2020-11-09 05:23:58 +01:00
/* SPDX-License-Identifier: LGPL-2.1-or-later */
2012-07-18 19:07:51 +02:00
# pragma once
2010-01-23 01:52:57 +01:00
typedef struct Service Service ;
2015-01-06 00:26:25 +01:00
typedef struct ServiceFDStore ServiceFDStore ;
2010-01-23 01:52:57 +01:00
2015-11-18 22:46:33 +01:00
# include "exit-status.h"
# include "kill.h"
2012-01-05 00:56:21 +01:00
# include "path.h"
2010-01-29 04:42:57 +01:00
# include "ratelimit.h"
2018-05-15 20:17:34 +02:00
# include "socket.h"
# include "unit.h"
2010-01-23 01:52:57 +01:00
2010-01-26 04:18:44 +01:00
typedef enum ServiceRestart {
2010-10-05 20:30:44 +02:00
SERVICE_RESTART_NO ,
2010-01-26 04:18:44 +01:00
SERVICE_RESTART_ON_SUCCESS ,
2010-10-08 18:34:54 +02:00
SERVICE_RESTART_ON_FAILURE ,
2014-06-05 18:42:52 +02:00
SERVICE_RESTART_ON_ABNORMAL ,
2013-07-25 14:07:59 +02:00
SERVICE_RESTART_ON_WATCHDOG ,
2010-10-08 18:34:54 +02:00
SERVICE_RESTART_ON_ABORT ,
2010-01-30 01:55:42 +01:00
SERVICE_RESTART_ALWAYS ,
_SERVICE_RESTART_MAX ,
_SERVICE_RESTART_INVALID = - 1
2010-01-26 04:18:44 +01:00
} ServiceRestart ;
typedef enum ServiceType {
2010-04-15 23:16:16 +02:00
SERVICE_SIMPLE , /* we fork and go on right-away (i.e. modern socket activated daemons) */
2010-06-02 19:15:42 +02:00
SERVICE_FORKING , /* forks by itself (i.e. traditional daemons) */
2010-08-13 18:23:01 +02:00
SERVICE_ONESHOT , /* we fork and wait until the program finishes (i.e. programs like fsck which run and need to finish before we continue) */
2010-04-15 23:16:16 +02:00
SERVICE_DBUS , /* we fork and wait until a specific D-Bus name appears on the bus */
2010-06-16 05:10:31 +02:00
SERVICE_NOTIFY , /* we fork and wait until a daemon sends us a ready message with sd_notify() */
2012-04-24 14:28:00 +02:00
SERVICE_IDLE , /* much like simple, but delay exec() until all jobs are dispatched. */
2018-07-17 11:47:14 +02:00
SERVICE_EXEC , /* we fork and wait until we execute exec() (this means our own setup is waited for) */
2010-01-30 01:55:42 +01:00
_SERVICE_TYPE_MAX ,
_SERVICE_TYPE_INVALID = - 1
2010-01-26 04:18:44 +01:00
} ServiceType ;
2010-01-23 01:52:57 +01:00
typedef enum ServiceExecCommand {
2019-06-29 02:02:30 +02:00
SERVICE_EXEC_CONDITION ,
2010-01-23 01:52:57 +01:00
SERVICE_EXEC_START_PRE ,
SERVICE_EXEC_START ,
SERVICE_EXEC_START_POST ,
SERVICE_EXEC_RELOAD ,
SERVICE_EXEC_STOP ,
SERVICE_EXEC_STOP_POST ,
2010-04-10 17:53:17 +02:00
_SERVICE_EXEC_COMMAND_MAX ,
_SERVICE_EXEC_COMMAND_INVALID = - 1
2010-01-23 01:52:57 +01:00
} ServiceExecCommand ;
2014-08-21 17:03:15 +02:00
typedef enum NotifyState {
NOTIFY_UNKNOWN ,
NOTIFY_READY ,
NOTIFY_RELOADING ,
NOTIFY_STOPPING ,
_NOTIFY_STATE_MAX ,
_NOTIFY_STATE_INVALID = - 1
} NotifyState ;
2016-12-06 13:01:35 +01:00
/* The values of this enum are referenced in man/systemd.exec.xml and src/shared/bus-unit-util.c.
* Update those sources for each change to this enum . */
2012-02-03 02:01:35 +01:00
typedef enum ServiceResult {
SERVICE_SUCCESS ,
2016-04-25 21:36:25 +02:00
SERVICE_FAILURE_RESOURCES , /* a bit of a misnomer, just our catch-all error for errnos we didn't expect */
2016-11-22 17:39:56 +01:00
SERVICE_FAILURE_PROTOCOL ,
2012-02-03 02:01:35 +01:00
SERVICE_FAILURE_TIMEOUT ,
SERVICE_FAILURE_EXIT_CODE ,
SERVICE_FAILURE_SIGNAL ,
SERVICE_FAILURE_CORE_DUMP ,
2012-02-08 10:10:34 +01:00
SERVICE_FAILURE_WATCHDOG ,
core: move enforcement of the start limit into per-unit-type code again
Let's move the enforcement of the per-unit start limit from unit.c into the
type-specific files again. For unit types that know a concept of "result" codes
this allows us to hook up the start limit condition to it with an explicit
result code. Also, this makes sure that the state checks in clal like
service_start() may be done before the start limit is checked, as the start
limit really should be checked last, right before everything has been verified
to be in order.
The generic start limit logic is left in unit.c, but the invocation of it is
moved into the per-type files, in the various xyz_start() functions, so that
they may place the check at the right location.
Note that this change drops the enforcement entirely from device, slice, target
and scope units, since these unit types generally may not fail activation, or
may only be activated a single time. This is also documented now.
Note that restores the "start-limit-hit" result code that existed before
6bf0f408e4833152197fb38fb10a9989c89f3a59 already in the service code. However,
it's not introduced for all units that have a result code concept.
Fixes #3166.
2016-05-02 13:01:26 +02:00
SERVICE_FAILURE_START_LIMIT_HIT ,
2019-03-19 19:05:19 +01:00
SERVICE_FAILURE_OOM_KILL ,
2019-06-29 02:02:30 +02:00
SERVICE_SKIP_CONDITION ,
2012-02-03 02:01:35 +01:00
_SERVICE_RESULT_MAX ,
_SERVICE_RESULT_INVALID = - 1
} ServiceResult ;
2019-04-16 16:45:20 +02:00
typedef enum ServiceTimeoutFailureMode {
SERVICE_TIMEOUT_TERMINATE ,
SERVICE_TIMEOUT_ABORT ,
SERVICE_TIMEOUT_KILL ,
_SERVICE_TIMEOUT_FAILURE_MODE_MAX ,
_SERVICE_TIMEOUT_FAILURE_MODE_INVALID = - 1
} ServiceTimeoutFailureMode ;
2015-01-06 00:26:25 +01:00
struct ServiceFDStore {
Service * service ;
int fd ;
2015-10-04 17:36:19 +02:00
char * fdname ;
2015-01-06 00:26:25 +01:00
sd_event_source * event_source ;
2020-04-09 15:30:02 +02:00
bool do_poll ;
2015-01-06 00:26:25 +01:00
LIST_FIELDS ( ServiceFDStore , fd_store ) ;
} ;
2010-01-23 01:52:57 +01:00
struct Service {
2012-01-15 12:04:08 +01:00
Unit meta ;
2010-01-23 01:52:57 +01:00
2010-01-26 04:18:44 +01:00
ServiceType type ;
ServiceRestart restart ;
2014-07-03 12:47:40 +02:00
ExitStatusSet restart_prevent_status ;
ExitStatusSet restart_force_status ;
2012-08-13 13:58:01 +02:00
ExitStatusSet success_status ;
2010-01-26 04:18:44 +01:00
/* If set we'll read the main daemon PID from this file */
char * pid_file ;
usec_t restart_usec ;
2012-08-07 14:41:48 +02:00
usec_t timeout_start_usec ;
usec_t timeout_stop_usec ;
2017-11-29 07:43:44 +01:00
usec_t timeout_abort_usec ;
2019-04-14 13:13:40 +02:00
bool timeout_abort_set ;
core: rework unit timeout handling, and add new setting RuntimeMaxSec=
This clean-ups timeout handling in PID 1. Specifically, instead of storing 0 in internal timeout variables as
indication for a disabled timeout, use USEC_INFINITY which is in-line with how we do this in the rest of our code
(following the logic that 0 means "no", and USEC_INFINITY means "never").
This also replace all usec_t additions with invocations to usec_add(), so that USEC_INFINITY is properly propagated,
and sd-event considers it has indication for turning off the event source.
This also alters the deserialization of the units to restart timeouts from the time they were originally started from.
Before this patch timeouts would be restarted beginning with the time of the deserialization, which could lead to
artificially prolonged timeouts if a daemon reload took place.
Finally, a new RuntimeMaxSec= setting is introduced for service units, that specifies a maximum runtime after which a
specific service is forcibly terminated. This is useful to put time limits on time-intensive processing jobs.
This also simplifies the various xyz_spawn() calls of the various types in that explicit distruction of the timers is
removed, as that is done anyway by the state change handlers, and a state change is always done when the xyz_spawn()
calls fail.
Fixes: #2249
2016-02-01 21:48:10 +01:00
usec_t runtime_max_usec ;
2019-04-16 16:45:20 +02:00
ServiceTimeoutFailureMode timeout_start_failure_mode ;
ServiceTimeoutFailureMode timeout_stop_failure_mode ;
2010-01-23 01:52:57 +01:00
2012-02-01 17:17:12 +01:00
dual_timestamp watchdog_timestamp ;
2018-10-24 19:04:41 +02:00
usec_t watchdog_usec ; /* the requested watchdog timeout in the unit file */
usec_t watchdog_original_usec ; /* the watchdog timeout that was in effect when the unit was started, i.e. the timeout the forked off processes currently see */
usec_t watchdog_override_usec ; /* the watchdog timeout requested by the service itself through sd_notify() */
2016-06-22 13:26:05 +02:00
bool watchdog_override_enable ;
2013-11-19 21:12:59 +01:00
sd_event_source * watchdog_event_source ;
2012-02-01 17:17:12 +01:00
2010-04-10 17:53:17 +02:00
ExecCommand * exec_command [ _SERVICE_EXEC_COMMAND_MAX ] ;
2012-07-19 23:47:10 +02:00
2010-01-23 01:52:57 +01:00
ExecContext exec_context ;
2012-07-19 23:47:10 +02:00
KillContext kill_context ;
2013-06-27 04:14:27 +02:00
CGroupContext cgroup_context ;
2010-01-23 01:52:57 +01:00
2010-04-21 03:27:44 +02:00
ServiceState state , deserialized_state ;
2010-01-26 04:18:44 +01:00
2011-01-20 18:46:38 +01:00
/* The exit status of the real main process */
2010-01-26 04:18:44 +01:00
ExecStatus main_exec_status ;
2011-01-20 18:46:38 +01:00
/* The currently executed control process */
2010-01-26 04:18:44 +01:00
ExecCommand * control_command ;
2011-01-20 18:46:38 +01:00
/* The currently executed main process, which may be NULL if
* the main process got started via forking mode and not by
* us */
ExecCommand * main_command ;
/* The ID of the control command currently being executed */
2010-04-21 03:27:44 +02:00
ServiceExecCommand control_command_id ;
2011-01-20 18:46:38 +01:00
2013-11-27 20:23:18 +01:00
/* Runtime data of the execution context */
ExecRuntime * exec_runtime ;
2016-07-14 12:37:28 +02:00
DynamicCreds dynamic_creds ;
2013-11-27 20:23:18 +01:00
2010-01-26 04:18:44 +01:00
pid_t main_pid , control_pid ;
2010-09-21 05:23:12 +02:00
int socket_fd ;
2016-08-02 19:48:23 +02:00
SocketPeer * peer ;
2014-07-24 10:40:28 +02:00
bool socket_fd_selinux_context_net ;
2010-07-20 20:33:19 +02:00
bool permissions_start_only ;
bool root_directory_start_only ;
2010-08-17 19:37:36 +02:00
bool remain_after_exit ;
2011-02-13 18:51:30 +01:00
bool guess_main_pid ;
2010-07-20 20:33:19 +02:00
2010-04-15 23:16:16 +02:00
/* If we shut down, remember why */
2012-02-03 02:01:35 +01:00
ServiceResult result ;
ServiceResult reload_result ;
2019-04-01 18:48:20 +02:00
ServiceResult clean_result ;
2011-01-20 13:17:22 +01:00
2010-08-09 17:12:25 +02:00
bool main_pid_known : 1 ;
2011-04-28 04:56:53 +02:00
bool main_pid_alien : 1 ;
2010-04-15 23:16:16 +02:00
bool bus_name_good : 1 ;
2010-08-09 23:33:48 +02:00
bool forbid_restart : 1 ;
2017-12-05 16:51:19 +01:00
/* Keep restart intention between UNIT_FAILED and UNIT_ACTIVATING */
bool will_auto_restart : 1 ;
2012-08-07 14:41:48 +02:00
bool start_timeout_defined : 1 ;
2019-03-26 20:11:30 +01:00
bool exec_fd_hot : 1 ;
2010-02-14 01:09:01 +01:00
2010-04-15 23:16:16 +02:00
char * bus_name ;
core: fix bus name synchronization after daemon-reload
During daemon-reload, PID1 temporarly loses its DBus connection, so there's
a small window in which all signals sent by dbus-daemon are lost.
This is a problem, since we rely on the NameOwnerChanged signals in order to
consider a service with Type=dbus fully started or terminated, respectively.
In order to fix this, a rewrite of bus_list_names() is necessary. We used
to walk the current list of names on the bus, and blindly triggered the
bus_name_owner_change() callback on each service, providing the actual name
as current owner. This implementation has a number of problems:
* We cannot detect if the the name was moved from one owner to the other
while we were reloading
* We don't notify services which missed the name loss signal
* Providing the actual name as current owner is a hack, as the comment also
admits.
To fix this, this patch carries the following changes:
* Track the name of the current bus name owner, and (de-)serialize it
during reload. This way, we can detect changes.
* In bus_list_names(), walk the list of bus names we're interested in
first, and then see if the name is active on the bus. If it is,
check it it's still the same as it used to be, and synthesize
NameOwnerChanged signals for the name add and/or loss.
This should fully synchronize the current name list with the internal
state of all services.
2015-12-18 17:28:15 +01:00
char * bus_name_owner ; /* unique name of the current owner */
2010-04-15 23:16:16 +02:00
2010-06-16 05:10:31 +02:00
char * status_text ;
2014-07-07 14:20:36 +02:00
int status_errno ;
2010-06-16 05:10:31 +02:00
2012-01-06 23:08:54 +01:00
UnitRef accept_socket ;
2010-04-15 06:19:54 +02:00
2013-11-19 21:12:59 +01:00
sd_event_source * timer_event_source ;
2011-12-03 02:13:30 +01:00
PathSpec * pid_file_pathspec ;
2010-07-20 20:33:19 +02:00
NotifyAccess notify_access ;
2014-08-21 17:03:15 +02:00
NotifyState notify_state ;
2015-01-06 00:26:25 +01:00
2018-07-17 11:47:14 +02:00
sd_event_source * exec_fd_event_source ;
2015-01-06 00:26:25 +01:00
ServiceFDStore * fd_store ;
tree-wide: be more careful with the type of array sizes
Previously we were a bit sloppy with the index and size types of arrays,
we'd regularly use unsigned. While I don't think this ever resulted in
real issues I think we should be more careful there and follow a
stricter regime: unless there's a strong reason not to use size_t for
array sizes and indexes, size_t it should be. Any allocations we do
ultimately will use size_t anyway, and converting forth and back between
unsigned and size_t will always be a source of problems.
Note that on 32bit machines "unsigned" and "size_t" are equivalent, and
on 64bit machines our arrays shouldn't grow that large anyway, and if
they do we have a problem, however that kind of overly large allocation
we have protections for usually, but for overflows we do not have that
so much, hence let's add it.
So yeah, it's a story of the current code being already "good enough",
but I think some extra type hygiene is better.
This patch tries to be comprehensive, but it probably isn't and I missed
a few cases. But I guess we can cover that later as we notice it. Among
smaller fixes, this changes:
1. strv_length()' return type becomes size_t
2. the unit file changes array size becomes size_t
3. DNS answer and query array sizes become size_t
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=76745
2018-04-27 14:09:31 +02:00
size_t n_fd_store ;
2015-01-06 00:26:25 +01:00
unsigned n_fd_store_max ;
2017-11-13 15:08:49 +01:00
unsigned n_keep_fd_store ;
2015-09-04 12:23:51 +02:00
char * usb_function_descriptors ;
char * usb_function_strings ;
2015-10-07 23:07:39 +02:00
int stdin_fd ;
int stdout_fd ;
int stderr_fd ;
2017-08-09 21:12:55 +02:00
unsigned n_restarts ;
bool flush_n_restarts ;
2019-03-19 19:05:19 +01:00
OOMPolicy oom_policy ;
2010-01-23 01:52:57 +01:00
} ;
2017-11-29 07:43:44 +01:00
static inline usec_t service_timeout_abort_usec ( Service * s ) {
2019-04-14 13:46:24 +02:00
assert ( s ) ;
2017-11-29 07:43:44 +01:00
return s - > timeout_abort_set ? s - > timeout_abort_usec : s - > timeout_stop_usec ;
}
2020-05-26 15:35:18 +02:00
static inline usec_t service_get_watchdog_usec ( Service * s ) {
assert ( s ) ;
return s - > watchdog_override_enable ? s - > watchdog_override_usec : s - > watchdog_original_usec ;
}
2010-02-03 14:21:48 +01:00
extern const UnitVTable service_vtable ;
2010-01-23 01:52:57 +01:00
2014-07-24 10:40:28 +02:00
int service_set_socket_fd ( Service * s , int fd , struct Socket * socket , bool selinux_context_net ) ;
2016-04-28 17:09:50 +02:00
void service_close_socket_fd ( Service * s ) ;
2010-04-15 06:19:54 +02:00
2013-05-03 04:51:50 +02:00
const char * service_restart_to_string ( ServiceRestart i ) _const_ ;
ServiceRestart service_restart_from_string ( const char * s ) _pure_ ;
2010-01-30 01:55:42 +01:00
2013-05-03 04:51:50 +02:00
const char * service_type_to_string ( ServiceType i ) _const_ ;
ServiceType service_type_from_string ( const char * s ) _pure_ ;
2010-01-30 01:55:42 +01:00
2013-05-03 04:51:50 +02:00
const char * service_exec_command_to_string ( ServiceExecCommand i ) _const_ ;
ServiceExecCommand service_exec_command_from_string ( const char * s ) _pure_ ;
2010-01-30 01:55:42 +01:00
2019-02-20 23:53:58 +01:00
const char * service_exec_ex_command_to_string ( ServiceExecCommand i ) _const_ ;
ServiceExecCommand service_exec_ex_command_from_string ( const char * s ) _pure_ ;
2014-08-21 17:03:15 +02:00
const char * notify_state_to_string ( NotifyState i ) _const_ ;
NotifyState notify_state_from_string ( const char * s ) _pure_ ;
2013-05-03 04:51:50 +02:00
const char * service_result_to_string ( ServiceResult i ) _const_ ;
ServiceResult service_result_from_string ( const char * s ) _pure_ ;
2018-05-15 20:17:34 +02:00
2019-04-16 16:45:20 +02:00
const char * service_timeout_failure_mode_to_string ( ServiceTimeoutFailureMode i ) _const_ ;
ServiceTimeoutFailureMode service_timeout_failure_mode_from_string ( const char * s ) _pure_ ;
2018-05-15 20:17:34 +02:00
DEFINE_CAST ( SERVICE , Service ) ;
2018-10-17 18:37:48 +02:00
# define STATUS_TEXT_MAX (16U*1024U)