* cache sd_event_now() result from before the first iteration...
- * add systemctl stop --job-mode=triggering that follows TRIGGERED_BY deps and adds them to the same transaction
-
+* remove Capabilities=, after all AmbientCapabilities= and CapabilityBoundingSet= should be enough.
+
* PID1: find a way how we can reload unit file configuration for
specific units only, without reloading the whole of systemd
</varlistentry>
<varlistentry>
+ <term><varname>Capabilities=</varname></term>
+ <listitem><para>Controls the
+ <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ set for the executed process. Take a capability string
+ describing the effective, permitted and inherited capability
+ sets as documented in
+ <citerefentry project='mankier'><refentrytitle>cap_from_text</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
+ Note that these capability sets are usually influenced (and
+ filtered) by the capabilities attached to the executed file.
+ Due to that <varname>CapabilityBoundingSet=</varname> is
+ probably a much more useful setting.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>TimeoutCleanSec=</varname></term>
+ <listitem><para>Configures a timeout on the clean-up operation requested through <command>systemctl
+ clean …</command>, see
+ <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> for
+ details. Takes the usual time values and defaults to <constant>infinity</constant>, i.e. by default
+ no time-out is applied. If a time-out is configured the clean operation will be aborted forcibly when
+ the time-out is reached, potentially leaving resources on disk.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><varname>ReadWritePaths=</varname></term>
<term><varname>ReadOnlyPaths=</varname></term>
<term><varname>InaccessiblePaths=</varname></term>
--- /dev/null
- Version: 243
+# "enable foo" will turn into --enable-foo or --disable-foo
+# depending "with_foo" macro
+%define enable() %{expand:%%{?with_%{1}:--enable-%{1}}%%{!?with_%{1}:--disable-%{1}}}
+
+%define WITH_RANDOMSEED 0
+%define WITH_BASH_COMPLETION 0
+%define WITH_ZSH_COMPLETION 0
+%define WITH_COREDUMP 0
+%define WITH_BACKLIGHT 0
+%define WITH_TIMEDATED 0
+%define WITH_RFKILL 0
+%define WITH_MACHINED 0
+%define WITH_DOC 0
+%define WITH_HOSTNAMED 0
+
+%define build_dir _build
+%define dbuspolicydir %{_datadir}/dbus-1
+
+# The 'meson' macro is defined in rpm macros, but it uses features from rpm 4.15 ({shrink, set_build_flags)
+# Below is a version suitable for our purposes
+%define meson \
+ CFLAGS="${CFLAGS:-%optflags}" \
+ export CFLAGS \
+ %{__meson} \\\
+ --buildtype=plain \\\
+ --prefix=%{_prefix} \\\
+ --libdir=%{_libdir} \\\
+ --libexecdir=%{_libexecdir} \\\
+ --bindir=%{_bindir} \\\
+ --sbindir=%{_sbindir} \\\
+ --includedir=%{_includedir} \\\
+ --datadir=%{_datadir} \\\
+ --mandir=%{_mandir} \\\
+ --infodir=%{_infodir} \\\
+ --localedir=%{_datadir}/locale \\\
+ --sysconfdir=%{_sysconfdir} \\\
+ --localstatedir=%{_localstatedir} \\\
+ --sharedstatedir=%{_sharedstatedir} \\\
+ --wrap-mode=%{__meson_wrap_mode} \\\
+ %{_vpath_builddir}
+# Ninja macros below are defined for ninja in e.g. fedora distro, but
+# so far they are not provided by Tizen's ninja package.
+%define __ninja %{_bindir}/ninja
+%define __ninja_common_opts -v %{?_smp_flags}
+%define ninja_build \
+ %{__ninja} %{__ninja_common_opts}
+%define ninja_install \
+ DESTDIR=%{buildroot} %{__ninja} install %{__ninja_common_opts}
+
+Name: systemd
++Version: 244
+Release: 0%{?release_flags}
+# For a breakdown of the licensing, see README
+License: LGPL-2.1+ and GPL-2.0+
+Summary: A System and Service Manager
+Url: http://www.freedesktop.org/wiki/Software/systemd
+Group: Base/Startup
+Source0: https://github.com/systemd/systemd/archive/v%{version}.tar.gz
+Source1: pamconsole-tmp.conf
+Source2: %{name}-rpmlintrc
+Source3: test-runner.c
+Source4: wait-default-target.sh
+Source5: wait-delayed-target.sh
+Source6: org.tizen.system.conf
+Source7: sysctl-tizen-override.conf
+Source1001: systemd.manifest
+BuildRequires: gperf
+BuildRequires: intltool >= 0.40.0
+BuildRequires: libacl-devel
+BuildRequires: libblkid-devel >= 2.20
+BuildRequires: libcap-devel
+BuildRequires: libgcrypt-devel
+BuildRequires: libkmod-devel >= 14
+%if %{?WITH_DOC}
+BuildRequires: xsltproc
+BuildRequires: docbook-xsl-stylesheets
+%endif
+BuildRequires: pam-devel
+BuildRequires: pkgconfig
+# BuildRequires: pkgconfig(dbus-1) # for remove circular dependency on OBS
+BuildRequires: pkgconfig(glib-2.0)
+BuildRequires: pkgconfig(liblzma)
+BuildRequires: pkgconfig(libkmod)
+BuildRequires: pkgconfig(mount)
+BuildRequires: meson
+BuildRequires: acl
+BuildRequires: python
+# Requires: dbus # for remove circular dependency on OBS
+Requires: filesystem
+Requires(post): coreutils
+Requires(pre): coreutils
+Requires(pre): /usr/bin/getent
+Requires(pre): /usr/sbin/groupadd
+Requires(post): %{_sbindir}/update-alternatives
+Requires(preun): %{_sbindir}/update-alternatives
+
+Obsoletes: SysVinit < 2.86-24
+Obsoletes: sysvinit < 2.86-24
+Provides: SysVinit = 2.86-24
+Provides: sysvinit = 2.86-24
+Provides: /bin/systemctl
+Provides: /sbin/shutdown
+Provides: udev = %{version}
+Obsoletes: udev < 183
+
+%description
+systemd is a system and service manager for Linux, compatible with
+SysV and LSB init scripts. systemd provides aggressive parallelization
+capabilities, uses socket and D-Bus activation for starting services,
+offers on-demand starting of daemons, keeps track of processes using
+Linux cgroups, supports snapshotting and restoring of the system
+state, maintains mount and automount points and implements an
+elaborate transactional dependency-based service control logic. It can
+work as a drop-in replacement for sysvinit.
+
+%package -n libsystemd
+License: LGPL-2.1+
+Summary: Systemd libraries
+Group: Base/Startup
+Obsoletes: libudev < 183
+Provides: libudev = %{version}
+Obsoletes: systemd < 185-4
+Conflicts: systemd < 185-4
+
+%description -n libsystemd
+Libraries for systemd and udev, as well as the systemd PAM module.
+
+%package devel
+License: LGPL-2.1+
+Summary: Development headers for systemd
+Requires: %{name} = %{version}
+Requires: libsystemd = %{version}
+Provides: libudev-devel = %{version}
+Obsoletes: libudev-devel < 183
+
+%description devel
+Development headers and auxiliary files for developing applications for systemd.
+
+%package analyze
+License: LGPL-2.1+
+Summary: Tool for processing systemd profiling information
+Requires: %{name} = %{version}
+Obsoletes: systemd < 38-5
+
+%description analyze
+'systemd-analyze blame' lists which systemd unit needed how much time to finish
+initialization at boot.
+'systemd-analyze plot' renders an SVG visualizing the parallel start of units
+at boot.
+
+%package tests
+License: LGPL-2.1+ and BSD-2-Clause
+Summary: Set of tests for sd-bus component
+Requires: %{name} = %{version}
+
+%description tests
+This package is part of 'dbus-integratnion-tests' framework and contains set of tests
+for sd-bus component (DBUS API C library).
+
+%package extension-kdbus
+Summary: Extension for systemd to support KDBUS in Tizen
+Requires: %{name} = %{version}-%{release}
+
+%description extension-kdbus
+This modifies systemd to support KDBUS in Tizen.
+
+%prep
+%setup -q
+
+%build
+cp %{SOURCE1001} .
+cp %{SOURCE3} .
+
+%define _vpath_srcdir .
+%define _vpath_builddir %{build_dir}
+%meson \
+ -Dkdbus=true \
+%if ! %{WITH_RANDOMSEED}
+ -Drandomseed=false \
+%endif
+%if ! %{?WITH_COREDUMP}
+ -Dcoredump=false \
+%endif
+%if ! %{?WITH_BACKLIGHT}
+ -Dbacklight=false \
+%endif
+%if ! %{?WITH_TIMEDATED}
+ -Dtimedated=false \
+%endif
+%if ! %{WITH_RFKILL}
+ -Drfkill=false \
+%endif
+ -Dhwdb=false \
+ -Dsysusers=false \
+ -Dfirstboot=false \
+ -Dpolkit=false \
+ -Dtimesyncd=false \
+ -Dresolve=false \
+ -Dnetworkd=false \
+%if ! %{?WITH_MACHINED}
+ -Dmachined=false \
+%endif
+%if ! %{?WITH_HOSTNAMED}
+ -Dhostnamed=false \
+%endif
+ -Dimportd=false \
+ -Denvironment-d=false \
+ -Dnss-systemd=false \
+ -Dgcrypt=false \
+%if ! %{?WITH_DOC}
+ -Dman=false \
+%endif
+ -Dportabled=false \
+ -Dpstore=false \
+ -Drpmmacrosdir=%{_sysconfdir}/rpm/ \
+ -Dsysvinit-path="" \
+ -Dsysvrcnd-path="" \
+ -Dsmack-run-label=System::Privileged \
+ -Dinstall-tests=true \
+ -Ddefault-hierarchy=legacy \
+ -Db_pie=true
+%meson_build
+
+# compile test-runner for 'dbus-integration-test' framework
+%__cc %{_builddir}/%{name}-%{version}/test-runner.c -o %{_builddir}/%{name}-%{version}/systemd-tests
+
+%install
+%meson_install
+%find_lang %{name}
+cat <<EOF >> systemd.lang
+%lang(be) /usr/lib/systemd/catalog/systemd.be.catalog
+%lang(be) /usr/lib/systemd/catalog/systemd.be@latin.catalog
+%lang(bg) /usr/lib/systemd/catalog/systemd.bg.catalog
+%lang(de) /usr/lib/systemd/catalog/systemd.de.catalog
+%lang(fr) /usr/lib/systemd/catalog/systemd.fr.catalog
+%lang(it) /usr/lib/systemd/catalog/systemd.it.catalog
+%lang(pl) /usr/lib/systemd/catalog/systemd.pl.catalog
+%lang(pt_BR) /usr/lib/systemd/catalog/systemd.pt_BR.catalog
+%lang(ru) /usr/lib/systemd/catalog/systemd.ru.catalog
+%lang(zh) /usr/lib/systemd/catalog/systemd.zh_CN.catalog
+%lang(zh) /usr/lib/systemd/catalog/systemd.zh_TW.catalog
+EOF
+
+# udev links
+/usr/bin/mkdir -p %{buildroot}/%{_sbindir}
+/usr/bin/ln -sf ../bin/udevadm %{buildroot}%{_sbindir}/udevadm
+/usr/bin/mkdir -p %{buildroot}%{_prefix}/lib/firmware/updates
+
+# Create SysV compatibility symlinks. systemctl/systemd are smart
+# enough to detect in which way they are called.
+/usr/bin/ln -s ../lib/systemd/systemd %{buildroot}%{_bindir}/systemd
+
+# legacy links
+/usr/bin/ln -s loginctl %{buildroot}%{_bindir}/systemd-loginctl
+
+# Make sure these directories are properly owned
+/usr/bin/mkdir -p %{buildroot}%{_prefix}/lib/systemd/system/basic.target.wants
+/usr/bin/mkdir -p %{buildroot}%{_prefix}/lib/systemd/system/default.target.wants
+/usr/bin/mkdir -p %{buildroot}%{_prefix}/lib/systemd/system/dbus.target.wants
+/usr/bin/mkdir -p %{buildroot}%{_prefix}/lib/systemd/system/syslog.target.wants
+
+# Make sure the user generators dir exists too
+/usr/bin/mkdir -p %{buildroot}%{_prefix}/lib/systemd/system-generators
+/usr/bin/mkdir -p %{buildroot}%{_prefix}/lib/systemd/user-generators
+
+# Create new-style configuration files so that we can ghost-own them
+/usr/bin/touch %{buildroot}%{_sysconfdir}/hostname
+/usr/bin/touch %{buildroot}%{_sysconfdir}/vconsole.conf
+/usr/bin/touch %{buildroot}%{_sysconfdir}/locale.conf
+/usr/bin/touch %{buildroot}%{_sysconfdir}/machine-id
+/usr/bin/touch %{buildroot}%{_sysconfdir}/machine-info
+/usr/bin/touch %{buildroot}%{_sysconfdir}/timezone
+
+/usr/bin/mkdir -p %{buildroot}%{_prefix}/lib/systemd/system-preset/
+/usr/bin/mkdir -p %{buildroot}%{_prefix}/lib/systemd/user-preset/
+
+# Make sure the shutdown/sleep drop-in dirs exist
+/usr/bin/mkdir -p %{buildroot}%{_prefix}/lib/systemd/system-shutdown/
+/usr/bin/mkdir -p %{buildroot}%{_prefix}/lib/systemd/system-sleep/
+
+# Make sure the NTP units dir exists
+/usr/bin/mkdir -p %{buildroot}%{_prefix}/lib/systemd/ntp-units.d/
+
+# Install modprobe fragment
+/usr/bin/mkdir -p %{buildroot}%{_sysconfdir}/modprobe.d/
+
+# Fix the dangling /var/lock -> /run/lock symlink
+install -Dm644 tmpfiles.d/legacy.conf %{buildroot}%{_prefix}/lib/tmpfiles.d/legacy.conf
+
+install -m644 %{SOURCE1} %{buildroot}%{_prefix}/lib/tmpfiles.d/
+
+install -m 755 -d %{buildroot}/%{_prefix}/lib/systemd/system
+
+rm -rf %{buildroot}/%{_docdir}/%{name}
+
+# Allow replacing systemd-shutdown with tizen-specific variant
+mv %{buildroot}%{_prefix}/lib/systemd/systemd-shutdown %{buildroot}%{_prefix}/lib/systemd/systemd-shutdown-original
+
+# Disable some useless services in Tizen
+rm -rf %{buildroot}/%{_prefix}/lib/systemd/system/sysinit.target.wants/dev-hugepages.mount
+rm -rf %{buildroot}/%{_prefix}/lib/systemd/system/sysinit.target.wants/sys-fs-fuse-connections.mount
+rm -rf %{buildroot}/%{_prefix}/lib/systemd/system/sysinit.target.wants/systemd-binfmt.service
+rm -rf %{buildroot}/%{_prefix}/lib/systemd/system/sysinit.target.wants/systemd-modules-load.service
+rm -rf %{buildroot}/%{_prefix}/lib/systemd/system/sysinit.target.wants/systemd-ask-password-console.path
+rm -rf %{buildroot}/%{_prefix}/lib/systemd/system/multi-user.target.wants/systemd-ask-password-wall.path
+rm -rf %{buildroot}/%{_prefix}/lib/systemd/system/systemd-tmpfiles-clean.timer
+rm -rf %{buildroot}/%{_prefix}/lib/systemd/system/systemd-tmpfiles-clean.service
+rm -rf %{buildroot}/%{_prefix}/lib/systemd/system/timers.target.wants/systemd-tmpfiles-clean.timer
+rm -rf %{buildroot}/%{_prefix}/lib/systemd/user/systemd-tmpfiles-clean.timer
+rm -rf %{buildroot}/%{_prefix}/lib/systemd/user/systemd-tmpfiles-clean.service
+rm -rf %{buildroot}/%{_prefix}/lib/systemd/user/systemd-tmpfiles-setup.service
+
+# Exclude ELF binaries
+rm -f %{buildroot}/%{_prefix}/lib/systemd/system-generators/systemd-debug-generator
+rm -f %{buildroot}/%{_prefix}/lib/systemd/system-generators/systemd-efi-boot-generator
+rm -f %{buildroot}/%{_prefix}/lib/systemd/system-generators/systemd-gpt-auto-generator
+rm -f %{buildroot}/%{_prefix}/lib/systemd/system-generators/systemd-hibernate-resume-generator
+rm -f %{buildroot}/%{_prefix}/lib/systemd/system-generators/systemd-bless-boot-generator
+rm -f %{buildroot}/%{_prefix}/lib/systemd/system-generators/systemd-run-generator
+
+# Marker file for kdbus
+touch %{buildroot}/%{_sysconfdir}/systemd/extension-kdbus
+
+# Prepare tests for 'dbus-integration-test' framework
+install -D -m 755 %{_builddir}/%{name}-%{version}/systemd-tests %{buildroot}%{_prefix}/lib/dbus-tests/runner/systemd-tests
+mkdir -p %{buildroot}%{_prefix}/lib/dbus-tests/test-suites/systemd-tests/
+mv %{buildroot}%{_prefix}/lib/systemd/tests/test-bus-* %{buildroot}%{_prefix}/lib/dbus-tests/test-suites/systemd-tests/
+
+# Shell Completion
+%if ! %{?WITH_BASH_COMPLETION}
+rm -rf %{buildroot}/%{_datadir}/bash-completion/*
+%endif
+%if ! %{?WITH_ZSH_COMPLETION}
+rm -rf %{buildroot}/%{_datadir}/zsh/site-functions/*
+%endif
+
+mkdir -p %{buildroot}/%{_localstatedir}/log/journal
+
+ln -sf ./libsystemd.pc %{buildroot}%{_libdir}/pkgconfig/libsystemd-daemon.pc
+ln -sf ./libsystemd.pc %{buildroot}%{_libdir}/pkgconfig/libsystemd-id128.pc
+ln -sf ./libsystemd.pc %{buildroot}%{_libdir}/pkgconfig/libsystemd-journal.pc
+ln -sf ./libsystemd.pc %{buildroot}%{_libdir}/pkgconfig/libsystemd-login.pc
+
+# Delayed target
+install -m 0755 %{SOURCE4} %{buildroot}%{_bindir}/wait-default-target.sh
+install -m 0755 %{SOURCE5} %{buildroot}%{_bindir}/wait-delayed-target.sh
+install -m 0755 %{SOURCE6} %{buildroot}%{dbuspolicydir}/system.d/org.tizen.system.conf
+
+# Tizen sysctl values overriding default systemd values
+install -m 0644 %{SOURCE7} %{buildroot}%{_sysconfdir}/sysctl.d/
+
+# end of install
+%pre
+/usr/bin/getent group cdrom >/dev/null 2>&1 || /usr/sbin/groupadd -r -g 11 cdrom >/dev/null 2>&1 || :
+/usr/bin/getent group tape >/dev/null 2>&1 || /usr/sbin/groupadd -r -g 33 tape >/dev/null 2>&1 || :
+/usr/bin/getent group dialout >/dev/null 2>&1 || /usr/sbin/groupadd -r -g 18 dialout >/dev/null 2>&1 || :
+/usr/bin/getent group floppy >/dev/null 2>&1 || /usr/sbin/groupadd -r -g 19 floppy >/dev/null 2>&1 || :
+/usr/bin/systemctl stop systemd-udevd-control.socket systemd-udevd-kernel.socket systemd-udevd.service >/dev/null 2>&1 || :
+
+# Rename configuration files that changed their names
+/usr/bin/mv -n %{_sysconfdir}/systemd/systemd-logind.conf %{_sysconfdir}/systemd/logind.conf >/dev/null 2>&1 || :
+/usr/bin/mv -n %{_sysconfdir}/systemd/systemd-journald.conf %{_sysconfdir}/systemd/journald.conf >/dev/null 2>&1 || :
+
+%post
+/usr/bin/systemd-machine-id-setup > /dev/null 2>&1 || :
+%if %{WITH_RANDOMSEED}
+/usr/lib/systemd/systemd-random-seed save > /dev/null 2>&1 || :
+%endif
+/usr/bin/systemctl daemon-reexec > /dev/null 2>&1 || :
+/usr/bin/systemctl start systemd-udevd.service >/dev/null 2>&1 || :
+/usr/bin/mkdir -p /etc/systemd/network
+/usr/bin/ln -sf /dev/null /etc/systemd/network/99-default.link
+
+# Set the smack label of executable binary tools
+chsmack %{_bindir}/bootctl -a "System::Tools"
+chsmack %{_bindir}/busctl -a "System::Tools"
+chsmack %{_bindir}/kernel-install -a "System::Tools"
+%if %{?WITH_MACHINED}
+chsmack %{_bindir}/machinectl -a "System::Tools"
+%endif
+chsmack %{_bindir}/systemd-run -a "System::Tools"
+%if %{?WITH_HOSTNAMED}
+chsmack %{_bindir}/hostnamectl -a "System::Tools"
+%endif
+chsmack %{_bindir}/localectl -a "System::Tools"
+%if %{?WITH_COREDUMP}
+chsmack %{_bindir}/coredumpctl -a "System::Tools"
+%endif
+%if %{?WITH_TIMEDATED}
+chsmack %{_bindir}/timedatectl -a "System::Tools"
+%endif
+chsmack %{_bindir}/systemd -a "System::Tools"
+chsmack %{_bindir}/systemctl -a "System::Tools"
+chsmack %{_bindir}/systemd-notify -a "System::Tools"
+chsmack %{_bindir}/systemd-ask-password -a "System::Tools"
+chsmack %{_bindir}/systemd-tty-ask-password-agent -a "System::Tools"
+chsmack %{_bindir}/systemd-machine-id-setup -a "System::Tools"
+chsmack %{_bindir}/systemd-socket-activate -a "System::Tools"
+chsmack %{_bindir}/loginctl -a "System::Tools"
+chsmack %{_bindir}/systemd-loginctl -a "System::Tools"
+chsmack %{_bindir}/journalctl -a "System::Tools"
+chsmack %{_bindir}/systemd-tmpfiles -a "System::Tools"
+chsmack %{_bindir}/systemd-nspawn -a "System::Tools"
+chsmack %{_bindir}/systemd-stdio-bridge -a "System::Tools"
+chsmack %{_bindir}/systemd-cat -a "System::Tools"
+chsmack %{_bindir}/systemd-cgls -a "System::Tools"
+chsmack %{_bindir}/systemd-cgtop -a "System::Tools"
+chsmack %{_bindir}/systemd-delta -a "System::Tools"
+chsmack %{_bindir}/systemd-detect-virt -a "System::Tools"
+chsmack %{_bindir}/systemd-inhibit -a "System::Tools"
+chsmack %{_bindir}/udevadm -a "System::Tools"
+chsmack %{_bindir}/systemd-escape -a "System::Tools"
+chsmack %{_bindir}/systemd-path -a "System::Tools"
+chsmack %{_prefix}/lib/systemd/* -a "System::Tools"
+
+%postun
+if [ $1 -ge 1 ] ; then
+ /usr/bin/systemctl daemon-reload > /dev/null 2>&1 || :
+ /usr/bin/systemctl try-restart systemd-logind.service >/dev/null 2>&1 || :
+fi
+
+%preun
+if [ $1 -eq 0 ] ; then
+ /usr/bin/systemctl disable \
+ getty@.service \
+ remote-fs.target \
+ systemd-readahead-replay.service \
+ systemd-readahead-collect.service >/dev/null 2>&1 || :
+
+ update-alternatives --remove systemd-shutdown %{_prefix}/lib/systemd/systemd-shutdown-original
+fi
+
+%posttrans
+# Update alternatives after the whole transaction is completed - this is
+# necessary due to RPM ordering, which removes files from old package not
+# provided by new package after regular post scripts are run. Please refer
+# to following guideliness for explanation:
+# https://fedoraproject.org/wiki/Packaging:Scriptlets#Ordering
+if [ $1 -eq 0 ]; then
+ update-alternatives --install %{_prefix}/lib/systemd/systemd-shutdown systemd-shutdown %{_prefix}/lib/systemd/systemd-shutdown-original 100 || :
+fi
+
+%post -n libsystemd -p /sbin/ldconfig
+%postun -n libsystemd -p /sbin/ldconfig
+
+%lang_package
+
+%files
+%manifest %{name}.manifest
+%license LICENSE.LGPL2.1 LICENSE.GPL2
+%config %{_sysconfdir}/pam.d/systemd-user
+%{_bindir}/bootctl
+%{_bindir}/busctl
+%{_bindir}/kernel-install
+%if %{?WITH_MACHINED}
+%{_bindir}/machinectl
+%endif
+%{_bindir}/systemd-run
+%dir %{_prefix}/lib/kernel
+%dir %{_prefix}/lib/kernel/install.d
+%{_prefix}/lib/kernel/install.d/00-entry-directory.install
+%{_prefix}/lib/kernel/install.d/50-depmod.install
+%{_prefix}/lib/kernel/install.d/90-loaderentry.install
+%if %{?WITH_HOSTNAMED}
+%{_bindir}/hostnamectl
+%endif
+%{_bindir}/localectl
+%if %{?WITH_COREDUMP}
+%{_bindir}/coredumpctl
+%endif
+%if %{?WITH_TIMEDATED}
+%{_bindir}/timedatectl
+%endif
+%dir %{_sysconfdir}/systemd
+%dir %{_sysconfdir}/systemd/system
+%dir %{_sysconfdir}/systemd/user
+%dir %{_sysconfdir}/tmpfiles.d
+%dir %{_sysconfdir}/sysctl.d
+%dir %{_sysconfdir}/modules-load.d
+%dir %{_sysconfdir}/binfmt.d
+%if %{?WITH_BASH_COMPLETION}
+%{_datadir}/bash-completion/*
+%endif
+%if %{?WITH_ZSH_COMPLETION}
+%dir %{_datadir}/zsh/site-functions
+%{_datadir}/zsh/site-functions/*
+%endif
+%dir %{_sysconfdir}/udev
+%dir %{_sysconfdir}/udev/rules.d
+%dir %{_prefix}/lib/systemd
+%dir %{_prefix}/lib/systemd/system
+%dir %{_prefix}/lib/systemd/system-generators
+%dir %{_prefix}/lib/systemd/user-generators
+%dir %{_prefix}/lib/systemd/system-preset
+%dir %{_prefix}/lib/systemd/user-preset
+%dir %{_prefix}/lib/systemd/system-shutdown
+%dir %{_prefix}/lib/systemd/system-sleep
+%dir %{_prefix}/lib/tmpfiles.d
+%dir %{_prefix}/lib/sysctl.d
+%dir %{_prefix}/lib/modules-load.d
+%dir %{_prefix}/lib/binfmt.d
+%dir %{_prefix}/lib/firmware
+%dir %{_prefix}/lib/firmware/updates
+%dir %{_datadir}/systemd
+%config(noreplace) %{dbuspolicydir}/system.d/org.freedesktop.systemd1.conf
+%if %{?WITH_HOSTNAMED}
+%config(noreplace) %{dbuspolicydir}/system.d/org.freedesktop.hostname1.conf
+%endif
+%config(noreplace) %{dbuspolicydir}/system.d/org.freedesktop.login1.conf
+%config(noreplace) %{dbuspolicydir}/system.d/org.freedesktop.locale1.conf
+%if %{?WITH_TIMEDATED}
+%config(noreplace) %{dbuspolicydir}/system.d/org.freedesktop.timedate1.conf
+%endif
+%if %{?WITH_MACHINED}
+%config(noreplace) %{dbuspolicydir}/system.d/org.freedesktop.machine1.conf
+%endif
+%if %{?WITH_COREDUMP}
+%config(noreplace) %{_sysconfdir}/systemd/coredump.conf
+%endif
+%config(noreplace) %{_sysconfdir}/systemd/system.conf
+%config(noreplace) %{_sysconfdir}/systemd/user.conf
+%config(noreplace) %{_sysconfdir}/systemd/logind.conf
+%config(noreplace) %{_sysconfdir}/systemd/journald.conf
+%config(noreplace) %{_sysconfdir}/udev/udev.conf
+%config(noreplace) %{_sysconfdir}/sysctl.d/sysctl-tizen-override.conf
+%config(noreplace) %{_sysconfdir}/systemd/sleep.conf
+%{_sysconfdir}/xdg/systemd
+%ghost %config(noreplace) %{_sysconfdir}/hostname
+%ghost %config(noreplace) %{_sysconfdir}/vconsole.conf
+%ghost %config(noreplace) %{_sysconfdir}/locale.conf
+%ghost %config(noreplace) %{_sysconfdir}/machine-id
+%ghost %config(noreplace) %{_sysconfdir}/machine-info
+%ghost %config(noreplace) %{_sysconfdir}/timezone
+%exclude %{_sysconfdir}/X11/xinit/xinitrc.d/50-systemd-user.sh
+%{_bindir}/systemd
+%{_bindir}/systemctl
+%{_bindir}/systemd-notify
+%{_bindir}/systemd-ask-password
+%{_bindir}/systemd-tty-ask-password-agent
+%{_bindir}/systemd-machine-id-setup
+%{_bindir}/systemd-socket-activate
+%{_bindir}/loginctl
+%{_bindir}/systemd-loginctl
+%{_bindir}/journalctl
+%{_bindir}/systemd-tmpfiles
+%{_bindir}/systemd-nspawn
+%{_bindir}/systemd-stdio-bridge
+%{_bindir}/systemd-cat
+%{_bindir}/systemd-cgls
+%{_bindir}/systemd-cgtop
+%{_bindir}/systemd-delta
+%{_bindir}/systemd-detect-virt
+%{_bindir}/systemd-inhibit
+%{_bindir}/systemd-id128
+%{_bindir}/udevadm
+%{_bindir}/systemd-escape
+%{_bindir}/systemd-path
+%{_bindir}/systemd-mount
+%{_bindir}/systemd-umount
+%{_prefix}/lib/sysctl.d/*.conf
+%{_prefix}/lib/systemd/systemd
+%{_prefix}/lib/systemd/system
+
+%dir %{_prefix}/lib/systemd/system/basic.target.wants
+%dir %{_prefix}/lib/systemd/user
+%dir %{_prefix}/lib/systemd/network
+%dir %{_prefix}/lib/systemd/user/default.target.wants
+%{_prefix}/lib/systemd/user/basic.target
+%{_prefix}/lib/systemd/user/exit.target
+%{_prefix}/lib/systemd/user/printer.target
+%{_prefix}/lib/systemd/user/shutdown.target
+%{_prefix}/lib/systemd/user/sockets.target
+%{_prefix}/lib/systemd/user/sound.target
+%{_prefix}/lib/systemd/user/systemd-exit.service
+%{_prefix}/lib/systemd/user/paths.target
+%{_prefix}/lib/systemd/user/smartcard.target
+%{_prefix}/lib/systemd/user/timers.target
+%{_prefix}/lib/systemd/user/default.target
+%exclude %{_prefix}/lib/systemd/user/graphical-session.target
+%exclude %{_prefix}/lib/systemd/user/graphical-session-pre.target
+%{_prefix}/lib/systemd/network/99-default.link
+%exclude %{_prefix}/lib/systemd/system-preset/90-systemd.preset
+%exclude %{_prefix}/lib/systemd/user-preset/90-systemd.preset
+%{_prefix}/lib/systemd/user/delayed.target
+%{_prefix}/lib/systemd/user/user-delayed-target-trigger.service
+%{_prefix}/lib/systemd/user/default.target.wants/user-delayed-target-trigger.service
+%{_prefix}/lib/systemd/user/user-default-target-done.service
+%{_prefix}/lib/systemd/user/default.target.wants/user-default-target-done.service
+%{_prefix}/lib/systemd/user/user-delayed-target-done.service
+%{_prefix}/lib/systemd/user/delayed.target.wants/user-delayed-target-done.service
+%{dbuspolicydir}/system.d/org.tizen.system.conf
+%exclude %{_prefix}/lib/modprobe.d/systemd.conf
+
+%{_prefix}/lib/systemd/libsystemd-shared-%{version}.so
+%{_prefix}/lib/systemd/systemd-*
+%dir %{_prefix}/lib/systemd/catalog
+%{_prefix}/lib/systemd/catalog/systemd.catalog
+%{_prefix}/lib/udev
+%{_prefix}/lib/systemd/system-generators/systemd-getty-generator
+%{_prefix}/lib/systemd/system-generators/systemd-fstab-generator
+%{_prefix}/lib/systemd/system-generators/systemd-system-update-generator
+%{_prefix}/lib/tmpfiles.d/home.conf
+%{_prefix}/lib/tmpfiles.d/journal-nocow.conf
+%{_prefix}/lib/tmpfiles.d/legacy.conf
+%{_prefix}/lib/tmpfiles.d/pamconsole-tmp.conf
+%{_prefix}/lib/tmpfiles.d/systemd.conf
+%{_prefix}/lib/tmpfiles.d/systemd-nologin.conf
+%if %{?WITH_MACHINED}
+%{_prefix}/lib/tmpfiles.d/systemd-nspawn.conf
+%endif
+%{_prefix}/lib/tmpfiles.d/tmp.conf
+%{_prefix}/lib/tmpfiles.d/var.conf
+%{_prefix}/lib/tmpfiles.d/x11.conf
+%{_prefix}/lib/tmpfiles.d/static-nodes-permissions.conf
+%{_prefix}/lib/tmpfiles.d/systemd-tmp.conf
+%{_sbindir}/init
+%{_sbindir}/reboot
+%{_sbindir}/halt
+%{_sbindir}/poweroff
+%{_sbindir}/shutdown
+%{_sbindir}/telinit
+%{_sbindir}/runlevel
+%{_sbindir}/udevadm
+%{_datadir}/systemd/graphinfo.gvpr
+%{_datadir}/systemd/kbd-model-map
+%{_datadir}/systemd/language-fallback-map
+%{_datadir}/dbus-1/services/org.freedesktop.systemd1.service
+%{_datadir}/dbus-1/system-services/org.freedesktop.systemd1.service
+%if %{?WITH_HOSTNAMED}
+%{_datadir}/dbus-1/system-services/org.freedesktop.hostname1.service
+%endif
+%{_datadir}/dbus-1/system-services/org.freedesktop.login1.service
+%{_datadir}/dbus-1/system-services/org.freedesktop.locale1.service
+%exclude %{_datadir}/polkit-1/actions/org.freedesktop.systemd1.policy
+%exclude %{_datadir}/polkit-1/actions/org.freedesktop.login1.policy
+%exclude %{_datadir}/polkit-1/actions/org.freedesktop.locale1.policy
+%if %{?WITH_TIMEDATED}
+%{_datadir}/dbus-1/system-services/org.freedesktop.timedate1.service
+%endif
+%if %{?WITH_MACHINED}
+%{_datadir}/dbus-1/system-services/org.freedesktop.machine1.service
+%endif
+%dir %{_datadir}/factory/
+%dir %{_datadir}/factory/etc
+%dir %{_datadir}/factory/etc/pam.d
+%{_datadir}/factory/etc/nsswitch.conf
+%{_datadir}/factory/etc/pam.d/other
+%{_datadir}/factory/etc/pam.d/system-auth
+%{_datadir}/factory/etc/issue
+
+%{_localstatedir}/log/journal
+
+%{_bindir}/wait-default-target.sh
+%{_bindir}/wait-delayed-target.sh
+%exclude %{_prefix}/lib/systemd/system/runlevel0.target
+%exclude %{_prefix}/lib/systemd/system/runlevel1.target
+%exclude %{_prefix}/lib/systemd/system/runlevel2.target
+%exclude %{_prefix}/lib/systemd/system/runlevel3.target
+%exclude %{_prefix}/lib/systemd/system/runlevel4.target
+%exclude %{_prefix}/lib/systemd/system/runlevel5.target
+%exclude %{_prefix}/lib/systemd/system/runlevel6.target
+
+%files -n libsystemd
+%manifest %{name}.manifest
+%license LICENSE.LGPL2.1
+%{_libdir}/security/pam_systemd.so
+%{_libdir}/libsystemd.so.*
+%{_libdir}/libudev.so.*
+%{_libdir}/libnss_myhostname.so.2
+%if %{?WITH_MACHINED}
+%{_libdir}/libnss_mymachines.so.2
+%endif
+
+%files extension-kdbus
+%manifest %{name}.manifest
+%license LICENSE.LGPL2.1 LICENSE.GPL2
+%{_sysconfdir}/systemd/extension-kdbus
+%{_prefix}/lib/systemd/user/busnames.target
+%{_prefix}/lib/systemd/system-generators/systemd-dbus1-generator
+%{_prefix}/lib/systemd/user-generators/systemd-dbus1-generator
+
+%files devel
+%manifest %{name}.manifest
+%{_libdir}/libudev.so
+%{_libdir}/libsystemd.so
+%dir %{_includedir}/systemd
+%{_includedir}/systemd/sd-bus.h
+%{_includedir}/systemd/sd-bus-protocol.h
+%{_includedir}/systemd/sd-bus-vtable.h
+%{_includedir}/systemd/sd-event.h
+%{_includedir}/systemd/_sd-common.h
+%{_includedir}/systemd/sd-daemon.h
+%{_includedir}/systemd/sd-device.h
+%{_includedir}/systemd/sd-hwdb.h
+%{_includedir}/systemd/sd-id128.h
+%{_includedir}/systemd/sd-journal.h
+%{_includedir}/systemd/sd-login.h
+%{_includedir}/systemd/sd-messages.h
+%{_includedir}/libudev.h
+%{_libdir}/pkgconfig/libudev.pc
+%{_libdir}/pkgconfig/libsystemd.pc
+%{_datadir}/pkgconfig/systemd.pc
+%{_datadir}/pkgconfig/udev.pc
+%{_libdir}/pkgconfig/libsystemd-daemon.pc
+%{_libdir}/pkgconfig/libsystemd-id128.pc
+%{_libdir}/pkgconfig/libsystemd-journal.pc
+%{_libdir}/pkgconfig/libsystemd-login.pc
+%{_sysconfdir}/rpm/macros.systemd
+
+%files analyze
+%manifest %{name}.manifest
+%license LICENSE.LGPL2.1
+%{_bindir}/systemd-analyze
+
+%files tests
+%manifest %{name}.manifest
+%{_prefix}/lib/dbus-tests/test-suites/systemd-tests/
+%{_prefix}/lib/dbus-tests/runner/systemd-tests
+%{_prefix}/lib/systemd/tests/
+
+%if %{?WITH_DOC}
+%docs_package
+%else
+%exclude %{_docdir}
+%exclude %{_datadir}/doc/systemd
+%endif
}
if (original_root) {
- r = path_make_absolute_cwd(original_root, &root);
- if (r < 0)
- return r;
+ int res = path_make_absolute_cwd(original_root, &root);
+ if (res != 0)
+ return res;
+ if (root == NULL)
+ return -ENOENT;
if (flags & CHASE_PREFIX_ROOT) {
-
/* We don't support relative paths in combination with a root directory */
if (!path_is_absolute(path))
return -EINVAL;
if (r < 0)
return log_oom();
- printf("%s [OPTIONS...] {COMMAND} ...\n\n"
- "Introspect the bus.\n\n"
+ printf("%s [OPTIONS...] COMMAND ...\n\n"
+ "%sIntrospect the D-Bus IPC bus.%s\n"
+ "\nCommands:\n"
+ " list List bus names\n"
+ " status [SERVICE] Show bus service, process or bus owner credentials\n"
+ " monitor [SERVICE...] Show bus traffic\n"
++ " dot [SERVICE...] Generate bus traffic graph\n"
+ " capture [SERVICE...] Capture bus traffic as pcap\n"
+ " tree [SERVICE...] Show object tree of service\n"
+ " introspect SERVICE OBJECT [INTERFACE]\n"
+ " call SERVICE OBJECT INTERFACE METHOD [SIGNATURE [ARGUMENT...]]\n"
+ " Call a method\n"
+ " emit OBJECT INTERFACE SIGNAL [SIGNATURE [ARGUMENT...]]\n"
+ " Emit a signal\n"
+ " get-property SERVICE OBJECT INTERFACE PROPERTY...\n"
+ " Get property value\n"
+ " set-property SERVICE OBJECT INTERFACE PROPERTY SIGNATURE ARGUMENT...\n"
+ " Set property value\n"
+ " help Show this help\n"
+ "\nOptions:\n"
" -h --help Show this help\n"
" --version Show package version\n"
" --no-pager Do not pipe output into a pager\n"
" --watch-bind=BOOL Wait for bus AF_UNIX socket to be bound in the file\n"
" system\n"
" --destination=SERVICE Destination service of a signal\n"
- "\nCommands:\n"
- " list List bus names\n"
- " status [SERVICE] Show bus service, process or bus owner credentials\n"
- " monitor [SERVICE...] Show bus traffic\n"
- " dot [SERVICE...] Generate bus traffic graph\n"
- " capture [SERVICE...] Capture bus traffic as pcap\n"
- " tree [SERVICE...] Show object tree of service\n"
- " introspect SERVICE OBJECT [INTERFACE]\n"
- " call SERVICE OBJECT INTERFACE METHOD [SIGNATURE [ARGUMENT...]]\n"
- " Call a method\n"
- " emit OBJECT INTERFACE SIGNAL [SIGNATURE [ARGUMENT...]]\n"
- " Emit a signal\n"
- " get-property SERVICE OBJECT INTERFACE PROPERTY...\n"
- " Get property value\n"
- " set-property SERVICE OBJECT INTERFACE PROPERTY SIGNATURE ARGUMENT...\n"
- " Set property value\n"
- " help Show this help\n"
+ "\n"
+ " --pid=PID Only show messages with pid equals PID\n"
+ " --sender-pid=SENDER_PID\n"
+ " Only show message with sender pid equals SENDER_PID\n"
+ " --receiver-pid=RECEIVER_PID\n"
+ " Only show message with receiver pid equals RECEIVER_PID\n"
+ " --well-known-names=BOOL \n"
+ " Show well know names connected to unique names on graph\n"
"\nSee the %s for details.\n"
, program_invocation_short_name
+ , ansi_highlight()
+ , ansi_normal()
, link
);
return supported = 1;
}
+
+ static int whitelist_device_pattern(BPFProgram *prog, const char *path, char type, const unsigned *maj, const unsigned *min, const char *acc) {
+ assert(IN_SET(type, 'b', 'c'));
+
+ if (cg_all_unified() > 0) {
+ if (!prog)
+ return 0;
+
+ if (maj && min)
+ return bpf_prog_whitelist_device(prog, type, *maj, *min, acc);
+ else if (maj)
+ return bpf_prog_whitelist_major(prog, type, *maj, acc);
+ else
+ return bpf_prog_whitelist_class(prog, type, acc);
+
+ } else {
+ char buf[2+DECIMAL_STR_MAX(unsigned)*2+2+4];
+ int r;
+
+ if (maj && min)
+ xsprintf(buf, "%c %u:%u %s", type, *maj, *min, acc);
+ else if (maj)
+ xsprintf(buf, "%c %u:* %s", type, *maj, acc);
+ else
+ xsprintf(buf, "%c *:* %s", type, acc);
+
+ /* Changing the devices list of a populated cgroup might result in EINVAL, hence ignore
+ * EINVAL here. */
+
+ r = cg_set_attribute("devices", path, "devices.allow", buf);
+ if (r < 0)
+ log_full_errno(IN_SET(r, -ENOENT, -EROFS, -EINVAL, -EACCES, -EPERM) ? LOG_DEBUG : LOG_WARNING,
+ r, "Failed to set devices.allow on %s: %m", path);
+
+ return r;
+ }
+ }
+
+ int bpf_devices_whitelist_device(BPFProgram *prog, const char *path, const char *node, const char *acc) {
+ mode_t mode;
+ dev_t rdev;
+ int r;
+
+ assert(path);
+ assert(acc);
+ assert(strlen(acc) <= 3);
+
+ log_trace("%s: %s %s", __func__, node, acc);
+
+ /* Some special handling for /dev/block/%u:%u, /dev/char/%u:%u, /run/systemd/inaccessible/chr and
+ * /run/systemd/inaccessible/blk paths. Instead of stat()ing these we parse out the major/minor directly. This
+ * means clients can use these path without the device node actually around */
+ r = device_path_parse_major_minor(node, &mode, &rdev);
+ if (r < 0) {
+ if (r != -ENODEV)
+ return log_warning_errno(r, "Couldn't parse major/minor from device path '%s': %m", node);
+
+ struct stat st;
+ if (stat(node, &st) < 0)
+ return log_warning_errno(errno, "Couldn't stat device %s: %m", node);
+
+ if (!S_ISCHR(st.st_mode) && !S_ISBLK(st.st_mode))
+ return log_warning_errno(SYNTHETIC_ERRNO(ENODEV), "%s is not a device.", node);
+
+ mode = st.st_mode;
+ rdev = (dev_t) st.st_rdev;
+ }
+
+ unsigned maj = major(rdev), min = minor(rdev);
+ return whitelist_device_pattern(prog, path, S_ISCHR(mode) ? 'c' : 'b', &maj, &min, acc);
+ }
+
+ int bpf_devices_whitelist_major(BPFProgram *prog, const char *path, const char *name, char type, const char *acc) {
+ unsigned maj;
+ int r;
+
+ assert(path);
+ assert(acc);
+ assert(IN_SET(type, 'b', 'c'));
+
+ if (streq(name, "*"))
+ /* If the name is a wildcard, then apply this list to all devices of this type */
+ return whitelist_device_pattern(prog, path, type, NULL, NULL, acc);
+
+ if (safe_atou(name, &maj) >= 0 && DEVICE_MAJOR_VALID(maj))
+ /* The name is numeric and suitable as major. In that case, let's take its major, and create
+ * the entry directly. */
+ return whitelist_device_pattern(prog, path, type, &maj, NULL, acc);
+
+ _cleanup_fclose_ FILE *f = NULL;
+ bool good = false, any = false;
+
+ f = fopen("/proc/devices", "re");
+ if (!f)
+ return log_warning_errno(errno, "Cannot open /proc/devices to resolve %s: %m", name);
+
+ for (;;) {
+ _cleanup_free_ char *line = NULL;
+ char *w, *p;
+
+ r = read_line(f, LONG_LINE_MAX, &line);
+ if (r < 0)
+ return log_warning_errno(r, "Failed to read /proc/devices: %m");
+ if (r == 0)
+ break;
+
+ if (type == 'c' && streq(line, "Character devices:")) {
+ good = true;
+ continue;
+ }
+
+ if (type == 'b' && streq(line, "Block devices:")) {
+ good = true;
+ continue;
+ }
+
+ if (isempty(line)) {
+ good = false;
+ continue;
+ }
+
+ if (!good)
+ continue;
+
+ p = strstrip(line);
+
+ w = strpbrk(p, WHITESPACE);
+ if (!w)
+ continue;
+ *w = 0;
+
+ r = safe_atou(p, &maj);
+ if (r < 0)
+ continue;
+ if (maj <= 0)
+ continue;
+
+ w++;
+ w += strspn(w, WHITESPACE);
+
+ if (fnmatch(name, w, 0) != 0)
+ continue;
+
+ any = true;
+ (void) whitelist_device_pattern(prog, path, type, &maj, NULL, acc);
+ }
+
+ if (!any)
+ return log_debug_errno(SYNTHETIC_ERRNO(ENOENT),
+ "Device whitelist pattern \"%s\" did not match anything.", name);
+
+ return 0;
+ }
+
+ int bpf_devices_whitelist_static(BPFProgram *prog, const char *path) {
+ static const char auto_devices[] =
+ "/dev/null\0" "rwm\0"
+ "/dev/zero\0" "rwm\0"
+ "/dev/full\0" "rwm\0"
+ "/dev/random\0" "rwm\0"
+ "/dev/urandom\0" "rwm\0"
+ "/dev/tty\0" "rwm\0"
+ "/dev/ptmx\0" "rwm\0"
+ /* Allow /run/systemd/inaccessible/{chr,blk} devices for mapping InaccessiblePaths */
+ "/run/systemd/inaccessible/chr\0" "rwm\0"
+ "/run/systemd/inaccessible/blk\0" "rwm\0";
+ int r = 0, k;
+
+ const char *node, *acc;
+ NULSTR_FOREACH_PAIR(node, acc, auto_devices) {
+ k = bpf_devices_whitelist_device(prog, path, node, acc);
+ if (r >= 0 && k < 0)
+ r = k;
+ }
+
+ /* PTS (/dev/pts) devices may not be duplicated, but accessed */
+ k = bpf_devices_whitelist_major(prog, path, "pts", 'c', "rw");
+ if (r >= 0 && k < 0)
+ r = k;
+
++ k = bpf_devices_whitelist_major(prog, path, "kdbus", 'c', "rw");
++ if (r >= 0 && k < 0)
++ r = k;
++
++ k = bpf_devices_whitelist_major(prog, path, "kdbus/*", 'c', "rw");
++ if (r >= 0 && k < 0)
++ r = k;
++
+ return r;
+ }
--- /dev/null
- r = unit_load_fragment_and_dropin(u);
+/***
+ This file is part of systemd.
+
+ Copyright 2013 Lennart Poettering
+
+ systemd is free software; you can redistribute it and/or modify it
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ systemd is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <linux/kdbus.h>
+#include <sys/mman.h>
+#include <sys/ioctl.h>
+
+#include "alloc-util.h"
+#include "bus-internal.h"
+#include "bus-kernel.h"
+#include "bus-policy.h"
+#include "bus-util.h"
+#include "busname.h"
+#include "dbus-busname.h"
+#include "fd-util.h"
+#include "format-util.h"
+#include "memory-util.h"
+#include "parse-util.h"
+#include "process-util.h"
+#include "service.h"
+#include "serialize.h"
+#include "signal-util.h"
+#include "special.h"
+#include "string-table.h"
+#include "string-util.h"
+
+static const UnitActiveState state_translation_table[_BUSNAME_STATE_MAX] = {
+ [BUSNAME_DEAD] = UNIT_INACTIVE,
+ [BUSNAME_MAKING] = UNIT_ACTIVATING,
+ [BUSNAME_REGISTERED] = UNIT_ACTIVE,
+ [BUSNAME_LISTENING] = UNIT_ACTIVE,
+ [BUSNAME_RUNNING] = UNIT_ACTIVE,
+ [BUSNAME_SIGTERM] = UNIT_DEACTIVATING,
+ [BUSNAME_SIGKILL] = UNIT_DEACTIVATING,
+ [BUSNAME_FAILED] = UNIT_FAILED
+};
+
+static int busname_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
+static int busname_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
+
+static void busname_init(Unit *u) {
+ BusName *n = BUSNAME(u);
+
+ assert(u);
+ assert(u->load_state == UNIT_STUB);
+
+ n->starter_fd = -1;
+ n->accept_fd = true;
+ n->activating = true;
+
+ n->timeout_usec = u->manager->default_timeout_start_usec;
+}
+
+static void busname_unwatch_control_pid(BusName *n) {
+ assert(n);
+
+ if (n->control_pid <= 0)
+ return;
+
+ unit_unwatch_pid(UNIT(n), n->control_pid);
+ n->control_pid = 0;
+}
+
+static void busname_free_policy(BusName *n) {
+ BusNamePolicy *p;
+
+ assert(n);
+
+ while ((p = n->policy)) {
+ LIST_REMOVE(policy, n->policy, p);
+
+ free(p->name);
+ free(p);
+ }
+}
+
+static void busname_close_fd(BusName *n) {
+ assert(n);
+
+ n->starter_event_source = sd_event_source_unref(n->starter_event_source);
+ n->starter_fd = safe_close(n->starter_fd);
+}
+
+static void busname_done(Unit *u) {
+ BusName *n = BUSNAME(u);
+
+ assert(n);
+
+ n->name = mfree(n->name);
+
+ busname_free_policy(n);
+ busname_unwatch_control_pid(n);
+ busname_close_fd(n);
+
+ unit_ref_unset(&n->service);
+
+ n->timer_event_source = sd_event_source_unref(n->timer_event_source);
+}
+
+static int busname_arm_timer(BusName *n, usec_t usec) {
+ int r;
+
+ assert(n);
+
+ if (n->timer_event_source) {
+ r = sd_event_source_set_time(n->timer_event_source, usec);
+ if (r < 0)
+ return r;
+
+ return sd_event_source_set_enabled(n->timer_event_source, SD_EVENT_ONESHOT);
+ }
+
+ if (usec == USEC_INFINITY)
+ return 0;
+
+ r = sd_event_add_time(
+ UNIT(n)->manager->event,
+ &n->timer_event_source,
+ CLOCK_MONOTONIC,
+ usec, 0,
+ busname_dispatch_timer, n);
+ if (r < 0)
+ return r;
+
+ (void) sd_event_source_set_description(n->timer_event_source, "busname-timer");
+
+ return 0;
+}
+
+static int busname_add_default_default_dependencies(BusName *n) {
+ int r;
+
+ assert(n);
+
+ r = unit_add_dependency_by_name(UNIT(n), UNIT_BEFORE, SPECIAL_BUSNAMES_TARGET, true, UNIT_DEPENDENCY_DEFAULT);
+ if (r < 0)
+ return r;
+
+ if (MANAGER_IS_SYSTEM(UNIT(n)->manager)) {
+ r = unit_add_two_dependencies_by_name(UNIT(n), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, true, UNIT_DEPENDENCY_DEFAULT);
+ if (r < 0)
+ return r;
+ }
+
+ return unit_add_two_dependencies_by_name(UNIT(n), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, true, UNIT_DEPENDENCY_DEFAULT);
+}
+
+static int busname_add_extras(BusName *n) {
+ Unit *u = UNIT(n);
+ int r;
+
+ assert(n);
+
+ if (!n->name) {
+ r = unit_name_to_prefix(u->id, &n->name);
+ if (r < 0)
+ return r;
+ }
+
+ if (!u->description) {
+ r = unit_set_description(u, n->name);
+ if (r < 0)
+ return r;
+ }
+
+ if (n->activating) {
+ if (!UNIT_DEREF(n->service)) {
+ Unit *x;
+
+ r = unit_load_related_unit(u, ".service", &x);
+ if (r < 0)
+ return r;
+
+ unit_ref_set(&n->service, u, x);
+ }
+
+ r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(n->service), true, UNIT_DEPENDENCY_IMPLICIT);
+ if (r < 0)
+ return r;
+ }
+
+ if (u->default_dependencies) {
+ r = busname_add_default_default_dependencies(n);
+ if (r < 0)
+ return r;
+ }
+
+ return 0;
+}
+
+static int busname_verify(BusName *n) {
+ char *e;
+
+ assert(n);
+
+ if (UNIT(n)->load_state != UNIT_LOADED)
+ return 0;
+
+ if (!service_name_is_valid(n->name)) {
+ log_unit_error(UNIT(n), "Name= setting is not a valid service name Refusing.");
+ return -EINVAL;
+ }
+
+ e = strjoina(n->name, ".busname");
+ if (!unit_has_name(UNIT(n), e)) {
+ log_unit_error(UNIT(n), "Name= setting doesn't match unit name. Refusing.");
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static int busname_load(Unit *u) {
+ BusName *n = BUSNAME(u);
+ int r;
+
+ assert(u);
+ assert(u->load_state == UNIT_STUB);
+
++ r = unit_load_fragment_and_dropin(u, true);
+ if (r < 0)
+ return r;
+
+ if (u->load_state == UNIT_LOADED) {
+ /* This is a new unit? Then let's add in some extras */
+ r = busname_add_extras(n);
+ if (r < 0)
+ return r;
+ }
+
+ return busname_verify(n);
+}
+
+static void busname_dump(Unit *u, FILE *f, const char *prefix) {
+ BusName *n = BUSNAME(u);
+
+ assert(n);
+ assert(f);
+
+ fprintf(f,
+ "%sBus Name State: %s\n"
+ "%sResult: %s\n"
+ "%sName: %s\n"
+ "%sActivating: %s\n"
+ "%sAccept FD: %s\n",
+ prefix, busname_state_to_string(n->state),
+ prefix, busname_result_to_string(n->result),
+ prefix, n->name,
+ prefix, yes_no(n->activating),
+ prefix, yes_no(n->accept_fd));
+
+ if (n->control_pid > 0)
+ fprintf(f,
+ "%sControl PID: "PID_FMT"\n",
+ prefix, n->control_pid);
+}
+
+static void busname_unwatch_fd(BusName *n) {
+ int r;
+
+ assert(n);
+
+ if (!n->starter_event_source)
+ return;
+
+ r = sd_event_source_set_enabled(n->starter_event_source, SD_EVENT_OFF);
+ if (r < 0)
+ log_unit_debug_errno(UNIT(n), r, "Failed to disable event source: %m");
+}
+
+static int busname_watch_fd(BusName *n) {
+ int r;
+
+ assert(n);
+
+ if (n->starter_fd < 0)
+ return 0;
+
+ if (n->starter_event_source) {
+ r = sd_event_source_set_enabled(n->starter_event_source, SD_EVENT_ON);
+ if (r < 0)
+ goto fail;
+ } else {
+ r = sd_event_add_io(UNIT(n)->manager->event, &n->starter_event_source, n->starter_fd, EPOLLIN, busname_dispatch_io, n);
+ if (r < 0)
+ goto fail;
+
+ (void) sd_event_source_set_description(n->starter_event_source, "busname-starter");
+ }
+
+ return 0;
+
+fail:
+ log_unit_warning_errno(UNIT(n), r, "Failed to watch starter fd: %m");
+ busname_unwatch_fd(n);
+ return r;
+}
+
+static int busname_open_fd(BusName *n) {
+ _cleanup_free_ char *path = NULL;
+ const char *mode;
+
+ assert(n);
+
+ if (n->starter_fd >= 0)
+ return 0;
+
+ mode = MANAGER_IS_SYSTEM(UNIT(n)->manager) ? "system" : "user";
+ n->starter_fd = bus_kernel_open_bus_fd(mode, &path);
+ if (n->starter_fd < 0)
+ return log_unit_warning_errno(UNIT(n), n->starter_fd, "Failed to open %s: %m", path ?: "kdbus");
+
+ return 0;
+}
+
+static void busname_set_state(BusName *n, BusNameState state) {
+ BusNameState old_state;
+ assert(n);
+
+ old_state = n->state;
+ n->state = state;
+
+ if (!IN_SET(state, BUSNAME_MAKING, BUSNAME_SIGTERM, BUSNAME_SIGKILL)) {
+ n->timer_event_source = sd_event_source_unref(n->timer_event_source);
+ busname_unwatch_control_pid(n);
+ }
+
+ if (state != BUSNAME_LISTENING)
+ busname_unwatch_fd(n);
+
+ if (!IN_SET(state, BUSNAME_LISTENING, BUSNAME_MAKING, BUSNAME_REGISTERED, BUSNAME_RUNNING))
+ busname_close_fd(n);
+
+ if (state != old_state)
+ log_unit_debug(UNIT(n), "Changed %s -> %s", busname_state_to_string(old_state), busname_state_to_string(state));
+
+ unit_notify(UNIT(n), state_translation_table[old_state], state_translation_table[state], true);
+}
+
+static int busname_coldplug(Unit *u) {
+ BusName *n = BUSNAME(u);
+ int r;
+
+ assert(n);
+ assert(n->state == BUSNAME_DEAD);
+
+ if (n->deserialized_state == n->state)
+ return 0;
+
+ if (n->control_pid > 0 &&
+ pid_is_unwaited(n->control_pid) &&
+ IN_SET(n->deserialized_state, BUSNAME_MAKING, BUSNAME_SIGTERM, BUSNAME_SIGKILL)) {
+
+ r = unit_watch_pid(UNIT(n), n->control_pid, false);
+ if (r < 0)
+ return r;
+
+ r = busname_arm_timer(n, usec_add(u->state_change_timestamp.monotonic, n->timeout_usec));
+ if (r < 0)
+ return r;
+ }
+
+ if (IN_SET(n->deserialized_state, BUSNAME_MAKING, BUSNAME_LISTENING, BUSNAME_REGISTERED, BUSNAME_RUNNING)) {
+ r = busname_open_fd(n);
+ if (r < 0)
+ return r;
+ }
+
+ if (n->deserialized_state == BUSNAME_LISTENING) {
+ r = busname_watch_fd(n);
+ if (r < 0)
+ return r;
+ }
+
+ busname_set_state(n, n->deserialized_state);
+ return 0;
+}
+
+static int busname_make_starter(BusName *n, pid_t *_pid) {
+ pid_t pid;
+ int r;
+
+ r = busname_arm_timer(n, usec_add(now(CLOCK_MONOTONIC), n->timeout_usec));
+ if (r < 0)
+ goto fail;
+
+ /* We have to resolve the user/group names out-of-process,
+ * hence let's fork here. It's messy, but well, what can we
+ * do? */
+
+ pid = fork();
+ if (pid < 0)
+ return -errno;
+
+ if (pid == 0) {
+ int ret;
+
+ (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
+ (void) ignore_signals(SIGPIPE, -1);
+ log_forget_fds();
+
+ r = bus_kernel_make_starter(n->starter_fd, n->name, n->activating, n->accept_fd, n->policy, n->policy_world);
+ if (r < 0) {
+ ret = EXIT_MAKE_STARTER;
+ goto fail_child;
+ }
+
+ _exit(0);
+
+ fail_child:
+ log_open();
+ log_error_errno(r, "Failed to create starter connection at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
+
+ _exit(ret);
+ }
+
+ r = unit_watch_pid(UNIT(n), pid, true);
+ if (r < 0)
+ goto fail;
+
+ *_pid = pid;
+ return 0;
+
+fail:
+ n->timer_event_source = sd_event_source_unref(n->timer_event_source);
+ return r;
+}
+
+static void busname_enter_dead(BusName *n, BusNameResult f) {
+ assert(n);
+
+ if (n->result == BUSNAME_SUCCESS)
+ n->result = f;
+
+ busname_set_state(n, n->result != BUSNAME_SUCCESS ? BUSNAME_FAILED : BUSNAME_DEAD);
+}
+
+static void busname_enter_signal(BusName *n, BusNameState state, BusNameResult f) {
+ KillContext kill_context = {};
+ int r;
+
+ assert(n);
+
+ if (n->result == BUSNAME_SUCCESS)
+ n->result = f;
+
+ kill_context_init(&kill_context);
+
+ r = unit_kill_context(UNIT(n),
+ &kill_context,
+ state != BUSNAME_SIGTERM ? KILL_KILL : KILL_TERMINATE,
+ -1,
+ n->control_pid,
+ false);
+ if (r < 0) {
+ log_unit_warning_errno(UNIT(n), r, "Failed to kill control process: %m");
+ goto fail;
+ }
+
+ if (r > 0) {
+ r = busname_arm_timer(n, usec_add(now(CLOCK_MONOTONIC), n->timeout_usec));
+ if (r < 0) {
+ log_unit_warning_errno(UNIT(n), r, "Failed to arm timer: %m");
+ goto fail;
+ }
+
+ busname_set_state(n, state);
+ } else if (state == BUSNAME_SIGTERM)
+ busname_enter_signal(n, BUSNAME_SIGKILL, BUSNAME_SUCCESS);
+ else
+ busname_enter_dead(n, BUSNAME_SUCCESS);
+
+ return;
+
+fail:
+ busname_enter_dead(n, BUSNAME_FAILURE_RESOURCES);
+}
+
+static void busname_enter_listening(BusName *n) {
+ int r;
+
+ assert(n);
+
+ if (n->activating) {
+ r = busname_watch_fd(n);
+ if (r < 0) {
+ log_unit_warning_errno(UNIT(n), r, "Failed to watch names: %m");
+ goto fail;
+ }
+
+ busname_set_state(n, BUSNAME_LISTENING);
+ } else
+ busname_set_state(n, BUSNAME_REGISTERED);
+
+ return;
+
+fail:
+ busname_enter_signal(n, BUSNAME_SIGTERM, BUSNAME_FAILURE_RESOURCES);
+}
+
+static void busname_enter_making(BusName *n) {
+ int r;
+
+ assert(n);
+
+ r = busname_open_fd(n);
+ if (r < 0)
+ goto fail;
+
+ if (n->policy) {
+ /* If there is a policy, we need to resolve user/group
+ * names, which we can't do from PID1, hence let's
+ * fork. */
+ busname_unwatch_control_pid(n);
+
+ r = busname_make_starter(n, &n->control_pid);
+ if (r < 0) {
+ log_unit_warning_errno(UNIT(n), r, "Failed to fork 'making' task: %m");
+ goto fail;
+ }
+
+ busname_set_state(n, BUSNAME_MAKING);
+ } else {
+ /* If there is no policy, we can do everything
+ * directly from PID 1, hence do so. */
+
+ r = bus_kernel_make_starter(n->starter_fd, n->name, n->activating, n->accept_fd, NULL, n->policy_world);
+ if (r < 0) {
+ log_unit_warning_errno(UNIT(n), r, "Failed to make starter: %m");
+ goto fail;
+ }
+
+ busname_enter_listening(n);
+ }
+
+ return;
+
+fail:
+ busname_enter_dead(n, BUSNAME_FAILURE_RESOURCES);
+}
+
+static void busname_enter_running(BusName *n) {
+ _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+ bool pending = false;
+ Unit *other;
+ Iterator i;
+ int r;
+ void *v;
+
+ assert(n);
+
+ if (!n->activating)
+ return;
+
+ /* We don't take connections anymore if we are supposed to
+ * shut down anyway */
+
+ if (unit_stop_pending(UNIT(n))) {
+ log_unit_debug(UNIT(n), "Suppressing activation request since unit stop is scheduled.");
+
+ /* Flush all queued activation reqeuest by closing and reopening the connection */
+ bus_kernel_drop_one(n->starter_fd);
+
+ busname_enter_listening(n);
+ return;
+ }
+
+ /* If there's already a start pending don't bother to do
+ * anything */
+ HASHMAP_FOREACH_KEY(v, other, UNIT(n)->dependencies[UNIT_TRIGGERS], i)
+ if (unit_active_or_pending(other)) {
+ pending = true;
+ break;
+ }
+
+ if (!pending) {
+ if (!UNIT_ISSET(n->service)) {
+ log_unit_error(UNIT(n), "Service to activate vanished, refusing activation.");
+ r = -ENOENT;
+ goto fail;
+ }
+
+ r = manager_add_job(UNIT(n)->manager, JOB_START, UNIT_DEREF(n->service), JOB_REPLACE, NULL, &error, NULL);
+ if (r < 0)
+ goto fail;
+ }
+
+ busname_set_state(n, BUSNAME_RUNNING);
+ return;
+
+fail:
+ log_unit_warning(UNIT(n), "Failed to queue service startup job: %s", bus_error_message(&error, r));
+ busname_enter_dead(n, BUSNAME_FAILURE_RESOURCES);
+}
+
+static int busname_start(Unit *u) {
+ BusName *n = BUSNAME(u);
+ int r;
+
+ assert(n);
+
+ /* We cannot fulfill this request right now, try again later
+ * please! */
+ if (IN_SET(n->state, BUSNAME_SIGTERM, BUSNAME_SIGKILL))
+ return -EAGAIN;
+
+ /* Already on it! */
+ if (n->state == BUSNAME_MAKING)
+ return 0;
+
+ if (n->activating && UNIT_ISSET(n->service)) {
+ Service *service;
+
+ service = SERVICE(UNIT_DEREF(n->service));
+
+ if (UNIT(service)->load_state != UNIT_LOADED) {
+ log_unit_error(u, "Bus service %s not loaded, refusing.", UNIT(service)->id);
+ return -ENOENT;
+ }
+ }
+
+ assert(IN_SET(n->state, BUSNAME_DEAD, BUSNAME_FAILED));
+
+ r = unit_test_start_limit(u);
+ if (r < 0) {
+ busname_enter_dead(n, BUSNAME_FAILURE_START_LIMIT_HIT);
+ return r;
+ }
+
+ r = unit_acquire_invocation_id(u);
+ if (r < 0)
+ return r;
+
+ n->result = BUSNAME_SUCCESS;
+ busname_enter_making(n);
+
+ return 1;
+}
+
+static int busname_stop(Unit *u) {
+ BusName *n = BUSNAME(u);
+
+ assert(n);
+
+ /* Already on it */
+ if (IN_SET(n->state, BUSNAME_SIGTERM, BUSNAME_SIGKILL))
+ return 0;
+
+ /* If there's already something running, we go directly into
+ * kill mode. */
+
+ if (n->state == BUSNAME_MAKING) {
+ busname_enter_signal(n, BUSNAME_SIGTERM, BUSNAME_SUCCESS);
+ return -EAGAIN;
+ }
+
+ assert(IN_SET(n->state, BUSNAME_REGISTERED, BUSNAME_LISTENING, BUSNAME_RUNNING));
+
+ busname_enter_dead(n, BUSNAME_SUCCESS);
+ return 1;
+}
+
+static int busname_serialize(Unit *u, FILE *f, FDSet *fds) {
+ BusName *n = BUSNAME(u);
+ int r;
+
+ assert(n);
+ assert(f);
+ assert(fds);
+
+ (void) serialize_item(f, "state", busname_state_to_string(n->state));
+ (void) serialize_item(f, "result", busname_result_to_string(n->result));
+
+ if (n->control_pid > 0)
+ (void) serialize_item_format(f, "control-pid", PID_FMT, n->control_pid);
+
+ r = serialize_fd(f, fds, "starter-fd", n->starter_fd);
+ if (r < 0)
+ return r;
+
+ return 0;
+}
+
+static int busname_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
+ BusName *n = BUSNAME(u);
+
+ assert(n);
+ assert(key);
+ assert(value);
+
+ if (streq(key, "state")) {
+ BusNameState state;
+
+ state = busname_state_from_string(value);
+ if (state < 0)
+ log_unit_debug(u, "Failed to parse state value: %s", value);
+ else
+ n->deserialized_state = state;
+
+ } else if (streq(key, "result")) {
+ BusNameResult f;
+
+ f = busname_result_from_string(value);
+ if (f < 0)
+ log_unit_debug(u, "Failed to parse result value: %s", value);
+ else if (f != BUSNAME_SUCCESS)
+ n->result = f;
+
+ } else if (streq(key, "control-pid")) {
+ pid_t pid;
+
+ if (parse_pid(value, &pid) < 0)
+ log_unit_debug(u, "Failed to parse control-pid value: %s", value);
+ else
+ n->control_pid = pid;
+ } else if (streq(key, "starter-fd")) {
+ int fd;
+
+ if (safe_atoi(value, &fd) < 0 || fd < 0 || !fdset_contains(fds, fd))
+ log_unit_debug(u, "Failed to parse starter fd value: %s", value);
+ else {
+ safe_close(n->starter_fd);
+ n->starter_fd = fdset_remove(fds, fd);
+ }
+ } else
+ log_unit_debug(u, "Unknown serialization key: %s", key);
+
+ return 0;
+}
+
+_pure_ static UnitActiveState busname_active_state(Unit *u) {
+ assert(u);
+
+ return state_translation_table[BUSNAME(u)->state];
+}
+
+_pure_ static const char *busname_sub_state_to_string(Unit *u) {
+ assert(u);
+
+ return busname_state_to_string(BUSNAME(u)->state);
+}
+
+static int busname_peek_message(BusName *n) {
+ struct kdbus_cmd_recv cmd_recv = {
+ .size = sizeof(cmd_recv),
+ .flags = KDBUS_RECV_PEEK,
+ };
+ struct kdbus_cmd_free cmd_free = {
+ .size = sizeof(cmd_free),
+ };
+ const char *comm = NULL;
+ struct kdbus_item *d;
+ struct kdbus_msg *k;
+ size_t start, ps, sz, delta;
+ void *p = MAP_FAILED;
+ pid_t pid = 0;
+ int r;
+
+ /* Generate a friendly debug log message about which process
+ * caused triggering of this bus name. This simply peeks the
+ * metadata of the first queued message and logs it. */
+
+ assert(n);
+
+ /* Let's shortcut things a bit, if debug logging is turned off
+ * anyway. */
+
+ if (log_get_max_level() < LOG_DEBUG)
+ return 0;
+
+ r = ioctl(n->starter_fd, KDBUS_CMD_RECV, &cmd_recv);
+ if (r < 0) {
+ if (errno == EINTR || errno == EAGAIN)
+ return 0;
+
+ return log_unit_error_errno(UNIT(n), errno, "Failed to query activation message: %m");
+ }
+
+ /* We map as late as possible, and unmap imemdiately after
+ * use. On 32bit address space is scarce and we want to be
+ * able to handle a lot of activator connections at the same
+ * time, and hence shouldn't keep the mmap()s around for
+ * longer than necessary. */
+
+ ps = page_size();
+ start = (cmd_recv.msg.offset / ps) * ps;
+ delta = cmd_recv.msg.offset - start;
+ sz = PAGE_ALIGN(delta + cmd_recv.msg.msg_size);
+
+ p = mmap(NULL, sz, PROT_READ, MAP_SHARED, n->starter_fd, start);
+ if (p == MAP_FAILED) {
+ r = log_unit_error_errno(UNIT(n), errno, "Failed to map activation message: %m");
+ goto finish;
+ }
+
+ k = (struct kdbus_msg *) ((uint8_t *) p + delta);
+ KDBUS_ITEM_FOREACH(d, k, items) {
+ switch (d->type) {
+
+ case KDBUS_ITEM_PIDS:
+ pid = d->pids.pid;
+ break;
+
+ case KDBUS_ITEM_PID_COMM:
+ comm = d->str;
+ break;
+ }
+ }
+
+ if (pid > 0)
+ log_unit_debug(UNIT(n), "Activation triggered by process " PID_FMT " (%s)", pid, strna(comm));
+
+ r = 0;
+
+finish:
+ if (p != MAP_FAILED)
+ (void) munmap(p, sz);
+
+ cmd_free.offset = cmd_recv.msg.offset;
+ if (ioctl(n->starter_fd, KDBUS_CMD_FREE, &cmd_free) < 0)
+ log_unit_warning(UNIT(n), "Failed to free peeked message, ignoring: %m");
+
+ return r;
+}
+
+static int busname_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
+ BusName *n = userdata;
+
+ assert(n);
+ assert(fd >= 0);
+
+ if (n->state != BUSNAME_LISTENING)
+ return 0;
+
+ log_unit_debug(UNIT(n), "Activation request");
+
+ if (revents != EPOLLIN) {
+ log_unit_error(UNIT(n), "Got unexpected poll event (0x%x) on starter fd.", revents);
+ goto fail;
+ }
+
+ busname_peek_message(n);
+ busname_enter_running(n);
+ return 0;
+fail:
+
+ busname_enter_dead(n, BUSNAME_FAILURE_RESOURCES);
+ return 0;
+}
+
+static void busname_sigchld_event(Unit *u, pid_t pid, int code, int status) {
+ BusName *n = BUSNAME(u);
+ BusNameResult f;
+
+ assert(n);
+ assert(pid >= 0);
+
+ if (pid != n->control_pid)
+ return;
+
+ n->control_pid = 0;
+
+ if (is_clean_exit(code, status, EXIT_CLEAN_COMMAND, NULL))
+ f = BUSNAME_SUCCESS;
+ else if (code == CLD_EXITED)
+ f = BUSNAME_FAILURE_EXIT_CODE;
+ else if (code == CLD_KILLED)
+ f = BUSNAME_FAILURE_SIGNAL;
+ else if (code == CLD_DUMPED)
+ f = BUSNAME_FAILURE_CORE_DUMP;
+ else
+ assert_not_reached("Unknown sigchld code");
+
+ log_unit_full(u, f == BUSNAME_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
+ "Control process exited, code=%s status=%i", sigchld_code_to_string(code), status);
+
+ if (n->result == BUSNAME_SUCCESS)
+ n->result = f;
+
+ switch (n->state) {
+
+ case BUSNAME_MAKING:
+ if (f == BUSNAME_SUCCESS)
+ busname_enter_listening(n);
+ else
+ busname_enter_signal(n, BUSNAME_SIGTERM, f);
+ break;
+
+ case BUSNAME_SIGTERM:
+ case BUSNAME_SIGKILL:
+ busname_enter_dead(n, f);
+ break;
+
+ default:
+ assert_not_reached("Uh, control process died at wrong time.");
+ }
+
+ /* Notify clients about changed exit status */
+ unit_add_to_dbus_queue(u);
+}
+
+static int busname_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
+ BusName *n = BUSNAME(userdata);
+
+ assert(n);
+ assert(n->timer_event_source == source);
+
+ switch (n->state) {
+
+ case BUSNAME_MAKING:
+ log_unit_warning(UNIT(n), "Making timed out. Terminating.");
+ busname_enter_signal(n, BUSNAME_SIGTERM, BUSNAME_FAILURE_TIMEOUT);
+ break;
+
+ case BUSNAME_SIGTERM:
+ log_unit_warning(UNIT(n), "Stopping timed out. Killing.");
+ busname_enter_signal(n, BUSNAME_SIGKILL, BUSNAME_FAILURE_TIMEOUT);
+ break;
+
+ case BUSNAME_SIGKILL:
+ log_unit_warning(UNIT(n), "Processes still around after SIGKILL. Ignoring.");
+ busname_enter_dead(n, BUSNAME_FAILURE_TIMEOUT);
+ break;
+
+ default:
+ assert_not_reached("Timeout at wrong time.");
+ }
+
+ return 0;
+}
+
+static void busname_reset_failed(Unit *u) {
+ BusName *n = BUSNAME(u);
+
+ assert(n);
+
+ if (n->state == BUSNAME_FAILED)
+ busname_set_state(n, BUSNAME_DEAD);
+
+ n->result = BUSNAME_SUCCESS;
+}
+
+static void busname_trigger_notify(Unit *u, Unit *other) {
+ BusName *n = BUSNAME(u);
+
+ assert(n);
+ assert(other);
+
+ if (!IN_SET(n->state, BUSNAME_RUNNING, BUSNAME_LISTENING))
+ return;
+
+ if (other->start_limit_hit) {
+ busname_enter_dead(n, BUSNAME_FAILURE_SERVICE_START_LIMIT_HIT);
+ return;
+ }
+
+ if (other->load_state != UNIT_LOADED || other->type != UNIT_SERVICE)
+ return;
+
+ if (IN_SET(SERVICE(other)->state,
+ SERVICE_DEAD, SERVICE_FAILED,
+ SERVICE_FINAL_SIGTERM, SERVICE_FINAL_SIGKILL,
+ SERVICE_AUTO_RESTART))
+ busname_enter_listening(n);
+
+ if (SERVICE(other)->state == SERVICE_RUNNING)
+ busname_set_state(n, BUSNAME_RUNNING);
+}
+
+static int busname_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
+ return unit_kill_common(u, who, signo, -1, BUSNAME(u)->control_pid, error);
+}
+
+static int busname_get_timeout(Unit *u, usec_t *timeout) {
+ BusName *n = BUSNAME(u);
+ usec_t t;
+ int r;
+
+ if (!n->timer_event_source)
+ return 0;
+
+ r = sd_event_source_get_time(n->timer_event_source, &t);
+ if (r < 0)
+ return r;
+ if (t == USEC_INFINITY)
+ return 0;
+
+ *timeout = t;
+ return 1;
+}
+
+static bool busname_supported(void) {
+ return is_kdbus_available();
+}
+
+static int busname_control_pid(Unit *u) {
+ BusName *n = BUSNAME(u);
+
+ assert(n);
+
+ return n->control_pid;
+}
+
+static const char* const busname_result_table[_BUSNAME_RESULT_MAX] = {
+ [BUSNAME_SUCCESS] = "success",
+ [BUSNAME_FAILURE_RESOURCES] = "resources",
+ [BUSNAME_FAILURE_TIMEOUT] = "timeout",
+ [BUSNAME_FAILURE_EXIT_CODE] = "exit-code",
+ [BUSNAME_FAILURE_SIGNAL] = "signal",
+ [BUSNAME_FAILURE_CORE_DUMP] = "core-dump",
+ [BUSNAME_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
+ [BUSNAME_FAILURE_SERVICE_START_LIMIT_HIT] = "service-start-limit-hit",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(busname_result, BusNameResult);
+
+const UnitVTable busname_vtable = {
+ .object_size = sizeof(BusName),
+
+ .sections =
+ "Unit\0"
+ "BusName\0"
+ "Install\0",
+ .private_section = "BusName",
+
+ .init = busname_init,
+ .done = busname_done,
+ .load = busname_load,
+
+ .coldplug = busname_coldplug,
+
+ .dump = busname_dump,
+
+ .start = busname_start,
+ .stop = busname_stop,
+
+ .kill = busname_kill,
+
+ .get_timeout = busname_get_timeout,
+
+ .serialize = busname_serialize,
+ .deserialize_item = busname_deserialize_item,
+
+ .active_state = busname_active_state,
+ .sub_state_to_string = busname_sub_state_to_string,
+
+ .sigchld_event = busname_sigchld_event,
+
+ .trigger_notify = busname_trigger_notify,
+
+ .reset_failed = busname_reset_failed,
+
+ .supported = busname_supported,
+
+ .control_pid = busname_control_pid,
+
+ .bus_vtable = bus_busname_vtable,
+
+ .status_message_formats = {
+ .finished_start_job = {
+ [JOB_DONE] = "Listening on %s.",
+ [JOB_FAILED] = "Failed to listen on %s.",
+ },
+ .finished_stop_job = {
+ [JOB_DONE] = "Closed %s.",
+ [JOB_FAILED] = "Failed stopping %s.",
+ },
+ },
+};
$1.SyslogLevel, config_parse_log_level, 0, offsetof($1, exec_context.syslog_priority)
$1.SyslogLevelPrefix, config_parse_bool, 0, offsetof($1, exec_context.syslog_level_prefix)
$1.LogLevelMax, config_parse_log_level, 0, offsetof($1, exec_context.log_level_max)
- $1.LogRateLimitIntervalSec, config_parse_sec, 0, offsetof($1, exec_context.log_rate_limit_interval_usec)
- $1.LogRateLimitBurst, config_parse_unsigned, 0, offsetof($1, exec_context.log_rate_limit_burst)
+ $1.LogRateLimitIntervalSec, config_parse_sec, 0, offsetof($1, exec_context.log_ratelimit_interval_usec)
+ $1.LogRateLimitBurst, config_parse_unsigned, 0, offsetof($1, exec_context.log_ratelimit_burst)
$1.LogExtraFields, config_parse_log_extra_fields, 0, offsetof($1, exec_context)
-$1.Capabilities, config_parse_warn_compat, DISABLED_LEGACY, offsetof($1, exec_context)
+$1.Capabilities, config_parse_exec_capabilities, 0, offsetof($1, exec_context)
$1.SecureBits, config_parse_exec_secure_bits, 0, offsetof($1, exec_context.secure_bits)
$1.CapabilityBoundingSet, config_parse_capability_set, 0, offsetof($1, exec_context.capability_bounding_set)
$1.AmbientCapabilities, config_parse_capability_set, 0, offsetof($1, exec_context.capability_ambient_set)
CONFIG_PARSER_PROTOTYPE(config_parse_exec_cpu_sched_policy);
CONFIG_PARSER_PROTOTYPE(config_parse_exec_cpu_sched_prio);
CONFIG_PARSER_PROTOTYPE(config_parse_exec_cpu_affinity);
+CONFIG_PARSER_PROTOTYPE(config_parse_exec_capabilities);
CONFIG_PARSER_PROTOTYPE(config_parse_exec_secure_bits);
CONFIG_PARSER_PROTOTYPE(config_parse_capability_set);
- CONFIG_PARSER_PROTOTYPE(config_parse_kill_signal);
- CONFIG_PARSER_PROTOTYPE(config_parse_final_kill_signal);
CONFIG_PARSER_PROTOTYPE(config_parse_exec_mount_flags);
CONFIG_PARSER_PROTOTYPE(config_parse_timer);
CONFIG_PARSER_PROTOTYPE(config_parse_trigger_unit);
#pragma once
#include <pthread.h>
- #include <sys/socket.h>
+#include <linux/kdbus.h>
#include "sd-bus.h"
/* SPDX-License-Identifier: LGPL-2.1+ */
#include <errno.h>
- #include <string.h>
#include <unistd.h>
+#include <sys/xattr.h>
#include "alloc-util.h"
#include "bus-common-errors.h"
if (!argv[1])
return 0;
- r = mangle_names(strv_skip(argv, 1), &names);
+ if (streq(verb, "enable")) {
+ if ( check_args_is_path(argv+1) == 1 ) {
+ return 0;
+ }
+ }
+
+ r = mangle_names("to enable", strv_skip(argv, 1), &names);
if (r < 0)
return r;
#include "alloc-util.h"
#include "fd-util.h"
+#include "hexdecoct.h"
+#include "io-util.h"
#include "macro.h"
- #include "missing.h"
+#include "path-util.h"
+#include "rm-rf.h"
#include "mountpoint-util.h"
#include "namespace-util.h"
#include "path-util.h"
eval $(udevadm info --export --query=env --name=${LOOPDEV}p2)
setup_basic_environment
- # mask some services that we do not want to run in these tests
- ln -fs /dev/null $initdir/etc/systemd/system/systemd-hwdb-update.service
- ln -fs /dev/null $initdir/etc/systemd/system/systemd-journal-catalog-update.service
- ln -fs /dev/null $initdir/etc/systemd/system/systemd-networkd.service
- ln -fs /dev/null $initdir/etc/systemd/system/systemd-networkd.socket
- ln -fs /dev/null $initdir/etc/systemd/system/systemd-resolved.service
- ln -fs /dev/null $initdir/etc/systemd/system/systemd-machined.service
+ inst_binary cut
+ inst_binary useradd
+ inst /etc/login.defs
+
+ mask_supporting_services
# setup the testsuite service
cat >$initdir/etc/systemd/system/testsuite.service <<EOF
EOF
cp testsuite.sh $initdir/
+ useradd -R $initdir -U -u 1234 test
+
setup_testsuite
)
+
setup_nspawn_root
}
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
ProtectHostname=yes
+ ProtectKernelLogs=yes
RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
RestrictRealtime=yes
+SmackProcessLabel=System
SystemCallArchitectures=native
SystemCallErrorNumber=EPERM
SystemCallFilter=@system-service @mount
Type=notify
RestartForceExitStatus=133
SuccessExitStatus=133
- WatchdogSec=3min
Slice=machine.slice
Delegate=yes
+SmackProcessLabel=System
TasksMax=16384
+ @SERVICE_WATCHDOG@
# Enforce a strict device policy, similar to the one nspawn configures when it
# allocates its own scope unit. Make sure to keep these policies in sync if you
Restart=always
RestartSec=0
ExecStart=@rootlibexecdir@/systemd-udevd
+ ExecReload=@rootbindir@/udevadm control --reload --timeout 0
KillMode=mixed
- WatchdogSec=3min
TasksMax=infinity
+SmackProcessLabel=System::Privileged
PrivateMounts=yes
ProtectHostname=yes
MemoryDenyWriteExecute=yes
projects / platform / upstream / systemd.git / commitdiff