X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fsocket.c;h=d0568c9b52074bdb18888f56e8b39283dbf24023;hp=2c9d693918facc7794aec846434af1223255744d;hb=11ce3427242b8b4ddf638ed5703d69041d719b4c;hpb=5632e3743db350a67478acc107d76cdf648a1f99 diff --git a/src/socket.c b/src/socket.c index 2c9d69391..d0568c9b5 100644 --- a/src/socket.c +++ b/src/socket.c @@ -1,4 +1,4 @@ -/*-*- Mode: C; c-basic-offset: 8 -*-*/ +/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ /*** This file is part of systemd. @@ -30,6 +30,7 @@ #include "unit.h" #include "socket.h" +#include "netinet/tcp.h" #include "log.h" #include "load-dropin.h" #include "load-fragment.h" @@ -39,6 +40,7 @@ #include "missing.h" #include "special.h" #include "bus-errors.h" +#include "label.h" static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = { [SOCKET_DEAD] = UNIT_INACTIVE, @@ -115,6 +117,9 @@ static void socket_done(Unit *u) { s->service = NULL; + free(s->tcp_congestion); + s->tcp_congestion = NULL; + free(s->bind_to_device); s->bind_to_device = NULL; @@ -161,6 +166,7 @@ static int socket_instantiate_service(Socket *s) { if (r < 0) return r; + u->meta.no_gc = true; s->service = SERVICE(u); return 0; } @@ -292,7 +298,7 @@ static int socket_add_default_dependencies(Socket *s) { if ((r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true)) < 0) return r; - return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true); + return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTED_BY, SPECIAL_SHUTDOWN_TARGET, NULL, true); } static int socket_load(Unit *u) { @@ -370,14 +376,16 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) { "%sSocketMode: %04o\n" "%sDirectoryMode: %04o\n" "%sKeepAlive: %s\n" - "%sFreeBind: %s\n", + "%sFreeBind: %s\n" + "%sTCPCongestion: %s\n", prefix, socket_state_to_string(s->state), prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only), prefix, s->backlog, prefix, s->socket_mode, prefix, s->directory_mode, prefix, yes_no(s->keep_alive), - prefix, yes_no(s->free_bind)); + prefix, yes_no(s->free_bind), + prefix, s->tcp_congestion); if (s->control_pid > 0) fprintf(f, @@ -438,14 +446,14 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) { if (p->type == SOCKET_SOCKET) { const char *t; int r; - char *k; + char *k = NULL; if ((r = socket_address_print(&p->address, &k)) < 0) t = strerror(-r); else t = k; - fprintf(f, "%s%s: %s\n", prefix, listen_lookup(p->address.type), k); + fprintf(f, "%s%s: %s\n", prefix, listen_lookup(p->address.type), t); free(k); } else fprintf(f, "%sListenFIFO: %s\n", prefix, p->path); @@ -631,6 +639,10 @@ static void socket_apply_socket_options(Socket *s, int fd) { if (r < 0 && x < 0) log_warning("IP_TTL/IPV6_UNICAST_HOPS failed: %m"); } + + if (s->tcp_congestion) + if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0) + log_warning("TCP_CONGESTION failed: %m"); } static void socket_apply_fifo_options(Socket *s, int fd) { @@ -642,14 +654,14 @@ static void socket_apply_fifo_options(Socket *s, int fd) { log_warning("F_SETPIPE_SZ: %m"); } + static int fifo_address_create( const char *path, mode_t directory_mode, mode_t socket_mode, - /* FIXME SELINUX: pass SELinux context object here */ int *_fd) { - int fd = -1, r; + int fd = -1, r = 0; struct stat st; mode_t old_mask; @@ -658,8 +670,8 @@ static int fifo_address_create( mkdir_parents(path, directory_mode); - /* FIXME SELINUX: The mkfifo here should be done with - * the right SELinux context set */ + if ((r = label_fifofile_set(path)) < 0) + goto fail; /* Enforce the right access mode for the fifo */ old_mask = umask(~ socket_mode); @@ -680,13 +692,15 @@ static int fifo_address_create( goto fail; } + label_file_clear(); + if (fstat(fd, &st) < 0) { r = -errno; goto fail; } if (!S_ISFIFO(st.st_mode) || - st.st_mode != (socket_mode & ~old_mask) || + (st.st_mode & 0777) != (socket_mode & ~old_mask) || st.st_uid != getuid() || st.st_gid != getgid()) { @@ -698,6 +712,8 @@ static int fifo_address_create( return 0; fail: + label_file_clear(); + if (fd >= 0) close_nointr_nofail(fd); @@ -707,25 +723,11 @@ fail: static int socket_open_fds(Socket *s) { SocketPort *p; int r; + char *label = NULL; + bool know_label = false; assert(s); - /* FIXME SELINUX: Somewhere here we must set the the SELinux - context for the created sockets and FIFOs. To figure out - the executable name for this, use - socket_instantiate_service() and then access the executable - path name via - s->service->exec_command[SERVICE_EXEC_START]->path. Example: - - if ((r = socket_instantiate_service(s)) < 0) - return r; - - log_debug("Socket unit %s will spawn service unit %s with executable path %s.", - s->meta.id, - s->service->meta.id, - s->service->exec_command[SERVICE_EXEC_START]->path); - */ - LIST_FOREACH(port, p, s->ports) { if (p->fd >= 0) @@ -733,6 +735,17 @@ static int socket_open_fds(Socket *s) { if (p->type == SOCKET_SOCKET) { + if (!know_label) { + + if ((r = socket_instantiate_service(s)) < 0) + return r; + + if ((r = label_get_socket_label_from_exe(s->service->exec_command[SERVICE_EXEC_START]->path, &label)) < 0) + return r; + + know_label = true; + } + if ((r = socket_address_listen( &p->address, s->backlog, @@ -741,7 +754,7 @@ static int socket_open_fds(Socket *s) { s->free_bind, s->directory_mode, s->socket_mode, - /* FIXME SELINUX: Pass the SELinux context object here */ + label, &p->fd)) < 0) goto rollback; @@ -753,7 +766,6 @@ static int socket_open_fds(Socket *s) { p->path, s->directory_mode, s->socket_mode, - /* FIXME SELINUX: Pass the SELinux context object here */ &p->fd)) < 0) goto rollback; @@ -763,10 +775,12 @@ static int socket_open_fds(Socket *s) { assert_not_reached("Unknown port type"); } + label_free(label); return 0; rollback: socket_close_fds(s); + label_free(label); return r; } @@ -1194,6 +1208,8 @@ static void socket_enter_running(Socket *s, int cfd) { s->service = NULL; s->n_accepted ++; + service->meta.no_gc = false; + unit_choose_id(UNIT(service), name); free(name); @@ -1205,6 +1221,9 @@ static void socket_enter_running(Socket *s, int cfd) { if ((r = manager_add_job(s->meta.manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL)) < 0) goto fail; + + /* Notify clients about changed counters */ + unit_add_to_dbus_queue(UNIT(s)); } return; @@ -1363,7 +1382,6 @@ static int socket_serialize(Unit *u, FILE *f, FDSet *fds) { static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) { Socket *s = SOCKET(u); - int r; assert(u); assert(key); @@ -1388,14 +1406,14 @@ static int socket_deserialize_item(Unit *u, const char *key, const char *value, } else if (streq(key, "n-accepted")) { unsigned k; - if ((r = safe_atou(value, &k)) < 0) + if (safe_atou(value, &k) < 0) log_debug("Failed to parse n-accepted value %s", value); else s->n_accepted += k; } else if (streq(key, "control-pid")) { pid_t pid; - if ((r = parse_pid(value, &pid)) < 0) + if (parse_pid(value, &pid) < 0) log_debug("Failed to parse control-pid value %s", value); else s->control_pid = pid; @@ -1583,6 +1601,9 @@ static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) { assert_not_reached("Uh, control process died at wrong time."); } } + + /* Notify clients about changed exit status */ + unit_add_to_dbus_queue(u); } static void socket_timer_event(Unit *u, uint64_t elapsed, Watch *w) { @@ -1654,7 +1675,7 @@ int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) { if (p->fd >= 0) rn_fds++; - if (!(rfds = new(int, rn_fds)) < 0) + if (!(rfds = new(int, rn_fds))) return -ENOMEM; k = 0; @@ -1763,5 +1784,7 @@ const UnitVTable socket_vtable = { .reset_maintenance = socket_reset_maintenance, - .bus_message_handler = bus_socket_message_handler + .bus_interface = "org.freedesktop.systemd1.Socket", + .bus_message_handler = bus_socket_message_handler, + .bus_invalidating_properties = bus_socket_invalidating_properties };