1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 #include <sys/types.h>
27 #include <sys/epoll.h>
29 #include <arpa/inet.h>
30 #include <netinet/tcp.h>
32 #include <sys/xattr.h>
36 #include "load-dropin.h"
37 #include "load-fragment.h"
40 #include "path-util.h"
41 #include "unit-name.h"
42 #include "unit-printf.h"
46 #include "exit-status.h"
48 #include "smack-util.h"
50 #include "bus-error.h"
51 #include "dbus-socket.h"
55 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
56 [SOCKET_DEAD] = UNIT_INACTIVE,
57 [SOCKET_START_PRE] = UNIT_ACTIVATING,
58 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
59 [SOCKET_START_POST] = UNIT_ACTIVATING,
60 [SOCKET_LISTENING] = UNIT_ACTIVE,
61 [SOCKET_RUNNING] = UNIT_ACTIVE,
62 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
63 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
65 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
66 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
67 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
68 [SOCKET_FAILED] = UNIT_FAILED
71 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
72 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
74 static void socket_init(Unit *u) {
75 Socket *s = SOCKET(u);
78 assert(u->load_state == UNIT_STUB);
80 s->backlog = SOMAXCONN;
81 s->timeout_usec = u->manager->default_timeout_start_usec;
82 s->directory_mode = 0755;
83 s->socket_mode = 0666;
85 s->max_connections = 64;
92 s->exec_context.std_output = u->manager->default_std_output;
93 s->exec_context.std_error = u->manager->default_std_error;
95 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
98 static void socket_unwatch_control_pid(Socket *s) {
101 if (s->control_pid <= 0)
104 unit_unwatch_pid(UNIT(s), s->control_pid);
108 void socket_free_ports(Socket *s) {
113 while ((p = s->ports)) {
114 LIST_REMOVE(port, s->ports, p);
116 sd_event_source_unref(p->event_source);
124 static void socket_done(Unit *u) {
125 Socket *s = SOCKET(u);
129 socket_free_ports(s);
131 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
132 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
133 s->control_command = NULL;
135 socket_unwatch_control_pid(s);
137 unit_ref_unset(&s->service);
139 free(s->tcp_congestion);
140 s->tcp_congestion = NULL;
142 free(s->bind_to_device);
143 s->bind_to_device = NULL;
146 free(s->smack_ip_in);
147 free(s->smack_ip_out);
149 strv_free(s->symlinks);
154 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
157 static int socket_arm_timer(Socket *s) {
162 if (s->timeout_usec <= 0) {
163 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
167 if (s->timer_event_source) {
168 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
172 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
175 return sd_event_add_time(
176 UNIT(s)->manager->event,
177 &s->timer_event_source,
179 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
180 socket_dispatch_timer, s);
183 int socket_instantiate_service(Socket *s) {
184 _cleanup_free_ char *prefix = NULL, *name = NULL;
190 /* This fills in s->service if it isn't filled in yet. For
191 * Accept=yes sockets we create the next connection service
192 * here. For Accept=no this is mostly a NOP since the service
193 * is figured out at load time anyway. */
195 if (UNIT_DEREF(s->service) || !s->accept)
198 prefix = unit_name_to_prefix(UNIT(s)->id);
202 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
205 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
210 unit_ref_set(&s->service, u);
212 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
215 static bool have_non_accept_socket(Socket *s) {
223 LIST_FOREACH(port, p, s->ports) {
225 if (p->type != SOCKET_SOCKET)
228 if (!socket_address_can_accept(&p->address))
235 static int socket_add_mount_links(Socket *s) {
241 LIST_FOREACH(port, p, s->ports) {
242 const char *path = NULL;
244 if (p->type == SOCKET_SOCKET)
245 path = socket_address_get_path(&p->address);
246 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
252 r = unit_require_mounts_for(UNIT(s), path);
260 static int socket_add_device_link(Socket *s) {
265 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
268 t = strappenda("/sys/subsystem/net/devices/", s->bind_to_device);
269 return unit_add_node_link(UNIT(s), t, false);
272 static int socket_add_default_dependencies(Socket *s) {
276 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
280 if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
281 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
286 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
289 _pure_ static bool socket_has_exec(Socket *s) {
293 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
294 if (s->exec_command[i])
300 static int socket_add_extras(Socket *s) {
306 if (have_non_accept_socket(s)) {
308 if (!UNIT_DEREF(s->service)) {
311 r = unit_load_related_unit(u, ".service", &x);
315 unit_ref_set(&s->service, x);
318 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
323 r = socket_add_mount_links(s);
327 r = socket_add_device_link(s);
331 r = unit_patch_contexts(u);
335 if (socket_has_exec(s)) {
336 r = unit_add_exec_dependencies(u, &s->exec_context);
340 r = unit_add_default_slice(u, &s->cgroup_context);
345 if (u->default_dependencies) {
346 r = socket_add_default_dependencies(s);
354 static const char *socket_find_symlink_target(Socket *s) {
355 const char *found = NULL;
358 LIST_FOREACH(port, p, s->ports) {
359 const char *f = NULL;
368 if (p->address.sockaddr.un.sun_path[0] != 0)
369 f = p->address.sockaddr.un.sun_path;
387 static int socket_verify(Socket *s) {
390 if (UNIT(s)->load_state != UNIT_LOADED)
394 log_unit_error(UNIT(s)->id, "%s lacks Listen setting. Refusing.", UNIT(s)->id);
398 if (s->accept && have_non_accept_socket(s)) {
399 log_unit_error(UNIT(s)->id, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
404 if (s->accept && s->max_connections <= 0) {
405 log_unit_error(UNIT(s)->id, "%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
409 if (s->accept && UNIT_DEREF(s->service)) {
410 log_unit_error(UNIT(s)->id, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
414 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
415 log_unit_error(UNIT(s)->id, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
419 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
420 log_unit_error(UNIT(s)->id, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s)->id);
427 static int socket_load(Unit *u) {
428 Socket *s = SOCKET(u);
432 assert(u->load_state == UNIT_STUB);
434 r = unit_load_fragment_and_dropin(u);
438 if (u->load_state == UNIT_LOADED) {
439 /* This is a new unit? Then let's add in some extras */
440 r = socket_add_extras(s);
445 return socket_verify(s);
448 _const_ static const char* listen_lookup(int family, int type) {
450 if (family == AF_NETLINK)
451 return "ListenNetlink";
453 if (type == SOCK_STREAM)
454 return "ListenStream";
455 else if (type == SOCK_DGRAM)
456 return "ListenDatagram";
457 else if (type == SOCK_SEQPACKET)
458 return "ListenSequentialPacket";
460 assert_not_reached("Unknown socket type");
464 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
465 char time_string[FORMAT_TIMESPAN_MAX];
467 Socket *s = SOCKET(u);
474 prefix = strempty(prefix);
475 prefix2 = strappenda(prefix, "\t");
478 "%sSocket State: %s\n"
480 "%sBindIPv6Only: %s\n"
482 "%sSocketMode: %04o\n"
483 "%sDirectoryMode: %04o\n"
487 "%sTransparent: %s\n"
489 "%sPassCredentials: %s\n"
490 "%sPassSecurity: %s\n"
491 "%sTCPCongestion: %s\n"
492 "%sRemoveOnStop: %s\n"
493 "%sSELinuxContextFromNet: %s\n",
494 prefix, socket_state_to_string(s->state),
495 prefix, socket_result_to_string(s->result),
496 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
498 prefix, s->socket_mode,
499 prefix, s->directory_mode,
500 prefix, yes_no(s->keep_alive),
501 prefix, yes_no(s->no_delay),
502 prefix, yes_no(s->free_bind),
503 prefix, yes_no(s->transparent),
504 prefix, yes_no(s->broadcast),
505 prefix, yes_no(s->pass_cred),
506 prefix, yes_no(s->pass_sec),
507 prefix, strna(s->tcp_congestion),
508 prefix, yes_no(s->remove_on_stop),
509 prefix, yes_no(s->selinux_context_from_net));
511 if (s->control_pid > 0)
513 "%sControl PID: "PID_FMT"\n",
514 prefix, s->control_pid);
516 if (s->bind_to_device)
518 "%sBindToDevice: %s\n",
519 prefix, s->bind_to_device);
524 "%sNConnections: %u\n"
525 "%sMaxConnections: %u\n",
526 prefix, s->n_accepted,
527 prefix, s->n_connections,
528 prefix, s->max_connections);
530 if (s->priority >= 0)
533 prefix, s->priority);
535 if (s->receive_buffer > 0)
537 "%sReceiveBuffer: %zu\n",
538 prefix, s->receive_buffer);
540 if (s->send_buffer > 0)
542 "%sSendBuffer: %zu\n",
543 prefix, s->send_buffer);
555 if (s->pipe_size > 0)
558 prefix, s->pipe_size);
565 if (s->mq_maxmsg > 0)
567 "%sMessageQueueMaxMessages: %li\n",
568 prefix, s->mq_maxmsg);
570 if (s->mq_msgsize > 0)
572 "%sMessageQueueMessageSize: %li\n",
573 prefix, s->mq_msgsize);
578 prefix, yes_no(s->reuse_port));
582 "%sSmackLabel: %s\n",
587 "%sSmackLabelIPIn: %s\n",
588 prefix, s->smack_ip_in);
592 "%sSmackLabelIPOut: %s\n",
593 prefix, s->smack_ip_out);
595 if (!isempty(s->user) || !isempty(s->group))
598 "%sOwnerGroup: %s\n",
599 prefix, strna(s->user),
600 prefix, strna(s->group));
602 if (s->keep_alive_time > 0)
604 "%sKeepAliveTimeSec: %s\n",
605 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
607 if (s->keep_alive_interval)
609 "%sKeepAliveIntervalSec: %s\n",
610 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
612 if (s->keep_alive_cnt)
614 "%sKeepAliveProbes: %u\n",
615 prefix, s->keep_alive_cnt);
619 "%sDeferAcceptSec: %s\n",
620 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
622 LIST_FOREACH(port, p, s->ports) {
624 if (p->type == SOCKET_SOCKET) {
629 if ((r = socket_address_print(&p->address, &k)) < 0)
634 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
636 } else if (p->type == SOCKET_SPECIAL)
637 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
638 else if (p->type == SOCKET_MQUEUE)
639 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
641 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
644 exec_context_dump(&s->exec_context, f, prefix);
645 kill_context_dump(&s->kill_context, f, prefix);
647 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
648 if (!s->exec_command[c])
651 fprintf(f, "%s-> %s:\n",
652 prefix, socket_exec_command_to_string(c));
654 exec_command_dump_list(s->exec_command[c], f, prefix2);
658 static int instance_from_socket(int fd, unsigned nr, char **instance) {
661 union sockaddr_union local, remote;
667 if (getsockname(fd, &local.sa, &l) < 0)
671 if (getpeername(fd, &remote.sa, &l) < 0)
674 switch (local.sa.sa_family) {
678 a = ntohl(local.in.sin_addr.s_addr),
679 b = ntohl(remote.in.sin_addr.s_addr);
682 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
684 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
685 ntohs(local.in.sin_port),
686 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
687 ntohs(remote.in.sin_port)) < 0)
694 static const unsigned char ipv4_prefix[] = {
695 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
698 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
699 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
701 *a = local.in6.sin6_addr.s6_addr+12,
702 *b = remote.in6.sin6_addr.s6_addr+12;
705 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
707 a[0], a[1], a[2], a[3],
708 ntohs(local.in6.sin6_port),
709 b[0], b[1], b[2], b[3],
710 ntohs(remote.in6.sin6_port)) < 0)
713 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
718 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
719 ntohs(local.in6.sin6_port),
720 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
721 ntohs(remote.in6.sin6_port)) < 0)
732 k = getpeercred(fd, &ucred);
735 "%u-"PID_FMT"-"UID_FMT,
736 nr, ucred.pid, ucred.uid) < 0)
738 } else if (k == -ENODATA) {
739 /* This handles the case where somebody is
740 * connecting from another pid/uid namespace
741 * (e.g. from outside of our container). */
753 assert_not_reached("Unhandled socket type.");
760 static void socket_close_fds(Socket *s) {
766 LIST_FOREACH(port, p, s->ports) {
768 p->event_source = sd_event_source_unref(p->event_source);
773 p->fd = safe_close(p->fd);
775 /* One little note: we should normally not delete any
776 * sockets in the file system here! After all some
777 * other process we spawned might still have a
778 * reference of this fd and wants to continue to use
779 * it. Therefore we delete sockets in the file system
780 * before we create a new one, not after we stopped
783 if (s->remove_on_stop) {
795 socket_address_unlink(&p->address);
804 if (s->remove_on_stop)
805 STRV_FOREACH(i, s->symlinks)
809 static void socket_apply_socket_options(Socket *s, int fd) {
816 int b = s->keep_alive;
817 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
818 log_unit_warning(UNIT(s)->id, "SO_KEEPALIVE failed: %m");
821 if (s->keep_alive_time) {
822 int value = s->keep_alive_time / USEC_PER_SEC;
823 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
824 log_unit_warning(UNIT(s)->id, "TCP_KEEPIDLE failed: %m");
827 if (s->keep_alive_interval) {
828 int value = s->keep_alive_interval / USEC_PER_SEC;
829 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
830 log_unit_warning(UNIT(s)->id, "TCP_KEEPINTVL failed: %m");
833 if (s->keep_alive_cnt) {
834 int value = s->keep_alive_cnt;
835 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
836 log_unit_warning(UNIT(s)->id, "TCP_KEEPCNT failed: %m");
839 if (s->defer_accept) {
840 int value = s->defer_accept / USEC_PER_SEC;
841 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
842 log_unit_warning(UNIT(s)->id, "TCP_DEFER_ACCEPT failed: %m");
847 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
848 log_unit_warning(UNIT(s)->id, "TCP_NODELAY failed: %m");
853 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
854 log_unit_warning(UNIT(s)->id, "SO_BROADCAST failed: %m");
859 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
860 log_unit_warning(UNIT(s)->id, "SO_PASSCRED failed: %m");
865 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
866 log_unit_warning(UNIT(s)->id, "SO_PASSSEC failed: %m");
869 if (s->priority >= 0)
870 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
871 log_unit_warning(UNIT(s)->id, "SO_PRIORITY failed: %m");
873 if (s->receive_buffer > 0) {
874 int value = (int) s->receive_buffer;
876 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
878 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
879 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
880 log_unit_warning(UNIT(s)->id, "SO_RCVBUF failed: %m");
883 if (s->send_buffer > 0) {
884 int value = (int) s->send_buffer;
885 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
886 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
887 log_unit_warning(UNIT(s)->id, "SO_SNDBUF failed: %m");
891 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
892 log_unit_warning(UNIT(s)->id, "SO_MARK failed: %m");
895 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
896 log_unit_warning(UNIT(s)->id, "IP_TOS failed: %m");
898 if (s->ip_ttl >= 0) {
901 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
903 if (socket_ipv6_is_supported())
904 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
907 errno = EAFNOSUPPORT;
911 log_unit_warning(UNIT(s)->id,
912 "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
915 if (s->tcp_congestion)
916 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
917 log_unit_warning(UNIT(s)->id, "TCP_CONGESTION failed: %m");
920 int b = s->reuse_port;
921 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
922 log_unit_warning(UNIT(s)->id, "SO_REUSEPORT failed: %m");
925 if (s->smack_ip_in) {
926 r = mac_smack_apply_ip_in_fd(fd, s->smack_ip_in);
928 log_unit_error(UNIT(s)->id, "mac_smack_apply_ip_in_fd: %s", strerror(-r));
931 if (s->smack_ip_out) {
932 r = mac_smack_apply_ip_out_fd(fd, s->smack_ip_out);
934 log_unit_error(UNIT(s)->id, "mac_smack_apply_ip_out_fd: %s", strerror(-r));
938 static void socket_apply_fifo_options(Socket *s, int fd) {
944 if (s->pipe_size > 0)
945 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
946 log_unit_warning(UNIT(s)->id, "F_SETPIPE_SZ: %m");
949 r = mac_smack_apply_fd(fd, s->smack);
951 log_unit_error(UNIT(s)->id, "mac_smack_apply_fd: %s", strerror(-r));
955 static int fifo_address_create(
957 mode_t directory_mode,
968 mkdir_parents_label(path, directory_mode);
970 r = mac_selinux_create_file_prepare(path, S_IFIFO);
974 /* Enforce the right access mode for the fifo */
975 old_mask = umask(~ socket_mode);
977 /* Include the original umask in our mask */
978 umask(~socket_mode | old_mask);
980 r = mkfifo(path, socket_mode);
983 if (r < 0 && errno != EEXIST) {
988 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
993 mac_selinux_create_file_clear();
995 if (fstat(fd, &st) < 0) {
1000 if (!S_ISFIFO(st.st_mode) ||
1001 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1002 st.st_uid != getuid() ||
1003 st.st_gid != getgid()) {
1013 mac_selinux_create_file_clear();
1019 static int special_address_create(
1029 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1035 if (fstat(fd, &st) < 0) {
1040 /* Check whether this is a /proc, /sys or /dev file or char device */
1041 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1055 static int mq_address_create(
1065 struct mq_attr _attr, *attr = NULL;
1070 if (maxmsg > 0 && msgsize > 0) {
1072 _attr.mq_flags = O_NONBLOCK;
1073 _attr.mq_maxmsg = maxmsg;
1074 _attr.mq_msgsize = msgsize;
1078 /* Enforce the right access mode for the mq */
1079 old_mask = umask(~ mq_mode);
1081 /* Include the original umask in our mask */
1082 umask(~mq_mode | old_mask);
1083 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1091 if (fstat(fd, &st) < 0) {
1096 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1097 st.st_uid != getuid() ||
1098 st.st_gid != getgid()) {
1112 static int socket_symlink(Socket *s) {
1118 p = socket_find_symlink_target(s);
1122 STRV_FOREACH(i, s->symlinks)
1123 symlink_label(p, *i);
1128 static int socket_open_fds(Socket *s) {
1132 bool know_label = false;
1136 LIST_FOREACH(port, p, s->ports) {
1141 if (p->type == SOCKET_SOCKET) {
1144 /* Figure out label, if we don't it know
1145 * yet. We do it once, for the first
1146 * socket where we need this and
1147 * remember it for the rest. */
1149 if (s->selinux_context_from_net) {
1150 /* Get it from the network label */
1152 r = mac_selinux_get_our_label(&label);
1153 if (r < 0 && r != -EOPNOTSUPP)
1157 /* Get it from the executable we are about to start */
1159 r = socket_instantiate_service(s);
1163 if (UNIT_ISSET(s->service) &&
1164 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1165 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1166 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
1174 r = socket_address_listen(
1176 SOCK_CLOEXEC|SOCK_NONBLOCK,
1189 socket_apply_socket_options(s, p->fd);
1192 } else if (p->type == SOCKET_SPECIAL) {
1194 r = special_address_create(
1200 } else if (p->type == SOCKET_FIFO) {
1202 r = fifo_address_create(
1210 socket_apply_fifo_options(s, p->fd);
1213 } else if (p->type == SOCKET_MQUEUE) {
1215 r = mq_address_create(
1224 assert_not_reached("Unknown port type");
1227 mac_selinux_free(label);
1231 socket_close_fds(s);
1232 mac_selinux_free(label);
1237 static void socket_unwatch_fds(Socket *s) {
1243 LIST_FOREACH(port, p, s->ports) {
1247 if (!p->event_source)
1250 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1252 log_unit_debug(UNIT(s)->id, "Failed to disable event source.");
1256 static int socket_watch_fds(Socket *s) {
1262 LIST_FOREACH(port, p, s->ports) {
1266 if (p->event_source)
1267 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1269 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1272 log_unit_warning(UNIT(s)->id, "Failed to watch listening fds: %s", strerror(-r));
1280 socket_unwatch_fds(s);
1284 static void socket_set_state(Socket *s, SocketState state) {
1285 SocketState old_state;
1288 old_state = s->state;
1296 SOCKET_STOP_PRE_SIGTERM,
1297 SOCKET_STOP_PRE_SIGKILL,
1299 SOCKET_FINAL_SIGTERM,
1300 SOCKET_FINAL_SIGKILL)) {
1302 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1303 socket_unwatch_control_pid(s);
1304 s->control_command = NULL;
1305 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1308 if (state != SOCKET_LISTENING)
1309 socket_unwatch_fds(s);
1317 SOCKET_STOP_PRE_SIGTERM,
1318 SOCKET_STOP_PRE_SIGKILL))
1319 socket_close_fds(s);
1321 if (state != old_state)
1322 log_unit_debug(UNIT(s)->id, "%s changed %s -> %s",
1323 UNIT(s)->id, socket_state_to_string(old_state), socket_state_to_string(state));
1325 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1328 static int socket_coldplug(Unit *u) {
1329 Socket *s = SOCKET(u);
1333 assert(s->state == SOCKET_DEAD);
1335 if (s->deserialized_state == s->state)
1338 if (IN_SET(s->deserialized_state,
1343 SOCKET_STOP_PRE_SIGTERM,
1344 SOCKET_STOP_PRE_SIGKILL,
1346 SOCKET_FINAL_SIGTERM,
1347 SOCKET_FINAL_SIGKILL)) {
1349 if (s->control_pid <= 0)
1352 r = unit_watch_pid(UNIT(s), s->control_pid);
1356 r = socket_arm_timer(s);
1361 if (IN_SET(s->deserialized_state,
1367 SOCKET_STOP_PRE_SIGTERM,
1368 SOCKET_STOP_PRE_SIGKILL)) {
1369 r = socket_open_fds(s);
1374 if (s->deserialized_state == SOCKET_LISTENING) {
1375 r = socket_watch_fds(s);
1380 socket_set_state(s, s->deserialized_state);
1384 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1385 _cleanup_free_ char **argv = NULL;
1388 ExecParameters exec_params = {
1389 .apply_permissions = true,
1390 .apply_chroot = true,
1391 .apply_tty_stdin = true,
1398 unit_realize_cgroup(UNIT(s));
1400 r = unit_setup_exec_runtime(UNIT(s));
1404 r = socket_arm_timer(s);
1408 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1412 exec_params.argv = argv;
1413 exec_params.environment = UNIT(s)->manager->environment;
1414 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1415 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1416 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1417 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1418 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1419 exec_params.unit_id = UNIT(s)->id;
1429 r = unit_watch_pid(UNIT(s), pid);
1431 /* FIXME: we need to do something here */
1438 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1442 static int socket_chown(Socket *s, pid_t *_pid) {
1446 r = socket_arm_timer(s);
1450 /* We have to resolve the user names out-of-process, hence
1451 * let's fork here. It's messy, but well, what can we do? */
1459 uid_t uid = (uid_t) -1;
1460 gid_t gid = (gid_t) -1;
1463 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1464 ignore_signals(SIGPIPE, -1);
1467 if (!isempty(s->user)) {
1468 const char *user = s->user;
1470 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1477 if (!isempty(s->group)) {
1478 const char *group = s->group;
1480 r = get_group_creds(&group, &gid);
1487 LIST_FOREACH(port, p, s->ports) {
1488 const char *path = NULL;
1490 if (p->type == SOCKET_SOCKET)
1491 path = socket_address_get_path(&p->address);
1492 else if (p->type == SOCKET_FIFO)
1498 if (chown(path, uid, gid) < 0) {
1509 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1514 r = unit_watch_pid(UNIT(s), pid);
1522 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1526 static void socket_enter_dead(Socket *s, SocketResult f) {
1529 if (f != SOCKET_SUCCESS)
1532 exec_runtime_destroy(s->exec_runtime);
1533 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1535 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1537 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1540 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1542 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1546 if (f != SOCKET_SUCCESS)
1549 socket_unwatch_control_pid(s);
1550 s->control_command_id = SOCKET_EXEC_STOP_POST;
1551 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1553 if (s->control_command) {
1554 r = socket_spawn(s, s->control_command, &s->control_pid);
1558 socket_set_state(s, SOCKET_STOP_POST);
1560 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1565 log_unit_warning(UNIT(s)->id,
1566 "%s failed to run 'stop-post' task: %s",
1567 UNIT(s)->id, strerror(-r));
1568 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1571 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1576 if (f != SOCKET_SUCCESS)
1579 r = unit_kill_context(
1582 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1583 KILL_KILL : KILL_TERMINATE,
1591 r = socket_arm_timer(s);
1595 socket_set_state(s, state);
1596 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1597 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1598 else if (state == SOCKET_STOP_PRE_SIGKILL)
1599 socket_enter_stop_post(s, SOCKET_SUCCESS);
1600 else if (state == SOCKET_FINAL_SIGTERM)
1601 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1603 socket_enter_dead(s, SOCKET_SUCCESS);
1608 log_unit_warning(UNIT(s)->id, "%s failed to kill processes: %s", UNIT(s)->id, strerror(-r));
1610 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1611 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1613 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1616 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1620 if (f != SOCKET_SUCCESS)
1623 socket_unwatch_control_pid(s);
1624 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1625 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1627 if (s->control_command) {
1628 r = socket_spawn(s, s->control_command, &s->control_pid);
1632 socket_set_state(s, SOCKET_STOP_PRE);
1634 socket_enter_stop_post(s, SOCKET_SUCCESS);
1639 log_unit_warning(UNIT(s)->id, "%s failed to run 'stop-pre' task: %s", UNIT(s)->id, strerror(-r));
1640 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1643 static void socket_enter_listening(Socket *s) {
1647 r = socket_watch_fds(s);
1649 log_unit_warning(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1653 socket_set_state(s, SOCKET_LISTENING);
1657 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1660 static void socket_enter_start_post(Socket *s) {
1664 socket_unwatch_control_pid(s);
1665 s->control_command_id = SOCKET_EXEC_START_POST;
1666 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1668 if (s->control_command) {
1669 r = socket_spawn(s, s->control_command, &s->control_pid);
1671 log_unit_warning(UNIT(s)->id, "%s failed to run 'start-post' task: %s", UNIT(s)->id, strerror(-r));
1675 socket_set_state(s, SOCKET_START_POST);
1677 socket_enter_listening(s);
1682 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1685 static void socket_enter_start_chown(Socket *s) {
1690 r = socket_open_fds(s);
1692 log_unit_warning(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1696 if (!isempty(s->user) || !isempty(s->group)) {
1698 socket_unwatch_control_pid(s);
1699 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1700 s->control_command = NULL;
1702 r = socket_chown(s, &s->control_pid);
1704 log_unit_warning(UNIT(s)->id, "%s failed to fork 'start-chown' task: %s", UNIT(s)->id, strerror(-r));
1708 socket_set_state(s, SOCKET_START_CHOWN);
1710 socket_enter_start_post(s);
1715 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1718 static void socket_enter_start_pre(Socket *s) {
1722 socket_unwatch_control_pid(s);
1723 s->control_command_id = SOCKET_EXEC_START_PRE;
1724 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1726 if (s->control_command) {
1727 r = socket_spawn(s, s->control_command, &s->control_pid);
1729 log_unit_warning(UNIT(s)->id, "%s failed to run 'start-pre' task: %s", UNIT(s)->id, strerror(-r));
1733 socket_set_state(s, SOCKET_START_PRE);
1735 socket_enter_start_chown(s);
1740 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1743 static void socket_enter_running(Socket *s, int cfd) {
1744 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1749 /* We don't take connections anymore if we are supposed to
1750 * shut down anyway */
1751 if (unit_stop_pending(UNIT(s))) {
1753 log_unit_debug(UNIT(s)->id, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
1758 /* Flush all sockets by closing and reopening them */
1759 socket_close_fds(s);
1761 r = socket_open_fds(s);
1763 log_unit_warning(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1764 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1768 r = socket_watch_fds(s);
1770 log_unit_warning(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1771 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1781 bool pending = false;
1783 /* If there's already a start pending don't bother to
1785 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1786 if (unit_active_or_pending(other)) {
1792 if (!UNIT_ISSET(s->service)) {
1793 log_unit_error(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
1798 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1803 socket_set_state(s, SOCKET_RUNNING);
1805 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1808 if (s->n_connections >= s->max_connections) {
1809 log_unit_warning(UNIT(s)->id, "%s: Too many incoming connections (%u)", UNIT(s)->id, s->n_connections);
1814 r = socket_instantiate_service(s);
1818 r = instance_from_socket(cfd, s->n_accepted, &instance);
1823 /* ENOTCONN is legitimate if TCP RST was received.
1824 * This connection is over, but the socket unit lives on. */
1829 prefix = unit_name_to_prefix(UNIT(s)->id);
1835 name = unit_name_build(prefix, instance, ".service");
1841 r = unit_add_name(UNIT_DEREF(s->service), name);
1845 service = SERVICE(UNIT_DEREF(s->service));
1846 unit_ref_unset(&s->service);
1849 UNIT(service)->no_gc = false;
1851 unit_choose_id(UNIT(service), name);
1853 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1858 s->n_connections ++;
1860 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1864 /* Notify clients about changed counters */
1865 unit_add_to_dbus_queue(UNIT(s));
1871 log_unit_warning(UNIT(s)->id, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1872 UNIT(s)->id, cfd >= 0 ? "template" : "non-template",
1873 bus_error_message(&error, r));
1875 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1879 static void socket_run_next(Socket *s) {
1883 assert(s->control_command);
1884 assert(s->control_command->command_next);
1886 socket_unwatch_control_pid(s);
1888 s->control_command = s->control_command->command_next;
1890 r = socket_spawn(s, s->control_command, &s->control_pid);
1897 log_unit_warning(UNIT(s)->id, "%s failed to run next task: %s", UNIT(s)->id, strerror(-r));
1899 if (s->state == SOCKET_START_POST)
1900 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1901 else if (s->state == SOCKET_STOP_POST)
1902 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1904 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1907 static int socket_start(Unit *u) {
1908 Socket *s = SOCKET(u);
1912 /* We cannot fulfill this request right now, try again later
1914 if (IN_SET(s->state,
1916 SOCKET_STOP_PRE_SIGKILL,
1917 SOCKET_STOP_PRE_SIGTERM,
1919 SOCKET_FINAL_SIGTERM,
1920 SOCKET_FINAL_SIGKILL))
1923 /* Already on it! */
1924 if (IN_SET(s->state,
1930 /* Cannot run this without the service being around */
1931 if (UNIT_ISSET(s->service)) {
1934 service = SERVICE(UNIT_DEREF(s->service));
1936 if (UNIT(service)->load_state != UNIT_LOADED) {
1937 log_unit_error(u->id, "Socket service %s not loaded, refusing.", UNIT(service)->id);
1941 /* If the service is already active we cannot start the
1943 if (service->state != SERVICE_DEAD &&
1944 service->state != SERVICE_FAILED &&
1945 service->state != SERVICE_AUTO_RESTART) {
1946 log_unit_error(u->id, "Socket service %s already active, refusing.", UNIT(service)->id);
1951 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1953 s->result = SOCKET_SUCCESS;
1954 socket_enter_start_pre(s);
1959 static int socket_stop(Unit *u) {
1960 Socket *s = SOCKET(u);
1965 if (IN_SET(s->state,
1967 SOCKET_STOP_PRE_SIGTERM,
1968 SOCKET_STOP_PRE_SIGKILL,
1970 SOCKET_FINAL_SIGTERM,
1971 SOCKET_FINAL_SIGKILL))
1974 /* If there's already something running we go directly into
1976 if (IN_SET(s->state,
1979 SOCKET_START_POST)) {
1980 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
1984 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1986 socket_enter_stop_pre(s, SOCKET_SUCCESS);
1990 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1991 Socket *s = SOCKET(u);
1999 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2000 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2001 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2003 if (s->control_pid > 0)
2004 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2006 if (s->control_command_id >= 0)
2007 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2009 LIST_FOREACH(port, p, s->ports) {
2015 copy = fdset_put_dup(fds, p->fd);
2019 if (p->type == SOCKET_SOCKET) {
2020 _cleanup_free_ char *t = NULL;
2022 r = socket_address_print(&p->address, &t);
2026 if (socket_address_family(&p->address) == AF_NETLINK)
2027 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2029 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2031 } else if (p->type == SOCKET_SPECIAL)
2032 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2033 else if (p->type == SOCKET_MQUEUE)
2034 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2036 assert(p->type == SOCKET_FIFO);
2037 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2044 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2045 Socket *s = SOCKET(u);
2051 if (streq(key, "state")) {
2054 state = socket_state_from_string(value);
2056 log_unit_debug(u->id, "Failed to parse state value %s", value);
2058 s->deserialized_state = state;
2059 } else if (streq(key, "result")) {
2062 f = socket_result_from_string(value);
2064 log_unit_debug(u->id, "Failed to parse result value %s", value);
2065 else if (f != SOCKET_SUCCESS)
2068 } else if (streq(key, "n-accepted")) {
2071 if (safe_atou(value, &k) < 0)
2072 log_unit_debug(u->id, "Failed to parse n-accepted value %s", value);
2075 } else if (streq(key, "control-pid")) {
2078 if (parse_pid(value, &pid) < 0)
2079 log_unit_debug(u->id, "Failed to parse control-pid value %s", value);
2081 s->control_pid = pid;
2082 } else if (streq(key, "control-command")) {
2083 SocketExecCommand id;
2085 id = socket_exec_command_from_string(value);
2087 log_unit_debug(u->id, "Failed to parse exec-command value %s", value);
2089 s->control_command_id = id;
2090 s->control_command = s->exec_command[id];
2092 } else if (streq(key, "fifo")) {
2096 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2097 log_unit_debug(u->id, "Failed to parse fifo value %s", value);
2100 LIST_FOREACH(port, p, s->ports)
2101 if (p->type == SOCKET_FIFO &&
2102 streq_ptr(p->path, value+skip))
2107 p->fd = fdset_remove(fds, fd);
2111 } else if (streq(key, "special")) {
2115 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2116 log_unit_debug(u->id, "Failed to parse special value %s", value);
2119 LIST_FOREACH(port, p, s->ports)
2120 if (p->type == SOCKET_SPECIAL &&
2121 streq_ptr(p->path, value+skip))
2126 p->fd = fdset_remove(fds, fd);
2130 } else if (streq(key, "mqueue")) {
2134 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2135 log_unit_debug(u->id, "Failed to parse mqueue value %s", value);
2138 LIST_FOREACH(port, p, s->ports)
2139 if (p->type == SOCKET_MQUEUE &&
2140 streq_ptr(p->path, value+skip))
2145 p->fd = fdset_remove(fds, fd);
2149 } else if (streq(key, "socket")) {
2150 int fd, type, skip = 0;
2153 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2154 log_unit_debug(u->id, "Failed to parse socket value %s", value);
2157 LIST_FOREACH(port, p, s->ports)
2158 if (socket_address_is(&p->address, value+skip, type))
2163 p->fd = fdset_remove(fds, fd);
2167 } else if (streq(key, "netlink")) {
2171 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2172 log_unit_debug(u->id, "Failed to parse socket value %s", value);
2175 LIST_FOREACH(port, p, s->ports)
2176 if (socket_address_is_netlink(&p->address, value+skip))
2181 p->fd = fdset_remove(fds, fd);
2185 log_unit_debug(UNIT(s)->id, "Unknown serialization key '%s'", key);
2190 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2191 Socket *s = SOCKET(u);
2196 LIST_FOREACH(port, p, s->ports) {
2200 if (p->type != SOCKET_SOCKET)
2206 FDSET_FOREACH(fd, fds, i) {
2207 if (socket_address_matches_fd(&p->address, fd)) {
2208 p->fd = fdset_remove(fds, fd);
2209 s->deserialized_state = SOCKET_LISTENING;
2218 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2221 return state_translation_table[SOCKET(u)->state];
2224 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2227 return socket_state_to_string(SOCKET(u)->state);
2230 const char* socket_port_type_to_string(SocketPort *p) {
2238 switch (p->address.type) {
2246 case SOCK_SEQPACKET:
2247 return "SequentialPacket";
2250 if (socket_address_family(&p->address) == AF_NETLINK)
2257 case SOCKET_SPECIAL:
2261 return "MessageQueue";
2271 _pure_ static bool socket_check_gc(Unit *u) {
2272 Socket *s = SOCKET(u);
2276 return s->n_connections > 0;
2279 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2280 SocketPort *p = userdata;
2286 if (p->socket->state != SOCKET_LISTENING)
2289 log_unit_debug(UNIT(p->socket)->id, "Incoming traffic on %s", UNIT(p->socket)->id);
2291 if (revents != EPOLLIN) {
2293 if (revents & EPOLLHUP)
2294 log_unit_error(UNIT(p->socket)->id, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
2295 UNIT(p->socket)->id);
2297 log_unit_error(UNIT(p->socket)->id, "%s: Got unexpected poll event (0x%x) on socket.",
2298 UNIT(p->socket)->id, revents);
2303 if (p->socket->accept &&
2304 p->type == SOCKET_SOCKET &&
2305 socket_address_can_accept(&p->address)) {
2309 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2315 log_unit_error(UNIT(p->socket)->id,
2316 "Failed to accept socket: %m");
2323 socket_apply_socket_options(p->socket, cfd);
2326 socket_enter_running(p->socket, cfd);
2330 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2334 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2335 Socket *s = SOCKET(u);
2341 if (pid != s->control_pid)
2346 if (is_clean_exit(code, status, NULL))
2348 else if (code == CLD_EXITED)
2349 f = SOCKET_FAILURE_EXIT_CODE;
2350 else if (code == CLD_KILLED)
2351 f = SOCKET_FAILURE_SIGNAL;
2352 else if (code == CLD_DUMPED)
2353 f = SOCKET_FAILURE_CORE_DUMP;
2355 assert_not_reached("Unknown sigchld code");
2357 if (s->control_command) {
2358 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2360 if (s->control_command->ignore)
2364 log_unit_full(u->id,
2365 f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
2366 "%s control process exited, code=%s status=%i",
2367 u->id, sigchld_code_to_string(code), status);
2369 if (f != SOCKET_SUCCESS)
2372 if (s->control_command &&
2373 s->control_command->command_next &&
2374 f == SOCKET_SUCCESS) {
2376 log_unit_debug(u->id,
2377 "%s running next command for state %s",
2378 u->id, socket_state_to_string(s->state));
2381 s->control_command = NULL;
2382 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2384 /* No further commands for this step, so let's figure
2385 * out what to do next */
2387 log_unit_debug(u->id,
2388 "%s got final SIGCHLD for state %s",
2389 u->id, socket_state_to_string(s->state));
2393 case SOCKET_START_PRE:
2394 if (f == SOCKET_SUCCESS)
2395 socket_enter_start_chown(s);
2397 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2400 case SOCKET_START_CHOWN:
2401 if (f == SOCKET_SUCCESS)
2402 socket_enter_start_post(s);
2404 socket_enter_stop_pre(s, f);
2407 case SOCKET_START_POST:
2408 if (f == SOCKET_SUCCESS)
2409 socket_enter_listening(s);
2411 socket_enter_stop_pre(s, f);
2414 case SOCKET_STOP_PRE:
2415 case SOCKET_STOP_PRE_SIGTERM:
2416 case SOCKET_STOP_PRE_SIGKILL:
2417 socket_enter_stop_post(s, f);
2420 case SOCKET_STOP_POST:
2421 case SOCKET_FINAL_SIGTERM:
2422 case SOCKET_FINAL_SIGKILL:
2423 socket_enter_dead(s, f);
2427 assert_not_reached("Uh, control process died at wrong time.");
2431 /* Notify clients about changed exit status */
2432 unit_add_to_dbus_queue(u);
2435 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2436 Socket *s = SOCKET(userdata);
2439 assert(s->timer_event_source == source);
2443 case SOCKET_START_PRE:
2444 log_unit_warning(UNIT(s)->id, "%s starting timed out. Terminating.", UNIT(s)->id);
2445 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2448 case SOCKET_START_CHOWN:
2449 case SOCKET_START_POST:
2450 log_unit_warning(UNIT(s)->id, "%s starting timed out. Stopping.", UNIT(s)->id);
2451 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2454 case SOCKET_STOP_PRE:
2455 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Terminating.", UNIT(s)->id);
2456 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2459 case SOCKET_STOP_PRE_SIGTERM:
2460 if (s->kill_context.send_sigkill) {
2461 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Killing.", UNIT(s)->id);
2462 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2464 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2465 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2469 case SOCKET_STOP_PRE_SIGKILL:
2470 log_unit_warning(UNIT(s)->id, "%s still around after SIGKILL. Ignoring.", UNIT(s)->id);
2471 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2474 case SOCKET_STOP_POST:
2475 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Terminating.", UNIT(s)->id);
2476 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2479 case SOCKET_FINAL_SIGTERM:
2480 if (s->kill_context.send_sigkill) {
2481 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Killing.", UNIT(s)->id);
2482 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2484 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2485 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2489 case SOCKET_FINAL_SIGKILL:
2490 log_unit_warning(UNIT(s)->id, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s)->id);
2491 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2495 assert_not_reached("Timeout at wrong time.");
2501 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2510 /* Called from the service code for requesting our fds */
2513 LIST_FOREACH(port, p, s->ports)
2523 if (!(rfds = new(int, rn_fds)))
2527 LIST_FOREACH(port, p, s->ports)
2531 assert(k == rn_fds);
2539 static void socket_reset_failed(Unit *u) {
2540 Socket *s = SOCKET(u);
2544 if (s->state == SOCKET_FAILED)
2545 socket_set_state(s, SOCKET_DEAD);
2547 s->result = SOCKET_SUCCESS;
2550 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2553 /* The service is dead. Dang!
2555 * This is strictly for one-instance-for-all-connections
2558 if (s->state == SOCKET_RUNNING) {
2559 log_unit_debug(UNIT(s)->id, "%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
2560 if (failed_permanent)
2561 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2563 socket_enter_listening(s);
2567 void socket_connection_unref(Socket *s) {
2570 /* The service is dead. Yay!
2572 * This is strictly for one-instance-per-connection
2575 assert(s->n_connections > 0);
2578 log_unit_debug(UNIT(s)->id, "%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
2581 static void socket_trigger_notify(Unit *u, Unit *other) {
2582 Socket *s = SOCKET(u);
2588 /* Don't propagate state changes from the service if we are
2589 already down or accepting connections */
2590 if ((s->state != SOCKET_RUNNING &&
2591 s->state != SOCKET_LISTENING) ||
2595 if (other->load_state != UNIT_LOADED ||
2596 other->type != UNIT_SERVICE)
2599 se = SERVICE(other);
2601 if (se->state == SERVICE_FAILED)
2602 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2604 if (se->state == SERVICE_DEAD ||
2605 se->state == SERVICE_STOP ||
2606 se->state == SERVICE_STOP_SIGTERM ||
2607 se->state == SERVICE_STOP_SIGKILL ||
2608 se->state == SERVICE_STOP_POST ||
2609 se->state == SERVICE_FINAL_SIGTERM ||
2610 se->state == SERVICE_FINAL_SIGKILL ||
2611 se->state == SERVICE_AUTO_RESTART)
2612 socket_notify_service_dead(s, false);
2614 if (se->state == SERVICE_RUNNING)
2615 socket_set_state(s, SOCKET_RUNNING);
2618 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2619 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2622 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2623 Socket *s = SOCKET(u);
2626 if (!s->timer_event_source)
2629 r = sd_event_source_get_time(s->timer_event_source, timeout);
2636 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2637 [SOCKET_DEAD] = "dead",
2638 [SOCKET_START_PRE] = "start-pre",
2639 [SOCKET_START_CHOWN] = "start-chown",
2640 [SOCKET_START_POST] = "start-post",
2641 [SOCKET_LISTENING] = "listening",
2642 [SOCKET_RUNNING] = "running",
2643 [SOCKET_STOP_PRE] = "stop-pre",
2644 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2645 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2646 [SOCKET_STOP_POST] = "stop-post",
2647 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2648 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2649 [SOCKET_FAILED] = "failed"
2652 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2654 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2655 [SOCKET_EXEC_START_PRE] = "StartPre",
2656 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2657 [SOCKET_EXEC_START_POST] = "StartPost",
2658 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2659 [SOCKET_EXEC_STOP_POST] = "StopPost"
2662 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2664 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2665 [SOCKET_SUCCESS] = "success",
2666 [SOCKET_FAILURE_RESOURCES] = "resources",
2667 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2668 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2669 [SOCKET_FAILURE_SIGNAL] = "signal",
2670 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2671 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2674 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2676 const UnitVTable socket_vtable = {
2677 .object_size = sizeof(Socket),
2678 .exec_context_offset = offsetof(Socket, exec_context),
2679 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2680 .kill_context_offset = offsetof(Socket, kill_context),
2681 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2687 .private_section = "Socket",
2689 .init = socket_init,
2690 .done = socket_done,
2691 .load = socket_load,
2693 .coldplug = socket_coldplug,
2695 .dump = socket_dump,
2697 .start = socket_start,
2698 .stop = socket_stop,
2700 .kill = socket_kill,
2702 .get_timeout = socket_get_timeout,
2704 .serialize = socket_serialize,
2705 .deserialize_item = socket_deserialize_item,
2706 .distribute_fds = socket_distribute_fds,
2708 .active_state = socket_active_state,
2709 .sub_state_to_string = socket_sub_state_to_string,
2711 .check_gc = socket_check_gc,
2713 .sigchld_event = socket_sigchld_event,
2715 .trigger_notify = socket_trigger_notify,
2717 .reset_failed = socket_reset_failed,
2719 .bus_interface = "org.freedesktop.systemd1.Socket",
2720 .bus_vtable = bus_socket_vtable,
2721 .bus_set_property = bus_socket_set_property,
2722 .bus_commit_properties = bus_socket_commit_properties,
2724 .status_message_formats = {
2725 /*.starting_stopping = {
2726 [0] = "Starting socket %s...",
2727 [1] = "Stopping socket %s...",
2729 .finished_start_job = {
2730 [JOB_DONE] = "Listening on %s.",
2731 [JOB_FAILED] = "Failed to listen on %s.",
2732 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2733 [JOB_TIMEOUT] = "Timed out starting %s.",
2735 .finished_stop_job = {
2736 [JOB_DONE] = "Closed %s.",
2737 [JOB_FAILED] = "Failed stopping %s.",
2738 [JOB_TIMEOUT] = "Timed out stopping %s.",
~ianmdlvl / elogind.git / blob