#include <signal.h>
#include <arpa/inet.h>
#include <mqueue.h>
-#ifdef HAVE_ATTR_XATTR_H
+#ifdef HAVE_XATTR
#include <attr/xattr.h>
#endif
#include "dbus-socket.h"
#include "missing.h"
#include "special.h"
-#include "bus-errors.h"
+#include "dbus-common.h"
#include "label.h"
#include "exit-status.h"
#include "def.h"
+#include "smack-util.h"
static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
[SOCKET_DEAD] = UNIT_INACTIVE,
assert(u->load_state == UNIT_STUB);
s->backlog = SOMAXCONN;
- s->timeout_usec = DEFAULT_TIMEOUT_USEC;
+ s->timeout_usec = u->manager->default_timeout_start_usec;
s->directory_mode = 0755;
s->socket_mode = 0666;
s->exec_context.std_output = u->manager->default_std_output;
s->exec_context.std_error = u->manager->default_std_error;
kill_context_init(&s->kill_context);
+ cgroup_context_init(&s->cgroup_context);
s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
}
assert(s);
while ((p = s->ports)) {
- LIST_REMOVE(SocketPort, port, s->ports, p);
+ LIST_REMOVE(port, s->ports, p);
if (p->fd >= 0) {
unit_unwatch_fd(UNIT(s), &p->fd_watch);
socket_free_ports(s);
- exec_context_done(&s->exec_context);
+ exec_context_done(&s->exec_context, manager_is_reloading_or_reexecuting(u->manager));
+ cgroup_context_init(&s->cgroup_context);
+
exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
s->control_command = NULL;
return 0;
}
-static bool socket_needs_mount(Socket *s, const char *prefix) {
+static int socket_add_mount_links(Socket *s) {
SocketPort *p;
-
- assert(s);
-
- LIST_FOREACH(port, p, s->ports) {
-
- if (p->type == SOCKET_SOCKET) {
- if (socket_address_needs_mount(&p->address, prefix))
- return true;
- } else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL) {
- if (path_startswith(p->path, prefix))
- return true;
- }
- }
-
- return false;
-}
-
-int socket_add_one_mount_link(Socket *s, Mount *m) {
int r;
assert(s);
- assert(m);
-
- if (UNIT(s)->load_state != UNIT_LOADED ||
- UNIT(m)->load_state != UNIT_LOADED)
- return 0;
- if (!socket_needs_mount(s, m->where))
- return 0;
-
- r = unit_add_two_dependencies(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, UNIT(m), true);
- if (r < 0)
- return r;
+ LIST_FOREACH(port, p, s->ports) {
+ const char *path = NULL;
- return 0;
-}
+ if (p->type == SOCKET_SOCKET)
+ path = socket_address_get_path(&p->address);
+ else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
+ path = p->path;
-static int socket_add_mount_links(Socket *s) {
- Unit *other;
- int r;
-
- assert(s);
+ if (!path)
+ continue;
- LIST_FOREACH(units_by_type, other, UNIT(s)->manager->units_by_type[UNIT_MOUNT]) {
- r = socket_add_one_mount_link(s, MOUNT(other));
+ r = unit_require_mounts_for(UNIT(s), path);
if (r < 0)
return r;
}
int r;
assert(s);
- if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
- if ((r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true)) < 0)
- return r;
+ r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
+ if (r < 0)
+ return r;
- if ((r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true)) < 0)
+ if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
+ r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
+ if (r < 0)
return r;
}
return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
}
-static bool socket_has_exec(Socket *s) {
+_pure_ static bool socket_has_exec(Socket *s) {
unsigned i;
assert(s);
if ((r = unit_add_exec_dependencies(u, &s->exec_context)) < 0)
return r;
- if ((r = unit_add_default_cgroups(u)) < 0)
+ r = unit_add_default_slice(u);
+ if (r < 0)
return r;
if (UNIT(s)->default_dependencies)
return socket_verify(s);
}
-static const char* listen_lookup(int family, int type) {
+_const_ static const char* listen_lookup(int family, int type) {
if (family == AF_NETLINK)
return "ListenNetlink";
"%sMessageQueueMessageSize: %li\n",
prefix, s->mq_msgsize);
+ if (s->reuseport)
+ fprintf(f,
+ "%sReusePort: %s\n",
+ prefix, yes_no(s->reuseport));
+
if (s->smack)
fprintf(f,
"%sSmackLabel: %s\n",
if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
log_warning_unit(UNIT(s)->id, "TCP_CONGESTION failed: %m");
-#ifdef HAVE_ATTR_XATTR_H
+ if (s->reuseport) {
+ int b = s->reuseport;
+ if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)))
+ log_warning_unit(UNIT(s)->id, "SO_REUSEPORT failed: %m");
+ }
+
if (s->smack_ip_in)
- if (fsetxattr(fd, "security.SMACK64IPIN", s->smack_ip_in, strlen(s->smack_ip_in), 0) < 0)
- log_error_unit(UNIT(s)->id,
- "fsetxattr(\"security.SMACK64IPIN\"): %m");
+ if (smack_label_ip_in_fd(fd, s->smack_ip_in) < 0)
+ log_error_unit(UNIT(s)->id, "smack_label_ip_in_fd: %m");
if (s->smack_ip_out)
- if (fsetxattr(fd, "security.SMACK64IPOUT", s->smack_ip_out, strlen(s->smack_ip_out), 0) < 0)
- log_error_unit(UNIT(s)->id,
- "fsetxattr(\"security.SMACK64IPOUT\"): %m");
-#endif
+ if (smack_label_ip_out_fd(fd, s->smack_ip_out) < 0)
+ log_error_unit(UNIT(s)->id, "smack_label_ip_out_fd: %m");
}
static void socket_apply_fifo_options(Socket *s, int fd) {
log_warning_unit(UNIT(s)->id,
"F_SETPIPE_SZ: %m");
-#ifdef HAVE_ATTR_XATTR_H
if (s->smack)
- if (fsetxattr(fd, "security.SMACK64", s->smack, strlen(s->smack), 0) < 0)
- log_error_unit(UNIT(s)->id,
- "fsetxattr(\"security.SMACK64\"): %m");
-#endif
+ if (smack_label_fd(fd, s->smack) < 0)
+ log_error_unit(UNIT(s)->id, "smack_label_fd: %m");
}
static int fifo_address_create(
if ((r = socket_instantiate_service(s)) < 0)
return r;
- if (UNIT_DEREF(s->service) &&
+ if (UNIT_ISSET(s->service) &&
SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
r = label_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
know_label = true;
}
- if ((r = socket_address_listen(
- &p->address,
- s->backlog,
- s->bind_ipv6_only,
- s->bind_to_device,
- s->free_bind,
- s->transparent,
- s->directory_mode,
- s->socket_mode,
- label,
- &p->fd)) < 0)
+ r = socket_address_listen(
+ &p->address,
+ SOCK_CLOEXEC|SOCK_NONBLOCK,
+ s->backlog,
+ s->bind_ipv6_only,
+ s->bind_to_device,
+ s->free_bind,
+ s->transparent,
+ s->directory_mode,
+ s->socket_mode,
+ label);
+ if (r < 0)
goto rollback;
+ p->fd = r;
socket_apply_socket_options(s, p->fd);
} else if (p->type == SOCKET_SPECIAL) {
- if ((r = special_address_create(
- p->path,
- &p->fd)) < 0)
+ r = special_address_create(
+ p->path,
+ &p->fd);
+ if (r < 0)
goto rollback;
} else if (p->type == SOCKET_FIFO) {
- if ((r = fifo_address_create(
- p->path,
- s->directory_mode,
- s->socket_mode,
- &p->fd)) < 0)
+ r = fifo_address_create(
+ p->path,
+ s->directory_mode,
+ s->socket_mode,
+ &p->fd);
+ if (r < 0)
goto rollback;
socket_apply_fifo_options(s, p->fd);
} else if (p->type == SOCKET_MQUEUE) {
- if ((r = mq_address_create(
- p->path,
- s->socket_mode,
- s->mq_maxmsg,
- s->mq_msgsize,
- &p->fd)) < 0)
+ r = mq_address_create(
+ p->path,
+ s->socket_mode,
+ s->mq_maxmsg,
+ s->mq_msgsize,
+ &p->fd);
+ if (r < 0)
goto rollback;
} else
assert_not_reached("Unknown port type");
assert(c);
assert(_pid);
+ unit_realize_cgroup(UNIT(s));
+
r = unit_watch_timer(UNIT(s), CLOCK_MONOTONIC, true, s->timeout_usec, &s->timer_watch);
if (r < 0)
goto fail;
- argv = unit_full_printf_strv(UNIT(s), c->argv);
- if (!argv) {
- r = -ENOMEM;
+ r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
+ if (r < 0)
goto fail;
- }
r = exec_spawn(c,
argv,
true,
true,
UNIT(s)->manager->confirm_spawn,
- UNIT(s)->cgroup_bondings,
- UNIT(s)->cgroup_attributes,
- NULL,
+ UNIT(s)->manager->cgroup_supported,
+ UNIT(s)->cgroup_path,
UNIT(s)->id,
NULL,
&pid);
if (f != SOCKET_SUCCESS)
s->result = f;
+ exec_context_tmp_dirs_done(&s->exec_context);
socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
}
static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
int r;
- Set *pid_set = NULL;
- bool wait_for_exit = false;
assert(s);
if (f != SOCKET_SUCCESS)
s->result = f;
- if (s->kill_context.kill_mode != KILL_NONE) {
- int sig = (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_FINAL_SIGTERM) ? s->kill_context.kill_signal : SIGKILL;
-
- if (s->control_pid > 0) {
- if (kill_and_sigcont(s->control_pid, sig) < 0 && errno != ESRCH)
-
- log_warning_unit(UNIT(s)->id,
- "Failed to kill control process %li: %m",
- (long) s->control_pid);
- else
- wait_for_exit = true;
- }
-
- if (s->kill_context.kill_mode == KILL_CONTROL_GROUP) {
-
- if (!(pid_set = set_new(trivial_hash_func, trivial_compare_func))) {
- r = -ENOMEM;
- goto fail;
- }
-
- /* Exclude the control pid from being killed via the cgroup */
- if (s->control_pid > 0)
- if ((r = set_put(pid_set, LONG_TO_PTR(s->control_pid))) < 0)
- goto fail;
-
- r = cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, sig, true, false, pid_set, NULL);
- if (r < 0) {
- if (r != -EAGAIN && r != -ESRCH && r != -ENOENT)
- log_warning_unit(UNIT(s)->id,
- "Failed to kill control group: %s",
- strerror(-r));
- } else if (r > 0)
- wait_for_exit = true;
-
- set_free(pid_set);
- pid_set = NULL;
- }
- }
+ r = unit_kill_context(
+ UNIT(s),
+ &s->kill_context,
+ state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM,
+ -1,
+ s->control_pid,
+ false);
+ if (r < 0)
+ goto fail;
- if (wait_for_exit) {
+ if (r > 0) {
r = unit_watch_timer(UNIT(s), CLOCK_MONOTONIC, true, s->timeout_usec, &s->timer_watch);
if (r < 0)
goto fail;
socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
else
socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
-
- if (pid_set)
- set_free(pid_set);
}
static void socket_enter_stop_pre(Socket *s, SocketResult f) {
/* We don't take connections anymore if we are supposed to
* shut down anyway */
- if (unit_pending_inactive(UNIT(s))) {
+ if (unit_stop_pending(UNIT(s))) {
log_debug_unit(UNIT(s)->id,
"Suppressing connection request on %s since unit stop is scheduled.",
UNIT(s)->id);
/* If there's already a start pending don't bother to
* do anything */
SET_FOREACH(u, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
- if (unit_pending_active(u)) {
+ if (unit_active_or_pending(u)) {
pending = true;
break;
}
return 0;
/* Cannot run this without the service being around */
- if (UNIT_DEREF(s->service)) {
+ if (UNIT_ISSET(s->service)) {
Service *service;
service = SERVICE(UNIT_DEREF(s->service));
if (UNIT(service)->load_state != UNIT_LOADED) {
- log_error_unit(UNIT(service)->id,
+ log_error_unit(u->id,
"Socket service %s not loaded, refusing.",
UNIT(service)->id);
return -ENOENT;
if (service->state != SERVICE_DEAD &&
service->state != SERVICE_FAILED &&
service->state != SERVICE_AUTO_RESTART) {
- log_error_unit(UNIT(service)->id,
+ log_error_unit(u->id,
"Socket service %s already active, refusing.",
UNIT(service)->id);
return -EBUSY;
#ifdef HAVE_SYSV_COMPAT
if (service->is_sysv) {
- log_error_unit(UNIT(s)->id,
+ log_error_unit(u->id,
"Using SysV services for socket activation is not supported. Refusing.");
return -ENOENT;
}
}
}
+ exec_context_serialize(&s->exec_context, UNIT(s), f);
+
return 0;
}
p->fd = fdset_remove(fds, fd);
}
}
+ } else if (streq(key, "tmp-dir")) {
+ char *t;
+
+ t = strdup(value);
+ if (!t)
+ return log_oom();
+ s->exec_context.tmp_dir = t;
+ } else if (streq(key, "var-tmp-dir")) {
+ char *t;
+
+ t = strdup(value);
+ if (!t)
+ return log_oom();
+
+ s->exec_context.var_tmp_dir = t;
} else
log_debug_unit(UNIT(s)->id,
"Unknown serialization key '%s'", key);
return 0;
}
-static UnitActiveState socket_active_state(Unit *u) {
+_pure_ static UnitActiveState socket_active_state(Unit *u) {
assert(u);
return state_translation_table[SOCKET(u)->state];
}
-static const char *socket_sub_state_to_string(Unit *u) {
+_pure_ static const char *socket_sub_state_to_string(Unit *u) {
assert(u);
return socket_state_to_string(SOCKET(u)->state);
}
-static bool socket_check_gc(Unit *u) {
+const char* socket_port_type_to_string(SocketPort *p) {
+
+ assert(p);
+
+ switch (p->type) {
+ case SOCKET_SOCKET:
+ switch (p->address.type) {
+ case SOCK_STREAM: return "Stream";
+ case SOCK_DGRAM: return "Datagram";
+ case SOCK_SEQPACKET: return "SequentialPacket";
+ case SOCK_RAW:
+ if (socket_address_family(&p->address) == AF_NETLINK)
+ return "Netlink";
+ default: return "Invalid";
+ }
+ case SOCKET_SPECIAL: return "Special";
+ case SOCKET_MQUEUE: return "MessageQueue";
+ case SOCKET_FIFO: return "FIFO";
+ default: return NULL;
+ }
+}
+
+_pure_ static bool socket_check_gc(Unit *u) {
Socket *s = SOCKET(u);
assert(u);
return 0;
}
-void socket_notify_service_dead(Socket *s, bool failed_permanent) {
+static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
assert(s);
/* The service is dead. Dang!
s->result = SOCKET_SUCCESS;
}
-static int socket_kill(Unit *u, KillWho who, int signo, DBusError *error) {
+static void socket_trigger_notify(Unit *u, Unit *other) {
Socket *s = SOCKET(u);
- int r = 0;
- Set *pid_set = NULL;
-
- assert(s);
-
- if (who == KILL_MAIN) {
- dbus_set_error(error, BUS_ERROR_NO_SUCH_PROCESS, "Socket units have no main processes");
- return -ESRCH;
- }
-
- if (s->control_pid <= 0 && who == KILL_CONTROL) {
- dbus_set_error(error, BUS_ERROR_NO_SUCH_PROCESS, "No control process to kill");
- return -ESRCH;
- }
+ Service *se = SERVICE(other);
- if (who == KILL_CONTROL || who == KILL_ALL)
- if (s->control_pid > 0)
- if (kill(s->control_pid, signo) < 0)
- r = -errno;
+ assert(u);
+ assert(other);
- if (who == KILL_ALL) {
- int q;
+ /* Don't propagate state changes from the service if we are
+ already down or accepting connections */
+ if ((s->state != SOCKET_RUNNING &&
+ s->state != SOCKET_LISTENING) ||
+ s->accept)
+ return;
- pid_set = set_new(trivial_hash_func, trivial_compare_func);
- if (!pid_set)
- return -ENOMEM;
+ if (other->load_state != UNIT_LOADED ||
+ other->type != UNIT_SERVICE)
+ return;
- /* Exclude the control pid from being killed via the cgroup */
- if (s->control_pid > 0) {
- q = set_put(pid_set, LONG_TO_PTR(s->control_pid));
- if (q < 0) {
- r = q;
- goto finish;
- }
- }
+ if (se->state == SERVICE_FAILED)
+ socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
- q = cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, signo, false, false, pid_set, NULL);
- if (q < 0 && q != -EAGAIN && q != -ESRCH && q != -ENOENT)
- r = q;
- }
+ if (se->state == SERVICE_DEAD ||
+ se->state == SERVICE_STOP ||
+ se->state == SERVICE_STOP_SIGTERM ||
+ se->state == SERVICE_STOP_SIGKILL ||
+ se->state == SERVICE_STOP_POST ||
+ se->state == SERVICE_FINAL_SIGTERM ||
+ se->state == SERVICE_FINAL_SIGKILL ||
+ se->state == SERVICE_AUTO_RESTART)
+ socket_notify_service_dead(s, false);
-finish:
- if (pid_set)
- set_free(pid_set);
+ if (se->state == SERVICE_RUNNING)
+ socket_set_state(s, SOCKET_RUNNING);
+}
- return r;
+static int socket_kill(Unit *u, KillWho who, int signo, DBusError *error) {
+ return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
}
static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
"Socket\0"
"Install\0",
+ .private_section = "Socket",
.exec_context_offset = offsetof(Socket, exec_context),
- .exec_section = "Socket",
+ .cgroup_context_offset = offsetof(Socket, cgroup_context),
.init = socket_init,
.done = socket_done,
.sigchld_event = socket_sigchld_event,
.timer_event = socket_timer_event,
+ .trigger_notify = socket_trigger_notify,
+
.reset_failed = socket_reset_failed,
.bus_interface = "org.freedesktop.systemd1.Socket",
.bus_message_handler = bus_socket_message_handler,
.bus_invalidating_properties = bus_socket_invalidating_properties,
+ .bus_set_property = bus_socket_set_property,
+ .bus_commit_properties = bus_socket_commit_properties,
.status_message_formats = {
/*.starting_stopping = {