X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fcore%2Funit.c;h=0e4ebfde9bc37bdfd8a7bd6df1ebb30ce25ebcf3;hp=9d54147adb7e52718aa0f67c032e67845c1a5f7a;hb=8eea868708923a092ee85d6146ba4c04b7baea06;hpb=085afe36cb823e7d5b8c5f3ef21ebb9639bac78b diff --git a/src/core/unit.c b/src/core/unit.c index 9d54147ad..0e4ebfde9 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -51,6 +51,7 @@ #include "dbus.h" #include "execute.h" #include "virt.h" +#include "dropin.h" const UnitVTable * const unit_vtable[_UNIT_TYPE_MAX] = { [UNIT_SERVICE] = &service_vtable, @@ -101,104 +102,122 @@ bool unit_has_name(Unit *u, const char *name) { return !!set_get(u->names, (char*) name); } +static void unit_init(Unit *u) { + CGroupContext *cc; + ExecContext *ec; + KillContext *kc; + + assert(u); + assert(u->manager); + assert(u->type >= 0); + + cc = unit_get_cgroup_context(u); + if (cc) { + cgroup_context_init(cc); + + /* Copy in the manager defaults into the cgroup + * context, _before_ the rest of the settings have + * been initialized */ + + cc->cpu_accounting = u->manager->default_cpu_accounting; + cc->blockio_accounting = u->manager->default_blockio_accounting; + cc->memory_accounting = u->manager->default_memory_accounting; + } + + ec = unit_get_exec_context(u); + if (ec) + exec_context_init(ec); + + kc = unit_get_kill_context(u); + if (kc) + kill_context_init(kc); + + if (UNIT_VTABLE(u)->init) + UNIT_VTABLE(u)->init(u); +} + int unit_add_name(Unit *u, const char *text) { + _cleanup_free_ char *s = NULL, *i = NULL; UnitType t; - char *s, *i = NULL; int r; assert(u); assert(text); if (unit_name_is_template(text)) { + if (!u->instance) return -EINVAL; s = unit_name_replace_instance(text, u->instance); } else s = strdup(text); - if (!s) return -ENOMEM; - if (!unit_name_is_valid(s, TEMPLATE_INVALID)) { - r = -EINVAL; - goto fail; - } + if (!unit_name_is_valid(s, TEMPLATE_INVALID)) + return -EINVAL; assert_se((t = unit_name_to_type(s)) >= 0); - if (u->type != _UNIT_TYPE_INVALID && t != u->type) { - r = -EINVAL; - goto fail; - } + if (u->type != _UNIT_TYPE_INVALID && t != u->type) + return -EINVAL; r = unit_name_to_instance(s, &i); if (r < 0) - goto fail; + return r; - if (i && unit_vtable[t]->no_instances) { - r = -EINVAL; - goto fail; - } + if (i && unit_vtable[t]->no_instances) + return -EINVAL; /* Ensure that this unit is either instanced or not instanced, * but not both. */ - if (u->type != _UNIT_TYPE_INVALID && !u->instance != !i) { - r = -EINVAL; - goto fail; - } + if (u->type != _UNIT_TYPE_INVALID && !u->instance != !i) + return -EINVAL; if (unit_vtable[t]->no_alias && !set_isempty(u->names) && - !set_get(u->names, s)) { - r = -EEXIST; - goto fail; - } + !set_get(u->names, s)) + return -EEXIST; - if (hashmap_size(u->manager->units) >= MANAGER_MAX_NAMES) { - r = -E2BIG; - goto fail; - } + if (hashmap_size(u->manager->units) >= MANAGER_MAX_NAMES) + return -E2BIG; r = set_put(u->names, s); if (r < 0) { if (r == -EEXIST) - r = 0; - goto fail; + return 0; + + return r; } r = hashmap_put(u->manager->units, s, u); if (r < 0) { set_remove(u->names, s); - goto fail; + return r; } if (u->type == _UNIT_TYPE_INVALID) { - u->type = t; u->id = s; u->instance = i; LIST_PREPEND(units_by_type, u->manager->units_by_type[t], u); - if (UNIT_VTABLE(u)->init) - UNIT_VTABLE(u)->init(u); - } else - free(i); + unit_init(u); - unit_add_to_dbus_queue(u); - return 0; + i = NULL; + } -fail: - free(s); - free(i); + s = NULL; - return r; + unit_add_to_dbus_queue(u); + return 0; } int unit_choose_id(Unit *u, const char *name) { - char *s, *i; _cleanup_free_ char *t = NULL; + char *s, *i; int r; assert(u); @@ -218,7 +237,6 @@ int unit_choose_id(Unit *u, const char *name) { /* Selects one of the names of this unit as the id */ s = set_get(u->names, (char*) name); - if (!s) return -ENOENT; @@ -328,7 +346,8 @@ void unit_add_to_dbus_queue(Unit *u) { return; /* Shortcut things if nobody cares */ - if (set_isempty(u->manager->subscribed)) { + if (sd_bus_track_count(u->manager->subscribed) <= 0 && + set_isempty(u->manager->private_buses)) { u->sent_dbus_new_signal = true; return; } @@ -409,6 +428,27 @@ static void unit_free_requires_mounts_for(Unit *u) { u->requires_mounts_for = NULL; } +static void unit_done(Unit *u) { + ExecContext *ec; + CGroupContext *cc; + + assert(u); + + if (u->type < 0) + return; + + if (UNIT_VTABLE(u)->done) + UNIT_VTABLE(u)->done(u); + + ec = unit_get_exec_context(u); + if (ec) + exec_context_done(ec); + + cc = unit_get_cgroup_context(u); + if (cc) + cgroup_context_done(cc); +} + void unit_free(Unit *u) { UnitDependency d; Iterator i; @@ -421,9 +461,7 @@ void unit_free(Unit *u) { bus_unit_send_removed_signal(u); - if (u->load_state != UNIT_STUB) - if (UNIT_VTABLE(u)->done) - UNIT_VTABLE(u)->done(u); + unit_done(u); unit_free_requires_mounts_for(u); @@ -470,6 +508,9 @@ void unit_free(Unit *u) { free(u->cgroup_path); } + set_remove(u->manager->failed_units, u); + set_remove(u->manager->startup_units, u); + free(u->description); strv_free(u->documentation); free(u->fragment_path); @@ -683,6 +724,19 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) { return r; } + if (u->manager->running_as != SYSTEMD_SYSTEM) + return 0; + + if (c->private_tmp) { + r = unit_require_mounts_for(u, "/tmp"); + if (r < 0) + return r; + + r = unit_require_mounts_for(u, "/var/tmp"); + if (r < 0) + return r; + } + if (c->std_output != EXEC_OUTPUT_KMSG && c->std_output != EXEC_OUTPUT_SYSLOG && c->std_output != EXEC_OUTPUT_JOURNAL && @@ -700,11 +754,9 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) { /* If syslog or kernel logging is requested, make sure our own * logging daemon is run first. */ - if (u->manager->running_as == SYSTEMD_SYSTEM) { - r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_JOURNALD_SOCKET, NULL, true); - if (r < 0) - return r; - } + r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_JOURNALD_SOCKET, NULL, true); + if (r < 0) + return r; return 0; } @@ -1020,6 +1072,25 @@ static int unit_add_mount_dependencies(Unit *u) { return 0; } +static int unit_add_startup_units(Unit *u) { + CGroupContext *c; + int r = 0; + + c = unit_get_cgroup_context(u); + if (!c) + return 0; + + if (c->startup_cpu_shares == (unsigned long) -1 && + c->startup_blockio_weight == (unsigned long) -1) + return 0; + + r = set_put(u->manager->startup_units, u); + if (r == -EEXIST) + return 0; + + return r; +} + int unit_load(Unit *u) { int r; @@ -1061,6 +1132,10 @@ int unit_load(Unit *u) { if (r < 0) goto fail; + r = unit_add_startup_units(u); + if (r < 0) + goto fail; + if (u->on_failure_job_mode == JOB_ISOLATE && set_size(u->dependencies[UNIT_ON_FAILURE]) > 1) { log_error_unit(u->id, "More than one OnFailure= dependencies specified for %s but OnFailureJobMode=isolate set. Refusing.", u->id); r = -EINVAL; @@ -1500,12 +1575,13 @@ void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, bool reload_su /* Note that this is called for all low-level state changes, * even if they might map to the same high-level - * UnitActiveState! That means that ns == os is OK an expected + * UnitActiveState! That means that ns == os is an expected * behavior here. For example: if a mount point is remounted * this function will be called too! */ m = u->manager; + /* Update timestamps for state changes */ if (m->n_reloading <= 0) { dual_timestamp ts; @@ -1522,11 +1598,18 @@ void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, bool reload_su u->active_exit_timestamp = ts; } + /* Keep track of failed units */ + if (ns == UNIT_FAILED && os != UNIT_FAILED) + set_put(u->manager->failed_units, u); + else if (os == UNIT_FAILED && ns != UNIT_FAILED) + set_remove(u->manager->failed_units, u); + + /* Make sure the cgroup is always removed when we become inactive */ if (UNIT_IS_INACTIVE_OR_FAILED(ns)) unit_destroy_cgroup(u); /* Note that this doesn't apply to RemainAfterExit services exiting - * sucessfully, since there's no change of state in that case. Which is + * successfully, since there's no change of state in that case. Which is * why it is handled in service_set_state() */ if (UNIT_IS_INACTIVE_OR_FAILED(os) != UNIT_IS_INACTIVE_OR_FAILED(ns)) { ExecContext *ec; @@ -1640,7 +1723,7 @@ void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, bool reload_su if (UNIT_IS_ACTIVE_OR_RELOADING(ns)) { if (unit_has_name(u, SPECIAL_DBUS_SERVICE)) - /* The bus just might have become available, + /* The bus might have just become available, * hence try to connect to it, if we aren't * yet connected. */ bus_init(m, true); @@ -1703,11 +1786,11 @@ int unit_watch_pid(Unit *u, pid_t pid) { /* Watch a specific PID. We only support one or two units * watching each PID for now, not more. */ - r = hashmap_ensure_allocated(&u->manager->watch_pids1, trivial_hash_func, trivial_compare_func); + r = set_ensure_allocated(&u->pids, trivial_hash_func, trivial_compare_func); if (r < 0) return r; - r = set_ensure_allocated(&u->pids, trivial_hash_func, trivial_compare_func); + r = hashmap_ensure_allocated(&u->manager->watch_pids1, trivial_hash_func, trivial_compare_func); if (r < 0) return r; @@ -1736,7 +1819,17 @@ void unit_unwatch_pid(Unit *u, pid_t pid) { set_remove(u->pids, LONG_TO_PTR(pid)); } -static int watch_pids_in_path(Unit *u, const char *path) { +void unit_unwatch_all_pids(Unit *u) { + assert(u); + + while (!set_isempty(u->pids)) + unit_unwatch_pid(u, PTR_TO_LONG(set_first(u->pids))); + + set_free(u->pids); + u->pids = NULL; +} + +static int unit_watch_pids_in_path(Unit *u, const char *path) { _cleanup_closedir_ DIR *d = NULL; _cleanup_fclose_ FILE *f = NULL; int ret = 0, r; @@ -1774,7 +1867,7 @@ static int watch_pids_in_path(Unit *u, const char *path) { if (!p) return -ENOMEM; - r = watch_pids_in_path(u, p); + r = unit_watch_pids_in_path(u, p); if (r < 0 && ret >= 0) ret = r; } @@ -1787,31 +1880,15 @@ static int watch_pids_in_path(Unit *u, const char *path) { return ret; } - int unit_watch_all_pids(Unit *u) { assert(u); - if (!u->cgroup_path) - return -ENOENT; - /* Adds all PIDs from our cgroup to the set of PIDs we watch */ - return watch_pids_in_path(u, u->cgroup_path); -} - -void unit_unwatch_all_pids(Unit *u) { - Iterator i; - void *e; - - assert(u); - - SET_FOREACH(e, u->pids, i) { - hashmap_remove_value(u->manager->watch_pids1, e, u); - hashmap_remove_value(u->manager->watch_pids2, e, u); - } + if (!u->cgroup_path) + return -ENOENT; - set_free(u->pids); - u->pids = NULL; + return unit_watch_pids_in_path(u, u->cgroup_path); } void unit_tidy_watch_pids(Unit *u, pid_t except1, pid_t except2) { @@ -1829,7 +1906,7 @@ void unit_tidy_watch_pids(Unit *u, pid_t except1, pid_t except2) { continue; if (!pid_is_unwaited(pid)) - set_remove(u->pids, e); + unit_unwatch_pid(u, pid); } } @@ -2132,20 +2209,18 @@ char *unit_default_cgroup_path(Unit *u) { return strjoin(u->manager->cgroup_root, "/", escaped, NULL); } -int unit_add_default_slice(Unit *u) { +int unit_add_default_slice(Unit *u, CGroupContext *c) { _cleanup_free_ char *b = NULL; const char *slice_name; Unit *slice; int r; assert(u); + assert(c); if (UNIT_ISSET(u->slice)) return 0; - if (!unit_get_cgroup_context(u)) - return 0; - if (u->instance) { _cleanup_free_ char *prefix = NULL, *escaped = NULL; @@ -2237,25 +2312,25 @@ bool unit_can_serialize(Unit *u) { } int unit_serialize(Unit *u, FILE *f, FDSet *fds, bool serialize_jobs) { - ExecRuntime *rt; int r; assert(u); assert(f); assert(fds); - if (!unit_can_serialize(u)) - return 0; - - r = UNIT_VTABLE(u)->serialize(u, f, fds); - if (r < 0) - return r; + if (unit_can_serialize(u)) { + ExecRuntime *rt; - rt = unit_get_exec_runtime(u); - if (rt) { - r = exec_runtime_serialize(rt, u, f, fds); + r = UNIT_VTABLE(u)->serialize(u, f, fds); if (r < 0) return r; + + rt = unit_get_exec_runtime(u); + if (rt) { + r = exec_runtime_serialize(rt, u, f, fds); + if (r < 0) + return r; + } } dual_timestamp_serialize(f, "inactive-exit-timestamp", &u->inactive_exit_timestamp); @@ -2317,17 +2392,14 @@ void unit_serialize_item(Unit *u, FILE *f, const char *key, const char *value) { } int unit_deserialize(Unit *u, FILE *f, FDSet *fds) { - size_t offset; ExecRuntime **rt = NULL; + size_t offset; int r; assert(u); assert(f); assert(fds); - if (!unit_can_serialize(u)) - return 0; - offset = UNIT_VTABLE(u)->exec_runtime_offset; if (offset > 0) rt = (ExecRuntime**) ((uint8_t*) u + offset); @@ -2437,24 +2509,34 @@ int unit_deserialize(Unit *u, FILE *f, FDSet *fds) { if (!s) return -ENOMEM; - free(u->cgroup_path); - u->cgroup_path = s; + if (u->cgroup_path) { + void *p; + p = hashmap_remove(u->manager->cgroup_unit, u->cgroup_path); + log_info("Removing cgroup_path %s from hashmap (%p)", + u->cgroup_path, p); + free(u->cgroup_path); + } + + u->cgroup_path = s; assert(hashmap_put(u->manager->cgroup_unit, s, u) == 1); + continue; } - if (rt) { - r = exec_runtime_deserialize_item(rt, u, l, v, fds); + if (unit_can_serialize(u)) { + if (rt) { + r = exec_runtime_deserialize_item(rt, u, l, v, fds); + if (r < 0) + return r; + if (r > 0) + continue; + } + + r = UNIT_VTABLE(u)->deserialize_item(u, l, v, fds); if (r < 0) return r; - if (r > 0) - continue; } - - r = UNIT_VTABLE(u)->deserialize_item(u, l, v, fds); - if (r < 0) - return r; } } @@ -2777,44 +2859,55 @@ void unit_ref_unset(UnitRef *ref) { ref->unit = NULL; } -int unit_cgroup_context_init_defaults(Unit *u, CGroupContext *c) { - assert(u); - assert(c); - - /* Copy in the manager defaults into the cgroup context, - * _before_ the rest of the settings have been initialized */ - - c->cpu_accounting = u->manager->default_cpu_accounting; - c->blockio_accounting = u->manager->default_blockio_accounting; - c->memory_accounting = u->manager->default_memory_accounting; - - return 0; -} - -int unit_exec_context_patch_defaults(Unit *u, ExecContext *c) { +int unit_patch_contexts(Unit *u) { + CGroupContext *cc; + ExecContext *ec; unsigned i; int r; assert(u); - assert(c); - /* Patch in the manager defaults into the exec context, - * _after_ the rest of the settings have been initialized */ + /* Patch in the manager defaults into the exec and cgroup + * contexts, _after_ the rest of the settings have been + * initialized */ - /* This only copies in the ones that need memory */ - for (i = 0; i < RLIMIT_NLIMITS; i++) - if (u->manager->rlimit[i] && !c->rlimit[i]) { - c->rlimit[i] = newdup(struct rlimit, u->manager->rlimit[i], 1); - if (!c->rlimit[i]) - return -ENOMEM; + ec = unit_get_exec_context(u); + if (ec) { + /* This only copies in the ones that need memory */ + for (i = 0; i < _RLIMIT_MAX; i++) + if (u->manager->rlimit[i] && !ec->rlimit[i]) { + ec->rlimit[i] = newdup(struct rlimit, u->manager->rlimit[i], 1); + if (!ec->rlimit[i]) + return -ENOMEM; + } + + if (u->manager->running_as == SYSTEMD_USER && + !ec->working_directory) { + + r = get_home_dir(&ec->working_directory); + if (r < 0) + return r; } - if (u->manager->running_as == SYSTEMD_USER && - !c->working_directory) { + if (u->manager->running_as == SYSTEMD_USER && + (ec->syscall_whitelist || + !set_isempty(ec->syscall_filter) || + !set_isempty(ec->syscall_archs) || + ec->address_families_whitelist || + !set_isempty(ec->address_families))) + ec->no_new_privileges = true; - r = get_home_dir(&c->working_directory); - if (r < 0) - return r; + if (ec->private_devices) + ec->capability_bounding_set_drop |= (uint64_t) 1ULL << (uint64_t) CAP_MKNOD; + } + + cc = unit_get_cgroup_context(u); + if (cc) { + + if (ec && + ec->private_devices && + cc->device_policy == CGROUP_AUTO) + cc->device_policy = CGROUP_CLOSED; } return 0; @@ -2824,6 +2917,9 @@ ExecContext *unit_get_exec_context(Unit *u) { size_t offset; assert(u); + if (u->type < 0) + return NULL; + offset = UNIT_VTABLE(u)->exec_context_offset; if (offset <= 0) return NULL; @@ -2835,6 +2931,9 @@ KillContext *unit_get_kill_context(Unit *u) { size_t offset; assert(u); + if (u->type < 0) + return NULL; + offset = UNIT_VTABLE(u)->kill_context_offset; if (offset <= 0) return NULL; @@ -2845,6 +2944,9 @@ KillContext *unit_get_kill_context(Unit *u) { CGroupContext *unit_get_cgroup_context(Unit *u) { size_t offset; + if (u->type < 0) + return NULL; + offset = UNIT_VTABLE(u)->cgroup_context_offset; if (offset <= 0) return NULL; @@ -2855,6 +2957,9 @@ CGroupContext *unit_get_cgroup_context(Unit *u) { ExecRuntime *unit_get_exec_runtime(Unit *u) { size_t offset; + if (u->type < 0) + return NULL; + offset = UNIT_VTABLE(u)->exec_runtime_offset; if (offset <= 0) return NULL; @@ -2862,68 +2967,55 @@ ExecRuntime *unit_get_exec_runtime(Unit *u) { return *(ExecRuntime**) ((uint8_t*) u + offset); } -static int drop_in_file(Unit *u, UnitSetPropertiesMode mode, const char *name, char **_p, char **_q) { - _cleanup_free_ char *b = NULL; - char *p, *q; - int r; - - assert(u); - assert(name); - assert(_p); - assert(_q); - - b = xescape(name, "/."); - if (!b) - return -ENOMEM; - - if (!filename_is_safe(b)) - return -EINVAL; - +static int unit_drop_in_dir(Unit *u, UnitSetPropertiesMode mode, bool transient, char **dir) { if (u->manager->running_as == SYSTEMD_USER) { - _cleanup_free_ char *c = NULL; + int r; - r = user_config_home(&c); - if (r < 0) - return r; + r = user_config_home(dir); if (r == 0) return -ENOENT; + return r; + } - p = strjoin(c, "/", u->id, ".d", NULL); - } else if (mode == UNIT_PERSISTENT && !u->transient) - p = strjoin("/etc/systemd/system/", u->id, ".d", NULL); + if (mode == UNIT_PERSISTENT && !transient) + *dir = strdup("/etc/systemd/system"); else - p = strjoin("/run/systemd/system/", u->id, ".d", NULL); - if (!p) - return -ENOMEM; - - q = strjoin(p, "/90-", b, ".conf", NULL); - if (!q) { - free(p); + *dir = strdup("/run/systemd/system"); + if (!*dir) return -ENOMEM; - } - *_p = p; - *_q = q; return 0; } +static int unit_drop_in_file(Unit *u, + UnitSetPropertiesMode mode, const char *name, char **p, char **q) { + _cleanup_free_ char *dir = NULL; + int r; + + assert(u); + + r = unit_drop_in_dir(u, mode, u->transient, &dir); + if (r < 0) + return r; + + return drop_in_file(dir, u->id, 50, name, p, q); +} + int unit_write_drop_in(Unit *u, UnitSetPropertiesMode mode, const char *name, const char *data) { - _cleanup_free_ char *p = NULL, *q = NULL; + + _cleanup_free_ char *dir = NULL; int r; assert(u); - assert(name); - assert(data); if (!IN_SET(mode, UNIT_PERSISTENT, UNIT_RUNTIME)) return 0; - r = drop_in_file(u, mode, name, &p, &q); + r = unit_drop_in_dir(u, mode, u->transient, &dir); if (r < 0) return r; - mkdir_p(p, 0755); - return write_string_file_atomic_label(q, data); + return write_drop_in(dir, u->id, 50, name, data); } int unit_write_drop_in_format(Unit *u, UnitSetPropertiesMode mode, const char *name, const char *format, ...) { @@ -2999,7 +3091,7 @@ int unit_remove_drop_in(Unit *u, UnitSetPropertiesMode mode, const char *name) { if (!IN_SET(mode, UNIT_PERSISTENT, UNIT_RUNTIME)) return 0; - r = drop_in_file(u, mode, name, &p, &q); + r = unit_drop_in_file(u, mode, name, &p, &q); if (r < 0) return r; @@ -3172,11 +3264,9 @@ int unit_require_mounts_for(Unit *u, const char *path) { return 0; } - r = strv_push(&u->requires_mounts_for, p); - if (r < 0) { - free(p); + r = strv_consume(&u->requires_mounts_for, p); + if (r < 0) return r; - } PATH_FOREACH_PREFIX_MORE(prefix, p) { Set *x; @@ -3277,9 +3367,9 @@ static const char* const unit_dependency_table[_UNIT_DEPENDENCY_MAX] = { [UNIT_TRIGGERED_BY] = "TriggeredBy", [UNIT_PROPAGATES_RELOAD_TO] = "PropagatesReloadTo", [UNIT_RELOAD_PROPAGATED_FROM] = "ReloadPropagatedFrom", + [UNIT_JOINS_NAMESPACE_OF] = "JoinsNamespaceOf", [UNIT_REFERENCES] = "References", [UNIT_REFERENCED_BY] = "ReferencedBy", - [UNIT_JOINS_NAMESPACE_OF] = "JoinsNamespaceOf", }; DEFINE_STRING_TABLE_LOOKUP(unit_dependency, UnitDependency);