return r;
}
+DEFINE_CONFIG_PARSE_ENUM(config_parse_notify_access, notify_access, NotifyAccess, "Failed to parse notify access specifier");
+
#define FOLLOW_MAX 8
static int open_follow(char **filename, FILE **_f, Set *names, char **_final) {
{ config_parse_description, "DESCRIPTION" },
{ config_parse_timer, "TIMER" },
{ config_parse_timer_unit, "NAME" },
+ { config_parse_path_spec, "PATH" },
+ { config_parse_path_unit, "UNIT" },
+ { config_parse_notify_access, "ACCESS" }
};
assert(f);
{ "KillMode", config_parse_kill_mode, &u->service.kill_mode, "Service" },
{ "NonBlocking", config_parse_bool, &u->service.exec_context.non_blocking, "Service" },
{ "BusName", config_parse_string, &u->service.bus_name, "Service" },
+ { "NotifyAccess", config_parse_notify_access, &u->service.notify_access, "Service" },
EXEC_CONTEXT_CONFIG_ITEMS(u->service.exec_context, "Service"),
{ "ListenStream", config_parse_listen, &u->socket, "Socket" },
struct sockaddr_un un;
} sa;
struct epoll_event ev;
- char *ne[2], **t;
int one = 1;
assert(m);
if (epoll_ctl(m->epoll_fd, EPOLL_CTL_ADD, m->notify_watch.fd, &ev) < 0)
return -errno;
- if (asprintf(&ne[0], "NOTIFY_SOCKET=@%s", sa.un.sun_path+1) < 0)
+ if (!(m->notify_socket = strdup(sa.un.sun_path+1)))
return -ENOMEM;
- ne[1] = NULL;
- t = strv_env_merge(2, m->environment, ne);
- free(ne[0]);
-
- if (!t)
- return -ENOMEM;
-
- strv_free(m->environment);
- m->environment = t;
-
return 0;
}
if (m->notify_watch.fd >= 0)
close_nointr_nofail(m->notify_watch.fd);
+ free(m->notify_socket);
+
lookup_paths_free(&m->lookup_paths);
strv_free(m->environment);
log_debug("Got notification message for unit %s", u->meta.id);
if (UNIT_VTABLE(u)->notify_message)
- UNIT_VTABLE(u)->notify_message(u, tags);
+ UNIT_VTABLE(u)->notify_message(u, ucred->pid, tags);
strv_free(tags);
}
if ((r = unit_watch_bus_name(u, s->bus_name)) < 0)
return r;
}
+
+ if (s->type == SERVICE_NOTIFY && s->notify_access == NOTIFY_NONE)
+ s->notify_access = NOTIFY_MAIN;
}
return service_verify(s);
"%sRootDirectoryStartOnly: %s\n"
"%sValidNoProcess: %s\n"
"%sKillMode: %s\n"
- "%sType: %s\n",
+ "%sType: %s\n"
+ "%sNotifyAccess: %s\n",
prefix, service_state_to_string(s->state),
prefix, yes_no(s->permissions_start_only),
prefix, yes_no(s->root_directory_start_only),
prefix, yes_no(s->valid_no_process),
prefix, kill_mode_to_string(s->kill_mode),
- prefix, service_type_to_string(s->type));
+ prefix, service_type_to_string(s->type),
+ prefix, notify_access_to_string(s->notify_access));
if (s->control_pid > 0)
fprintf(f,
bool pass_fds,
bool apply_permissions,
bool apply_chroot,
+ bool set_notify_socket,
pid_t *_pid) {
pid_t pid;
int r;
int *fds = NULL;
unsigned n_fds = 0;
- char **argv;
+ char **argv = NULL, **env = NULL;
assert(s);
assert(c);
goto fail;
}
+ if (set_notify_socket) {
+ char *t;
+
+ if (asprintf(&t, "NOTIFY_SOCKET=@%s", s->meta.manager->notify_socket) < 0) {
+ r = -ENOMEM;
+ goto fail;
+ }
+
+ env = strv_env_set(s->meta.manager->environment, t);
+ free(t);
+
+ if (!env) {
+ r = -ENOMEM;
+ goto fail;
+ }
+ } else
+ env = s->meta.manager->environment;
+
r = exec_spawn(c,
argv,
&s->exec_context,
fds, n_fds,
- s->meta.manager->environment,
+ env,
apply_permissions,
apply_chroot,
UNIT(s)->meta.manager->confirm_spawn,
&pid);
strv_free(argv);
+ argv = NULL;
+
+ if (set_notify_socket)
+ strv_free(env);
+ env = NULL;
+
if (r < 0)
goto fail;
fail:
free(fds);
+ strv_free(argv);
+
+ if (set_notify_socket)
+ strv_free(env);
+
if (timeout)
unit_unwatch_timer(UNIT(s), &s->timer_watch);
false,
!s->permissions_start_only,
!s->root_directory_start_only,
+ false,
&s->control_pid)) < 0)
goto fail;
false,
!s->permissions_start_only,
!s->root_directory_start_only,
+ false,
&s->control_pid)) < 0)
goto fail;
false,
!s->permissions_start_only,
!s->root_directory_start_only,
+ false,
&s->control_pid)) < 0)
goto fail;
true,
true,
true,
+ s->notify_access != NOTIFY_NONE,
&pid)) < 0)
goto fail;
false,
!s->permissions_start_only,
!s->root_directory_start_only,
+ false,
&s->control_pid)) < 0)
goto fail;
false,
!s->permissions_start_only,
!s->root_directory_start_only,
+ false,
&s->control_pid)) < 0)
goto fail;
false,
!s->permissions_start_only,
!s->root_directory_start_only,
+ false,
&s->control_pid)) < 0)
goto fail;
}
}
-static void service_notify_message(Unit *u, char **tags) {
+static void service_notify_message(Unit *u, pid_t pid, char **tags) {
Service *s = SERVICE(u);
const char *e;
assert(u);
+ if (s->notify_access == NOTIFY_NONE) {
+ log_warning("%s: Got notification message from PID %lu, but reception is disabled.",
+ u->meta.id, (unsigned long) pid);
+ return;
+ }
+
+ if (s->notify_access == NOTIFY_MAIN && pid != s->main_pid) {
+ log_warning("%s: Got notification message from PID %lu, but reception only permitted for PID %lu",
+ u->meta.id, (unsigned long) pid, (unsigned long) s->main_pid);
+ return;
+ }
+
log_debug("%s: Got message", u->meta.id);
/* Interpret MAINPID= */
s->state == SERVICE_START_POST ||
s->state == SERVICE_RUNNING ||
s->state == SERVICE_RELOAD)) {
- pid_t pid;
if (parse_pid(e + 8, &pid) < 0)
log_warning("Failed to parse %s", e);
DEFINE_STRING_TABLE_LOOKUP(service_exec_command, ServiceExecCommand);
+static const char* const notify_access_table[_NOTIFY_ACCESS_MAX] = {
+ [NOTIFY_NONE] = "none",
+ [NOTIFY_MAIN] = "main",
+ [NOTIFY_ALL] = "all"
+};
+
+DEFINE_STRING_TABLE_LOOKUP(notify_access, NotifyAccess);
+
const UnitVTable service_vtable = {
.suffix = ".service",
projects / systemd / commitdiff