static void socket_dump(Unit *u, FILE *f, const char *prefix) {
+ char time_string[FORMAT_TIMESPAN_MAX];
SocketExecCommand c;
Socket *s = SOCKET(u);
SocketPort *p;
@@ -480,7 +468,8 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
assert(s);
assert(f);
- prefix2 = strappenda(prefix, "\t");
+ prefix = strempty(prefix);
+ prefix2 = strjoina(prefix, "\t");
fprintf(f,
"%sSocket State: %s\n"
@@ -490,13 +479,15 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
"%sSocketMode: %04o\n"
"%sDirectoryMode: %04o\n"
"%sKeepAlive: %s\n"
+ "%sNoDelay: %s\n"
"%sFreeBind: %s\n"
"%sTransparent: %s\n"
"%sBroadcast: %s\n"
"%sPassCredentials: %s\n"
"%sPassSecurity: %s\n"
"%sTCPCongestion: %s\n"
- "%sRemoveOnStop: %s\n",
+ "%sRemoveOnStop: %s\n"
+ "%sSELinuxContextFromNet: %s\n",
prefix, socket_state_to_string(s->state),
prefix, socket_result_to_string(s->result),
prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
@@ -504,13 +495,15 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
prefix, s->socket_mode,
prefix, s->directory_mode,
prefix, yes_no(s->keep_alive),
+ prefix, yes_no(s->no_delay),
prefix, yes_no(s->free_bind),
prefix, yes_no(s->transparent),
prefix, yes_no(s->broadcast),
prefix, yes_no(s->pass_cred),
prefix, yes_no(s->pass_sec),
prefix, strna(s->tcp_congestion),
- prefix, yes_no(s->remove_on_stop));
+ prefix, yes_no(s->remove_on_stop),
+ prefix, yes_no(s->selinux_context_from_net));
if (s->control_pid > 0)
fprintf(f,
@@ -603,6 +596,26 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
prefix, strna(s->user),
prefix, strna(s->group));
+ if (s->keep_alive_time > 0)
+ fprintf(f,
+ "%sKeepAliveTimeSec: %s\n",
+ prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
+
+ if (s->keep_alive_interval)
+ fprintf(f,
+ "%sKeepAliveIntervalSec: %s\n",
+ prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
+
+ if (s->keep_alive_cnt)
+ fprintf(f,
+ "%sKeepAliveProbes: %u\n",
+ prefix, s->keep_alive_cnt);
+
+ if (s->defer_accept)
+ fprintf(f,
+ "%sDeferAcceptSec: %s\n",
+ prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
+
LIST_FOREACH(port, p, s->ports) {
if (p->type == SOCKET_SOCKET) {
@@ -791,36 +804,68 @@ static void socket_close_fds(Socket *s) {
}
static void socket_apply_socket_options(Socket *s, int fd) {
+ int r;
+
assert(s);
assert(fd >= 0);
if (s->keep_alive) {
int b = s->keep_alive;
if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
- log_warning_unit(UNIT(s)->id, "SO_KEEPALIVE failed: %m");
+ log_unit_warning(UNIT(s)->id, "SO_KEEPALIVE failed: %m");
+ }
+
+ if (s->keep_alive_time) {
+ int value = s->keep_alive_time / USEC_PER_SEC;
+ if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
+ log_unit_warning(UNIT(s)->id, "TCP_KEEPIDLE failed: %m");
+ }
+
+ if (s->keep_alive_interval) {
+ int value = s->keep_alive_interval / USEC_PER_SEC;
+ if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
+ log_unit_warning(UNIT(s)->id, "TCP_KEEPINTVL failed: %m");
+ }
+
+ if (s->keep_alive_cnt) {
+ int value = s->keep_alive_cnt;
+ if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
+ log_unit_warning(UNIT(s)->id, "TCP_KEEPCNT failed: %m");
+ }
+
+ if (s->defer_accept) {
+ int value = s->defer_accept / USEC_PER_SEC;
+ if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
+ log_unit_warning(UNIT(s)->id, "TCP_DEFER_ACCEPT failed: %m");
+ }
+
+ if (s->no_delay) {
+ int b = s->no_delay;
+ if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
+ log_unit_warning(UNIT(s)->id, "TCP_NODELAY failed: %m");
}
if (s->broadcast) {
int one = 1;
if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
- log_warning_unit(UNIT(s)->id, "SO_BROADCAST failed: %m");
+ log_unit_warning(UNIT(s)->id, "SO_BROADCAST failed: %m");
}
if (s->pass_cred) {
int one = 1;
if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
- log_warning_unit(UNIT(s)->id, "SO_PASSCRED failed: %m");
+ log_unit_warning(UNIT(s)->id, "SO_PASSCRED failed: %m");
}
if (s->pass_sec) {
int one = 1;
if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
- log_warning_unit(UNIT(s)->id, "SO_PASSSEC failed: %m");
+ log_unit_warning(UNIT(s)->id, "SO_PASSSEC failed: %m");
}
if (s->priority >= 0)
if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
- log_warning_unit(UNIT(s)->id, "SO_PRIORITY failed: %m");
+ log_unit_warning(UNIT(s)->id, "SO_PRIORITY failed: %m");
if (s->receive_buffer > 0) {
int value = (int) s->receive_buffer;
@@ -829,26 +874,26 @@ static void socket_apply_socket_options(Socket *s, int fd) {
if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
- log_warning_unit(UNIT(s)->id, "SO_RCVBUF failed: %m");
+ log_unit_warning(UNIT(s)->id, "SO_RCVBUF failed: %m");
}
if (s->send_buffer > 0) {
int value = (int) s->send_buffer;
if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
- log_warning_unit(UNIT(s)->id, "SO_SNDBUF failed: %m");
+ log_unit_warning(UNIT(s)->id, "SO_SNDBUF failed: %m");
}
if (s->mark >= 0)
if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
- log_warning_unit(UNIT(s)->id, "SO_MARK failed: %m");
+ log_unit_warning(UNIT(s)->id, "SO_MARK failed: %m");
if (s->ip_tos >= 0)
if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
- log_warning_unit(UNIT(s)->id, "IP_TOS failed: %m");
+ log_unit_warning(UNIT(s)->id, "IP_TOS failed: %m");
if (s->ip_ttl >= 0) {
- int r, x;
+ int x;
r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
@@ -860,41 +905,48 @@ static void socket_apply_socket_options(Socket *s, int fd) {
}
if (r < 0 && x < 0)
- log_warning_unit(UNIT(s)->id,
+ log_unit_warning(UNIT(s)->id,
"IP_TTL/IPV6_UNICAST_HOPS failed: %m");
}
if (s->tcp_congestion)
if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
- log_warning_unit(UNIT(s)->id, "TCP_CONGESTION failed: %m");
+ log_unit_warning(UNIT(s)->id, "TCP_CONGESTION failed: %m");
if (s->reuse_port) {
int b = s->reuse_port;
if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
- log_warning_unit(UNIT(s)->id, "SO_REUSEPORT failed: %m");
+ log_unit_warning(UNIT(s)->id, "SO_REUSEPORT failed: %m");
}
- if (s->smack_ip_in)
- if (smack_label_ip_in_fd(fd, s->smack_ip_in) < 0)
- log_error_unit(UNIT(s)->id, "smack_label_ip_in_fd: %m");
+ if (s->smack_ip_in) {
+ r = mac_smack_apply_ip_in_fd(fd, s->smack_ip_in);
+ if (r < 0)
+ log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_ip_in_fd: %m");
+ }
- if (s->smack_ip_out)
- if (smack_label_ip_out_fd(fd, s->smack_ip_out) < 0)
- log_error_unit(UNIT(s)->id, "smack_label_ip_out_fd: %m");
+ if (s->smack_ip_out) {
+ r = mac_smack_apply_ip_out_fd(fd, s->smack_ip_out);
+ if (r < 0)
+ log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_ip_out_fd: %m");
+ }
}
static void socket_apply_fifo_options(Socket *s, int fd) {
+ int r;
+
assert(s);
assert(fd >= 0);
if (s->pipe_size > 0)
if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
- log_warning_unit(UNIT(s)->id,
- "F_SETPIPE_SZ: %m");
+ log_unit_warning(UNIT(s)->id, "F_SETPIPE_SZ: %m");
- if (s->smack)
- if (smack_label_fd(fd, s->smack) < 0)
- log_error_unit(UNIT(s)->id, "smack_label_fd: %m");
+ if (s->smack) {
+ r = mac_smack_apply_fd(fd, s->smack);
+ if (r < 0)
+ log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_fd: %m");
+ }
}
static int fifo_address_create(
@@ -912,7 +964,7 @@ static int fifo_address_create(
mkdir_parents_label(path, directory_mode);
- r = label_context_set(path, S_IFIFO);
+ r = mac_selinux_create_file_prepare(path, S_IFIFO);
if (r < 0)
goto fail;
@@ -935,7 +987,7 @@ static int fifo_address_create(
goto fail;
}
- label_context_clear();
+ mac_selinux_create_file_clear();
if (fstat(fd, &st) < 0) {
r = -errno;
@@ -955,7 +1007,7 @@ static int fifo_address_create(
return 0;
fail:
- label_context_clear();
+ mac_selinux_create_file_clear();
safe_close(fd);
return r;
@@ -1065,7 +1117,7 @@ static int socket_symlink(Socket *s) {
return 0;
STRV_FOREACH(i, s->symlinks)
- symlink(p, *i);
+ symlink_label(p, *i);
return 0;
}
@@ -1086,16 +1138,31 @@ static int socket_open_fds(Socket *s) {
if (p->type == SOCKET_SOCKET) {
if (!know_label) {
-
- r = socket_instantiate_service(s);
- if (r < 0)
- return r;
-
- if (UNIT_ISSET(s->service) &&
- SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
- r = label_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
- if (r < 0 && r != -EPERM)
- return r;
+ /* Figure out label, if we don't it know
+ * yet. We do it once, for the first
+ * socket where we need this and
+ * remember it for the rest. */
+
+ if (s->selinux_context_from_net) {
+ /* Get it from the network label */
+
+ r = mac_selinux_get_our_label(&label);
+ if (r < 0 && r != -EOPNOTSUPP)
+ goto rollback;
+
+ } else {
+ /* Get it from the executable we are about to start */
+
+ r = socket_instantiate_service(s);
+ if (r < 0)
+ goto rollback;
+
+ if (UNIT_ISSET(s->service) &&
+ SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
+ r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
+ if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
+ goto rollback;
+ }
}
know_label = true;
@@ -1154,12 +1221,13 @@ static int socket_open_fds(Socket *s) {
assert_not_reached("Unknown port type");
}
- label_free(label);
+ mac_selinux_free(label);
return 0;
rollback:
socket_close_fds(s);
- label_free(label);
+ mac_selinux_free(label);
+
return r;
}
@@ -1178,7 +1246,7 @@ static void socket_unwatch_fds(Socket *s) {
r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
if (r < 0)
- log_debug_unit(UNIT(s)->id, "Failed to disable event source.");
+ log_unit_debug(UNIT(s)->id, "Failed to disable event source.");
}
}
@@ -1198,7 +1266,7 @@ static int socket_watch_fds(Socket *s) {
r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
if (r < 0) {
- log_warning_unit(UNIT(s)->id, "Failed to watch listening fds: %s", strerror(-r));
+ log_unit_warning_errno(UNIT(s)->id, r, "Failed to watch listening fds: %m");
goto fail;
}
}
@@ -1248,7 +1316,7 @@ static void socket_set_state(Socket *s, SocketState state) {
socket_close_fds(s);
if (state != old_state)
- log_debug_unit(UNIT(s)->id, "%s changed %s -> %s",
+ log_unit_debug(UNIT(s)->id, "%s changed %s -> %s",
UNIT(s)->id, socket_state_to_string(old_state), socket_state_to_string(state));
unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
@@ -1314,12 +1382,21 @@ static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
_cleanup_free_ char **argv = NULL;
pid_t pid;
int r;
+ ExecParameters exec_params = {
+ .apply_permissions = true,
+ .apply_chroot = true,
+ .apply_tty_stdin = true,
+ };
assert(s);
assert(c);
assert(_pid);
- unit_realize_cgroup(UNIT(s));
+ (void) unit_realize_cgroup(UNIT(s));
+ if (s->reset_cpu_usage) {
+ (void) unit_reset_cpu_usage(UNIT(s));
+ s->reset_cpu_usage = false;
+ }
r = unit_setup_exec_runtime(UNIT(s));
if (r < 0)
@@ -1333,23 +1410,22 @@ static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
if (r < 0)
goto fail;
+ exec_params.argv = argv;
+ exec_params.environment = UNIT(s)->manager->environment;
+ exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
+ exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
+ exec_params.cgroup_path = UNIT(s)->cgroup_path;
+ exec_params.cgroup_delegate = s->cgroup_context.delegate;
+ exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
+ exec_params.unit_id = UNIT(s)->id;
+
r = exec_spawn(c,
- argv,
&s->exec_context,
- NULL, 0,
- UNIT(s)->manager->environment,
- true,
- true,
- true,
- UNIT(s)->manager->confirm_spawn,
- UNIT(s)->manager->cgroup_supported,
- UNIT(s)->cgroup_path,
- manager_get_runtime_prefix(UNIT(s)->manager),
- UNIT(s)->id,
- 0,
- NULL,
+ &exec_params,
s->exec_runtime,
&pid);
+ if (r < 0)
+ goto fail;
r = unit_watch_pid(UNIT(s), pid);
if (r < 0)
@@ -1381,8 +1457,8 @@ static int socket_chown(Socket *s, pid_t *_pid) {
if (pid == 0) {
SocketPort *p;
- uid_t uid = (uid_t) -1;
- gid_t gid = (gid_t) -1;
+ uid_t uid = UID_INVALID;
+ gid_t gid = GID_INVALID;
int ret;
default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
@@ -1431,7 +1507,7 @@ static int socket_chown(Socket *s, pid_t *_pid) {
fail_child:
log_open();
- log_error("Failed to chown socket at step %s: %s", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD), strerror(-r));
+ log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
_exit(ret);
}
@@ -1487,7 +1563,7 @@ static void socket_enter_stop_post(Socket *s, SocketResult f) {
return;
fail:
- log_warning_unit(UNIT(s)->id,
+ log_unit_warning(UNIT(s)->id,
"%s failed to run 'stop-post' task: %s",
UNIT(s)->id, strerror(-r));
socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
@@ -1504,7 +1580,8 @@ static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
r = unit_kill_context(
UNIT(s),
&s->kill_context,
- state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM,
+ (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
+ KILL_KILL : KILL_TERMINATE,
-1,
s->control_pid,
false);
@@ -1529,7 +1606,7 @@ static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
return;
fail:
- log_warning_unit(UNIT(s)->id, "%s failed to kill processes: %s", UNIT(s)->id, strerror(-r));
+ log_unit_warning_errno(UNIT(s)->id, r, "%s failed to kill processes: %m", UNIT(s)->id);
if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
@@ -1560,7 +1637,7 @@ static void socket_enter_stop_pre(Socket *s, SocketResult f) {
return;
fail:
- log_warning_unit(UNIT(s)->id, "%s failed to run 'stop-pre' task: %s", UNIT(s)->id, strerror(-r));
+ log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'stop-pre' task: %m", UNIT(s)->id);
socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
}
@@ -1570,7 +1647,7 @@ static void socket_enter_listening(Socket *s) {
r = socket_watch_fds(s);
if (r < 0) {
- log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
+ log_unit_warning_errno(UNIT(s)->id, r, "%s failed to watch sockets: %m", UNIT(s)->id);
goto fail;
}
@@ -1592,7 +1669,7 @@ static void socket_enter_start_post(Socket *s) {
if (s->control_command) {
r = socket_spawn(s, s->control_command, &s->control_pid);
if (r < 0) {
- log_warning_unit(UNIT(s)->id, "%s failed to run 'start-post' task: %s", UNIT(s)->id, strerror(-r));
+ log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'start-post' task: %m", UNIT(s)->id);
goto fail;
}
@@ -1613,7 +1690,7 @@ static void socket_enter_start_chown(Socket *s) {
r = socket_open_fds(s);
if (r < 0) {
- log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
+ log_unit_warning_errno(UNIT(s)->id, r, "%s failed to listen on sockets: %m", UNIT(s)->id);
goto fail;
}
@@ -1625,7 +1702,7 @@ static void socket_enter_start_chown(Socket *s) {
r = socket_chown(s, &s->control_pid);
if (r < 0) {
- log_warning_unit(UNIT(s)->id, "%s failed to fork 'start-chown' task: %s", UNIT(s)->id, strerror(-r));
+ log_unit_warning_errno(UNIT(s)->id, r, "%s failed to fork 'start-chown' task: %m", UNIT(s)->id);
goto fail;
}
@@ -1650,7 +1727,7 @@ static void socket_enter_start_pre(Socket *s) {
if (s->control_command) {
r = socket_spawn(s, s->control_command, &s->control_pid);
if (r < 0) {
- log_warning_unit(UNIT(s)->id, "%s failed to run 'start-pre' task: %s", UNIT(s)->id, strerror(-r));
+ log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'start-pre' task: %m", UNIT(s)->id);
goto fail;
}
@@ -1674,7 +1751,7 @@ static void socket_enter_running(Socket *s, int cfd) {
* shut down anyway */
if (unit_stop_pending(UNIT(s))) {
- log_debug_unit(UNIT(s)->id, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
+ log_unit_debug(UNIT(s)->id, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
if (cfd >= 0)
safe_close(cfd);
@@ -1684,14 +1761,14 @@ static void socket_enter_running(Socket *s, int cfd) {
r = socket_open_fds(s);
if (r < 0) {
- log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
+ log_unit_warning_errno(UNIT(s)->id, r, "%s failed to listen on sockets: %m", UNIT(s)->id);
socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
return;
}
r = socket_watch_fds(s);
if (r < 0) {
- log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
+ log_unit_warning_errno(UNIT(s)->id, r, "%s failed to watch sockets: %m", UNIT(s)->id);
socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
}
}
@@ -1714,7 +1791,7 @@ static void socket_enter_running(Socket *s, int cfd) {
if (!pending) {
if (!UNIT_ISSET(s->service)) {
- log_error_unit(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
+ log_unit_error(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
r = -ENOENT;
goto fail;
}
@@ -1730,7 +1807,7 @@ static void socket_enter_running(Socket *s, int cfd) {
Service *service;
if (s->n_connections >= s->max_connections) {
- log_warning_unit(UNIT(s)->id, "%s: Too many incoming connections (%u)", UNIT(s)->id, s->n_connections);
+ log_unit_warning(UNIT(s)->id, "%s: Too many incoming connections (%u)", UNIT(s)->id, s->n_connections);
safe_close(cfd);
return;
}
@@ -1774,7 +1851,7 @@ static void socket_enter_running(Socket *s, int cfd) {
unit_choose_id(UNIT(service), name);
- r = service_set_socket_fd(service, cfd, s);
+ r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
if (r < 0)
goto fail;
@@ -1792,7 +1869,7 @@ static void socket_enter_running(Socket *s, int cfd) {
return;
fail:
- log_warning_unit(UNIT(s)->id, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
+ log_unit_warning(UNIT(s)->id, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
UNIT(s)->id, cfd >= 0 ? "template" : "non-template",
bus_error_message(&error, r));
@@ -1818,7 +1895,7 @@ static void socket_run_next(Socket *s) {
return;
fail:
- log_warning_unit(UNIT(s)->id, "%s failed to run next task: %s", UNIT(s)->id, strerror(-r));
+ log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run next task: %m", UNIT(s)->id);
if (s->state == SOCKET_START_POST)
socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
@@ -1858,7 +1935,7 @@ static int socket_start(Unit *u) {
service = SERVICE(UNIT_DEREF(s->service));
if (UNIT(service)->load_state != UNIT_LOADED) {
- log_error_unit(u->id, "Socket service %s not loaded, refusing.", UNIT(service)->id);
+ log_unit_error(u->id, "Socket service %s not loaded, refusing.", UNIT(service)->id);
return -ENOENT;
}
@@ -1867,24 +1944,19 @@ static int socket_start(Unit *u) {
if (service->state != SERVICE_DEAD &&
service->state != SERVICE_FAILED &&
service->state != SERVICE_AUTO_RESTART) {
- log_error_unit(u->id, "Socket service %s already active, refusing.", UNIT(service)->id);
+ log_unit_error(u->id, "Socket service %s already active, refusing.", UNIT(service)->id);
return -EBUSY;
}
-
-#ifdef HAVE_SYSV_COMPAT
- if (service->is_sysv) {
- log_error_unit(u->id, "Using SysV services for socket activation is not supported. Refusing.");
- return -ENOENT;
- }
-#endif
}
assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
s->result = SOCKET_SUCCESS;
+ s->reset_cpu_usage = true;
+
socket_enter_start_pre(s);
- return 0;
+ return 1;
}
static int socket_stop(Unit *u) {
@@ -1915,7 +1987,7 @@ static int socket_stop(Unit *u) {
assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
socket_enter_stop_pre(s, SOCKET_SUCCESS);
- return 0;
+ return 1;
}
static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
@@ -1984,7 +2056,7 @@ static int socket_deserialize_item(Unit *u, const char *key, const char *value,
state = socket_state_from_string(value);
if (state < 0)
- log_debug_unit(u->id, "Failed to parse state value %s", value);
+ log_unit_debug(u->id, "Failed to parse state value %s", value);
else
s->deserialized_state = state;
} else if (streq(key, "result")) {
@@ -1992,7 +2064,7 @@ static int socket_deserialize_item(Unit *u, const char *key, const char *value,
f = socket_result_from_string(value);
if (f < 0)
- log_debug_unit(u->id, "Failed to parse result value %s", value);
+ log_unit_debug(u->id, "Failed to parse result value %s", value);
else if (f != SOCKET_SUCCESS)
s->result = f;
@@ -2000,14 +2072,14 @@ static int socket_deserialize_item(Unit *u, const char *key, const char *value,
unsigned k;
if (safe_atou(value, &k) < 0)
- log_debug_unit(u->id, "Failed to parse n-accepted value %s", value);
+ log_unit_debug(u->id, "Failed to parse n-accepted value %s", value);
else
s->n_accepted += k;
} else if (streq(key, "control-pid")) {
pid_t pid;
if (parse_pid(value, &pid) < 0)
- log_debug_unit(u->id, "Failed to parse control-pid value %s", value);
+ log_unit_debug(u->id, "Failed to parse control-pid value %s", value);
else
s->control_pid = pid;
} else if (streq(key, "control-command")) {
@@ -2015,7 +2087,7 @@ static int socket_deserialize_item(Unit *u, const char *key, const char *value,
id = socket_exec_command_from_string(value);
if (id < 0)
- log_debug_unit(u->id, "Failed to parse exec-command value %s", value);
+ log_unit_debug(u->id, "Failed to parse exec-command value %s", value);
else {
s->control_command_id = id;
s->control_command = s->exec_command[id];
@@ -2025,12 +2097,12 @@ static int socket_deserialize_item(Unit *u, const char *key, const char *value,
SocketPort *p;
if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
- log_debug_unit(u->id, "Failed to parse fifo value %s", value);
+ log_unit_debug(u->id, "Failed to parse fifo value %s", value);
else {
LIST_FOREACH(port, p, s->ports)
if (p->type == SOCKET_FIFO &&
- streq_ptr(p->path, value+skip))
+ path_equal_or_files_same(p->path, value+skip))
break;
if (p) {
@@ -2044,12 +2116,12 @@ static int socket_deserialize_item(Unit *u, const char *key, const char *value,
SocketPort *p;
if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
- log_debug_unit(u->id, "Failed to parse special value %s", value);
+ log_unit_debug(u->id, "Failed to parse special value %s", value);
else {
LIST_FOREACH(port, p, s->ports)
if (p->type == SOCKET_SPECIAL &&
- streq_ptr(p->path, value+skip))
+ path_equal_or_files_same(p->path, value+skip))
break;
if (p) {
@@ -2063,12 +2135,12 @@ static int socket_deserialize_item(Unit *u, const char *key, const char *value,
SocketPort *p;
if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
- log_debug_unit(u->id, "Failed to parse mqueue value %s", value);
+ log_unit_debug(u->id, "Failed to parse mqueue value %s", value);
else {
LIST_FOREACH(port, p, s->ports)
if (p->type == SOCKET_MQUEUE &&
- streq_ptr(p->path, value+skip))
+ streq(p->path, value+skip))
break;
if (p) {
@@ -2082,7 +2154,7 @@ static int socket_deserialize_item(Unit *u, const char *key, const char *value,
SocketPort *p;
if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
- log_debug_unit(u->id, "Failed to parse socket value %s", value);
+ log_unit_debug(u->id, "Failed to parse socket value %s", value);
else {
LIST_FOREACH(port, p, s->ports)
@@ -2100,7 +2172,7 @@ static int socket_deserialize_item(Unit *u, const char *key, const char *value,
SocketPort *p;
if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
- log_debug_unit(u->id, "Failed to parse socket value %s", value);
+ log_unit_debug(u->id, "Failed to parse socket value %s", value);
else {
LIST_FOREACH(port, p, s->ports)
@@ -2113,7 +2185,7 @@ static int socket_deserialize_item(Unit *u, const char *key, const char *value,
}
}
} else
- log_debug_unit(UNIT(s)->id, "Unknown serialization key '%s'", key);
+ log_unit_debug(UNIT(s)->id, "Unknown serialization key '%s'", key);
return 0;
}
@@ -2217,15 +2289,15 @@ static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents,
if (p->socket->state != SOCKET_LISTENING)
return 0;
- log_debug_unit(UNIT(p->socket)->id, "Incoming traffic on %s", UNIT(p->socket)->id);
+ log_unit_debug(UNIT(p->socket)->id, "Incoming traffic on %s", UNIT(p->socket)->id);
if (revents != EPOLLIN) {
if (revents & EPOLLHUP)
- log_error_unit(UNIT(p->socket)->id, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
+ log_unit_error(UNIT(p->socket)->id, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
UNIT(p->socket)->id);
else
- log_error_unit(UNIT(p->socket)->id, "%s: Got unexpected poll event (0x%x) on socket.",
+ log_unit_error(UNIT(p->socket)->id, "%s: Got unexpected poll event (0x%x) on socket.",
UNIT(p->socket)->id, revents);
goto fail;
@@ -2243,7 +2315,7 @@ static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents,
if (errno == EINTR)
continue;
- log_error_unit(UNIT(p->socket)->id,
+ log_unit_error(UNIT(p->socket)->id,
"Failed to accept socket: %m");
goto fail;
}
@@ -2292,8 +2364,8 @@ static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
f = SOCKET_SUCCESS;
}
- log_full_unit(f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
- u->id,
+ log_unit_full(u->id,
+ f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
"%s control process exited, code=%s status=%i",
u->id, sigchld_code_to_string(code), status);
@@ -2304,7 +2376,7 @@ static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
s->control_command->command_next &&
f == SOCKET_SUCCESS) {
- log_debug_unit(u->id,
+ log_unit_debug(u->id,
"%s running next command for state %s",
u->id, socket_state_to_string(s->state));
socket_run_next(s);
@@ -2315,7 +2387,7 @@ static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
/* No further commands for this step, so let's figure
* out what to do next */
- log_debug_unit(u->id,
+ log_unit_debug(u->id,
"%s got final SIGCHLD for state %s",
u->id, socket_state_to_string(s->state));
@@ -2372,53 +2444,53 @@ static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *use
switch (s->state) {
case SOCKET_START_PRE:
- log_warning_unit(UNIT(s)->id, "%s starting timed out. Terminating.", UNIT(s)->id);
+ log_unit_warning(UNIT(s)->id, "%s starting timed out. Terminating.", UNIT(s)->id);
socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
break;
case SOCKET_START_CHOWN:
case SOCKET_START_POST:
- log_warning_unit(UNIT(s)->id, "%s starting timed out. Stopping.", UNIT(s)->id);
+ log_unit_warning(UNIT(s)->id, "%s starting timed out. Stopping.", UNIT(s)->id);
socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
break;
case SOCKET_STOP_PRE:
- log_warning_unit(UNIT(s)->id, "%s stopping timed out. Terminating.", UNIT(s)->id);
+ log_unit_warning(UNIT(s)->id, "%s stopping timed out. Terminating.", UNIT(s)->id);
socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
break;
case SOCKET_STOP_PRE_SIGTERM:
if (s->kill_context.send_sigkill) {
- log_warning_unit(UNIT(s)->id, "%s stopping timed out. Killing.", UNIT(s)->id);
+ log_unit_warning(UNIT(s)->id, "%s stopping timed out. Killing.", UNIT(s)->id);
socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
} else {
- log_warning_unit(UNIT(s)->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s)->id);
+ log_unit_warning(UNIT(s)->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s)->id);
socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
}
break;
case SOCKET_STOP_PRE_SIGKILL:
- log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL. Ignoring.", UNIT(s)->id);
+ log_unit_warning(UNIT(s)->id, "%s still around after SIGKILL. Ignoring.", UNIT(s)->id);
socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
break;
case SOCKET_STOP_POST:
- log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Terminating.", UNIT(s)->id);
+ log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Terminating.", UNIT(s)->id);
socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
break;
case SOCKET_FINAL_SIGTERM:
if (s->kill_context.send_sigkill) {
- log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Killing.", UNIT(s)->id);
+ log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Killing.", UNIT(s)->id);
socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
} else {
- log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s)->id);
+ log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s)->id);
socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
}
break;
case SOCKET_FINAL_SIGKILL:
- log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s)->id);
+ log_unit_warning(UNIT(s)->id, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s)->id);
socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
break;
@@ -2487,7 +2559,7 @@ static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
* services. */
if (s->state == SOCKET_RUNNING) {
- log_debug_unit(UNIT(s)->id, "%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
+ log_unit_debug(UNIT(s)->id, "%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
if (failed_permanent)
socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
else
@@ -2506,7 +2578,7 @@ void socket_connection_unref(Socket *s) {
assert(s->n_connections > 0);
s->n_connections--;
- log_debug_unit(UNIT(s)->id, "%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
+ log_unit_debug(UNIT(s)->id, "%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
}
static void socket_trigger_notify(Unit *u, Unit *other) {
@@ -2533,10 +2605,6 @@ static void socket_trigger_notify(Unit *u, Unit *other) {
socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
if (se->state == SERVICE_DEAD ||
- se->state == SERVICE_STOP ||
- se->state == SERVICE_STOP_SIGTERM ||
- se->state == SERVICE_STOP_SIGKILL ||
- se->state == SERVICE_STOP_POST ||
se->state == SERVICE_FINAL_SIGTERM ||
se->state == SERVICE_FINAL_SIGKILL ||
se->state == SERVICE_AUTO_RESTART)