diff --git a/docs/TRANSIENT-SETTINGS.md b/docs/TRANSIENT-SETTINGS.md
index 7ba5837e81..615342943d 100644
--- a/docs/TRANSIENT-SETTINGS.md
+++ b/docs/TRANSIENT-SETTINGS.md
@@ -368,6 +368,7 @@ Scope units are fully supported as transient units (in fact they only exist as
such).
```
+✓ RuntimeMaxSec=
✓ TimeoutStopSec=
```
diff --git a/man/systemd.scope.xml b/man/systemd.scope.xml
index 503a480dd0..daf3554db2 100644
--- a/man/systemd.scope.xml
+++ b/man/systemd.scope.xml
@@ -77,6 +77,31 @@
+
+ Options
+
+ Scope files may include a [Scope]
+ section, which carries information about the scope and the
+ units it contains. A number of options that may be used in
+ this section are shared with other unit types. These options are
+ documented in
+ systemd.kill5
+ and
+ systemd.resource-control5.
+ The options specific to the [Scope] section
+ of scope units are the following:
+
+
+
+ RuntimeMaxSec=
+
+ Configures a maximum time for the scope to run. If this is used and the scope has been
+ active for longer than the specified time it is terminated and put into a failure state. Pass
+ infinity (the default) to configure no runtime limit.
+
+
+
+
See Also
diff --git a/src/core/dbus-scope.c b/src/core/dbus-scope.c
index 9b8fed69cb..84d91dcfa3 100644
--- a/src/core/dbus-scope.c
+++ b/src/core/dbus-scope.c
@@ -47,6 +47,7 @@ const sd_bus_vtable bus_scope_vtable[] = {
SD_BUS_PROPERTY("Controller", "s", NULL, offsetof(Scope, controller), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
SD_BUS_PROPERTY("TimeoutStopUSec", "t", bus_property_get_usec, offsetof(Scope, timeout_stop_usec), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("Result", "s", property_get_result, offsetof(Scope, result), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+ SD_BUS_PROPERTY("RuntimeMaxUSec", "t", bus_property_get_usec, offsetof(Scope, runtime_max_usec), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_SIGNAL("RequestStop", NULL, 0),
SD_BUS_METHOD("Abandon", NULL, NULL, bus_scope_method_abandon, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_VTABLE_END
@@ -71,6 +72,9 @@ static int bus_scope_set_transient_property(
if (streq(name, "TimeoutStopUSec"))
return bus_set_transient_usec(u, name, &s->timeout_stop_usec, message, flags, error);
+ if (streq(name, "RuntimeMaxUSec"))
+ return bus_set_transient_usec(u, name, &s->runtime_max_usec, message, flags, error);
+
if (streq(name, "PIDs")) {
_cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
unsigned n = 0;
diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
index 10e4801cfe..0f25a3b39e 100644
--- a/src/core/load-fragment-gperf.gperf.m4
+++ b/src/core/load-fragment-gperf.gperf.m4
@@ -468,6 +468,7 @@ CGROUP_CONTEXT_CONFIG_ITEMS(Slice)m4_dnl
m4_dnl
CGROUP_CONTEXT_CONFIG_ITEMS(Scope)m4_dnl
KILL_CONTEXT_CONFIG_ITEMS(Scope)m4_dnl
+Scope.RuntimeMaxSec, config_parse_sec, 0, offsetof(Scope, runtime_max_usec)
Scope.TimeoutStopSec, config_parse_sec, 0, offsetof(Scope, timeout_stop_usec)
m4_dnl The [Install] section is ignored here.
Install.Alias, NULL, 0, 0
diff --git a/src/core/scope.c b/src/core/scope.c
index 5303142d09..874511c98c 100644
--- a/src/core/scope.c
+++ b/src/core/scope.c
@@ -34,6 +34,7 @@ static void scope_init(Unit *u) {
assert(u);
assert(u->load_state == UNIT_STUB);
+ s->runtime_max_usec = USEC_INFINITY;
s->timeout_stop_usec = u->manager->default_timeout_stop_usec;
u->ignore_on_isolate = true;
}
@@ -202,6 +203,9 @@ static usec_t scope_coldplug_timeout(Scope *s) {
switch (s->deserialized_state) {
+ case SCOPE_RUNNING:
+ return usec_add(UNIT(s)->active_enter_timestamp.monotonic, s->runtime_max_usec);
+
case SCOPE_STOP_SIGKILL:
case SCOPE_STOP_SIGTERM:
return usec_add(UNIT(s)->state_change_timestamp.monotonic, s->timeout_stop_usec);
@@ -236,15 +240,18 @@ static int scope_coldplug(Unit *u) {
static void scope_dump(Unit *u, FILE *f, const char *prefix) {
Scope *s = SCOPE(u);
+ char buf_runtime[FORMAT_TIMESPAN_MAX];
assert(s);
assert(f);
fprintf(f,
"%sScope State: %s\n"
- "%sResult: %s\n",
+ "%sResult: %s\n"
+ "%sRuntimeMaxSec: %s\n",
prefix, scope_state_to_string(s->state),
- prefix, scope_result_to_string(s->result));
+ prefix, scope_result_to_string(s->result),
+ prefix, format_timespan(buf_runtime, sizeof(buf_runtime), s->runtime_max_usec, USEC_PER_SEC));
cgroup_context_dump(&s->cgroup_context, f, prefix);
kill_context_dump(&s->kill_context, f, prefix);
@@ -357,6 +364,9 @@ static int scope_start(Unit *u) {
scope_set_state(s, SCOPE_RUNNING);
+ /* Set the maximum runtime timeout. */
+ scope_arm_timer(s, usec_add(UNIT(s)->active_enter_timestamp.monotonic, s->runtime_max_usec));
+
/* Start watching the PIDs currently in the scope */
(void) unit_enqueue_rewatch_pids(u);
return 1;
@@ -491,6 +501,11 @@ static int scope_dispatch_timer(sd_event_source *source, usec_t usec, void *user
switch (s->state) {
+ case SCOPE_RUNNING:
+ log_unit_warning(UNIT(s), "Scope reached runtime time limit. Stopping.");
+ scope_enter_signal(s, SCOPE_STOP_SIGTERM, SCOPE_FAILURE_TIMEOUT);
+ break;
+
case SCOPE_STOP_SIGTERM:
if (s->kill_context.send_sigkill) {
log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
diff --git a/src/core/scope.h b/src/core/scope.h
index c38afb5e5d..ae2bb80e55 100644
--- a/src/core/scope.h
+++ b/src/core/scope.h
@@ -24,6 +24,7 @@ struct Scope {
ScopeState state, deserialized_state;
ScopeResult result;
+ usec_t runtime_max_usec;
usec_t timeout_stop_usec;
char *controller;
diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
index dc7c2f41aa..ace17da0c7 100644
--- a/src/shared/bus-unit-util.c
+++ b/src/shared/bus-unit-util.c
@@ -1402,6 +1402,10 @@ static int bus_append_path_property(sd_bus_message *m, const char *field, const
}
static int bus_append_scope_property(sd_bus_message *m, const char *field, const char *eq) {
+ if (streq(field, "RuntimeMaxSec"))
+
+ return bus_append_parse_sec_rename(m, field, eq);
+
if (streq(field, "TimeoutStopSec"))
return bus_append_parse_sec_rename(m, field, eq);
diff --git a/test/TEST-03-JOBS/test-jobs.sh b/test/TEST-03-JOBS/test-jobs.sh
index 42190cf478..fca6cccb4f 100755
--- a/test/TEST-03-JOBS/test-jobs.sh
+++ b/test/TEST-03-JOBS/test-jobs.sh
@@ -84,4 +84,14 @@ END_SEC=$(date -u '+%s')
ELAPSED=$(($END_SEC-$START_SEC))
[[ "$ELAPSED" -ge 5 ]] && [[ "$ELAPSED" -le 7 ]] || exit 1
+# Test time-limited scopes
+START_SEC=$(date -u '+%s')
+set +e
+systemd-run --scope --property=RuntimeMaxSec=3s sleep 10
+RESULT=$?
+END_SEC=$(date -u '+%s')
+ELAPSED=$(($END_SEC-$START_SEC))
+[[ "$ELAPSED" -ge 3 ]] && [[ "$ELAPSED" -le 5 ]] || exit 1
+[[ "$RESULT" -ne 0 ]] || exit 1
+
touch /testok
diff --git a/test/fuzz/fuzz-unit-file/directives.scope b/test/fuzz/fuzz-unit-file/directives.scope
new file mode 100644
index 0000000000..d0e194c371
--- /dev/null
+++ b/test/fuzz/fuzz-unit-file/directives.scope
@@ -0,0 +1,2 @@
+scope
+RuntimeMaxSec=