meson: Fix missing libseccomp dependencies

The builds with HAVE_SECCOMP fail on missing include paths:

FAILED: src/basic/libbasic.a.p/parse-util.c.o
cc -Isrc/basic/libbasic.a.p -Isrc/basic -I../src/basic -Isrc/boot -I../src/boot -Isrc/home -I../src/home -Isrc/shared -I../src/shared -Isrc/systemd -I../src/systemd -Isrc/journal -I../src/journal -Isrc/journal-remote -I../src/journal-remote -Isrc/nspawn -I../src/nspawn -Isrc/resolve -I../src/resolve -Isrc/timesync -I../src/timesync -I../src/time-wait-sync -Isrc/login -I../src/login -Isrc/udev -I../src/udev -Isrc/libudev -I../src/libudev -Isrc/core -I../src/core -Isrc/shutdown -I../src/shutdown -I../src/xdg-autostart-generator -I../src/libsystemd/sd-bus -I../src/libsystemd/sd-device -I../src/libsystemd/sd-event -I../src/libsystemd/sd-hwdb -I../src/libsystemd/sd-id128 -I../src/libsystemd/sd-netlink -I../src/libsystemd/sd-network -I../src/libsystemd/sd-resolve -Isrc/libsystemd-network -I../src/libsystemd-network -I. -I.. -fdiagnostics-color=always -pipe -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Wextra -std=gnu99 -g -Wno-unused-parameter -Wno-missing-field-initializers -Wno-unused-result -Wno-format-signedness -Werror=undef -Wlogical-op -Wmissing-include-dirs -Wold-style-definition -Wpointer-arith -Winit-self -Wfloat-equal -Wsuggest-attribute=noreturn -Werror=missing-prototypes -Werror=implicit-function-declaration -Werror=missing-declarations -Werror=return-type -Werror=incompatible-pointer-types -Werror=format=2 -Wstrict-prototypes -Wredundant-decls -Wmissing-noreturn -Wimplicit-fallthrough=5 -Wshadow -Wendif-labels -Wstrict-aliasing=2 -Wwrite-strings -Werror=overflow -Werror=shift-count-overflow -Werror=shift-overflow=2 -Wdate-time -Wnested-externs -Wno-maybe-uninitialized -ffast-math -fno-common -fdiagnostics-show-option -fno-strict-aliasing -fvisibility=hidden -fstack-protector -fstack-protector-strong --param=ssp-buffer-size=4 -Werror=shadow -include config.h -fPIC -pthread -fvisibility=default -MD -MQ src/basic/libbasic.a.p/parse-util.c.o -MF src/basic/libbasic.a.p/parse-util.c.o.d -o src/basic/libbasic.a.p/parse-util.c.o -c ../src/basic/parse-util.c
In file included from ../src/basic/parse-util.c:20:
../src/shared/seccomp-util.h:4:10: fatal error: seccomp.h: No such file or directory
    4 | #include <seccomp.h>
      |          ^~~~~~~~~~~
compilation terminated.

FAILED: test-parse-util.p/src_test_test-parse-util.c.o
cc -Itest-parse-util.p -I. -I.. -Isrc/basic -I../src/basic -Isrc/boot -I../src/boot -Isrc/home -I../src/home -Isrc/shared -I../src/shared -Isrc/systemd -I../src/systemd -Isrc/journal -I../src/journal -Isrc/journal-remote -I../src/journal-remote -Isrc/nspawn -I../src/nspawn -Isrc/resolve -I../src/resolve -Isrc/timesync -I../src/timesync -I../src/time-wait-sync -Isrc/login -I../src/login -Isrc/udev -I../src/udev -Isrc/libudev -I../src/libudev -Isrc/core -I../src/core -Isrc/shutdown -I../src/shutdown -I../src/xdg-autostart-generator -I../src/libsystemd/sd-bus -I../src/libsystemd/sd-device -I../src/libsystemd/sd-event -I../src/libsystemd/sd-hwdb -I../src/libsystemd/sd-id128 -I../src/libsystemd/sd-netlink -I../src/libsystemd/sd-network -I../src/libsystemd/sd-resolve -Isrc/libsystemd-network -I../src/libsystemd-network -fdiagnostics-color=always -pipe -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Wextra -std=gnu99 -g -Wno-unused-parameter -Wno-missing-field-initializers -Wno-unused-result -Wno-format-signedness -Werror=undef -Wlogical-op -Wmissing-include-dirs -Wold-style-definition -Wpointer-arith -Winit-self -Wfloat-equal -Wsuggest-attribute=noreturn -Werror=missing-prototypes -Werror=implicit-function-declaration -Werror=missing-declarations -Werror=return-type -Werror=incompatible-pointer-types -Werror=format=2 -Wstrict-prototypes -Wredundant-decls -Wmissing-noreturn -Wimplicit-fallthrough=5 -Wshadow -Wendif-labels -Wstrict-aliasing=2 -Wwrite-strings -Werror=overflow -Werror=shift-count-overflow -Werror=shift-overflow=2 -Wdate-time -Wnested-externs -Wno-maybe-uninitialized -ffast-math -fno-common -fdiagnostics-show-option -fno-strict-aliasing -fvisibility=hidden -fstack-protector -fstack-protector-strong --param=ssp-buffer-size=4 -Werror=shadow -include config.h -MD -MQ test-parse-util.p/src_test_test-parse-util.c.o -MF test-parse-util.p/src_test_test-parse-util.c.o.d -o test-parse-util.p/src_test_test-parse-util.c.o -c ../src/test/test-parse-util.c
In file included from ../src/test/test-parse-util.c:14:
../src/shared/seccomp-util.h:4:10: fatal error: seccomp.h: No such file or directory
    4 | #include <seccomp.h>
      |          ^~~~~~~~~~~
compilation terminated.

Add the respective deps.

Fixes: 005bfaf118 ("exec: Add kill action to system call filters")

NEWS

@@ -495,17 +495,6 @@ CHANGES WITH 247 in spe:
           such as replay debuggers where non-deterministic behaviour is not
           desirable.
 
-        * When building systemd the Meson option
-          -Dcompat-mutable-uid-boundaries may now be specified. If enabled,
-          systemd reads the system UID boundaries from /etc/login.defs, instead
-          of using the built-in values selected during build-time. This is an
-          option to improve compatibility for upgrades from old systems. It's
-          strongly recommended not to make use of this functionality on new
-          systems (or even enable it during build), as it makes something
-          runtime-configurable that is mostly an implementation detail of the
-          OS, and permits avoidable differences in deployments that create all
-          kinds of problems in the long run.
-
         * The autopaging logic in systemd's various tools (such as systemctl)
           has been updated to turn on "secure" mode in "less"
           (i.e. $LESSECURE=1) if execution in a "sudo" environment is
@@ -513,6 +502,44 @@ CHANGES WITH 247 in spe:
           via the pipe logic. This behaviour may be overridden via the new
           $SYSTEMD_PAGERSECURE environment variable.
 
+        * Units which have resource limits (.service, .mount, .swap, .slice,
+          .socket, and .slice) gained new configuration settings
+          ManagedOOMSwap=, ManagedOOMMemoryPressure=, and
+          ManagedOOMMemoryPressureLimitPercent= that speicify resource pressure
+          limits and optional action taken by systemd-oomd.
+
+        * A new service systemd-oomd has been added. It monitors resource
+          contention for selected parts of the unit hierarchy using the PSI
+          information reported by the kernel, and kills processes when memory
+          or swap pressure is above configured limits. This service is only
+          enabled in developer mode (see below) and should be considered a
+          preview in this release. Behaviour details and option names are
+          subject to change without the usual backwards-compatibility promises.
+
+        * A new helper oomctl has been added to introspect systemd-oomd state.
+          If also is only available in developer mode and should be considered
+          a preview without the usual backwards-compatibility promises.
+
+        * New meson option -Dcompat-mutable-uid-boundaries= has been added. If
+          enabled, systemd reads the system UID boundaries from /etc/login.defs
+          at runtime, instead of using the built-in values selected during
+          build. This is an option to improve compatibility for upgrades from
+          old systems. It's strongly recommended not to make use of this
+          functionality on new systems (or even enable it during build), as it
+          makes something runtime-configurable that is mostly an implementation
+          detail of the OS, and permits avoidable differences in deployments
+          that create all kinds of problems in the long run.
+
+        * New meson option '-Dmode=developer|release' has been added. When
+          'developer', additional checks and features are enabled that are
+          relevant during upstream development, e.g. verification that
+          semi-automatically-generated documentation has been properly updated
+          following API changes. Those checks are considered hints for
+          developers and are not actionable in downstream builds. In addition,
+          extra features that are not ready for general consumption may be
+          enabled in developer mode. It is thus recommended to set
+          '-Dmode=release' in end-user and distro builds.
+
 CHANGES WITH 246:
 
         * The service manager gained basic support for cgroup v2 freezer. Units

man/org.freedesktop.oom1.xml

@@ -0,0 +1,74 @@
+<?xml version='1.0'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" >
+<!-- SPDX-License-Identifier: LGPL-2.1+ -->
+
+<refentry id="org.freedesktop.oom1" conditional='ENABLE_OOMD'
+    xmlns:xi="http://www.w3.org/2001/XInclude">
+  <refentryinfo>
+    <title>org.freedesktop.oom1</title>
+    <productname>systemd</productname>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>org.freedesktop.oom1</refentrytitle>
+    <manvolnum>5</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>org.freedesktop.oom1</refname>
+    <refpurpose>The D-Bus interface of systemd-oomd</refpurpose>
+  </refnamediv>
+
+  <refsect1>
+    <title>Introduction</title>
+
+    <para>
+    <citerefentry><refentrytitle>systemd-oomd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+    is a system service which implements a userspace out-of-memory (OOM) killer. This page describes the
+    D-Bus interface.</para>
+  </refsect1>
+
+  <refsect1>
+    <title>The Manager Object</title>
+
+    <para>The service exposes the following interfaces on the Manager object on the bus:</para>
+
+    <programlisting executable="systemd-oomd" node="/org/freedesktop/oom1" interface="org.freedesktop.oom1.Manager">
+node /org/freedesktop/oom1 {
+  interface org.freedesktop.oom1.Manager {
+    methods:
+      DumpByFileDescriptor(out h fd);
+  };
+  interface org.freedesktop.DBus.Peer { ... };
+  interface org.freedesktop.DBus.Introspectable { ... };
+  interface org.freedesktop.DBus.Properties { ... };
+};
+    </programlisting>
+
+    <!--method DumpByFileDescriptor is not documented!-->
+
+    <!--Autogenerated cross-references for systemd.directives, do not edit-->
+
+    <variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.oom1.Manager"/>
+
+    <variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.oom1.Manager"/>
+
+    <variablelist class="dbus-method" generated="True" extra-ref="DumpByFileDescriptor()"/>
+
+    <!--End of Autogenerated section-->
+
+    <refsect2>
+      <title>Methods</title>
+
+      <para>...</para>
+    </refsect2>
+  </refsect1>
+
+  <refsect1>
+    <title>Versioning</title>
+
+    <para>These D-Bus interfaces follow <ulink url="http://0pointer.de/blog/projects/versioning-dbus.html">
+    the usual interface versioning guidelines</ulink>.</para>
+  </refsect1>
+</refentry>

man/rules/meson.build

@@ -54,6 +54,7 @@ manpages = [
  ['org.freedesktop.locale1', '5', [], 'ENABLE_LOCALED'],
  ['org.freedesktop.login1', '5', [], 'ENABLE_LOGIND'],
  ['org.freedesktop.machine1', '5', [], 'ENABLE_MACHINED'],
+ ['org.freedesktop.oom1', '5', [], 'ENABLE_OOMD'],
  ['org.freedesktop.resolve1', '5', [], 'ENABLE_RESOLVE'],
  ['org.freedesktop.systemd1', '5', [], ''],
  ['org.freedesktop.timedate1', '5', [], 'ENABLE_TIMEDATED'],

meson.build

@@ -1412,7 +1412,15 @@ conf.set10('ENABLE_HOMED', have)
 have = have and conf.get('HAVE_PAM') == 1
 conf.set10('ENABLE_PAM_HOME', have)
 
-have = get_option('oomd') and get_option('mode') == 'developer'
+have = get_option('oomd')
+if have == 'auto'
+        have = get_option('mode') == 'developer'
+else
+        have = have == 'true'
+        if have and get_option('mode') != 'developer'
+                error('oomd is not available in release mode (yet)')
+        endif
+endif
 conf.set10('ENABLE_OOMD', have)
 
 want_remote = get_option('remote')

meson_options.txt

@@ -97,7 +97,7 @@ option('coredump', type : 'boolean',
        description : 'install the coredump handler')
 option('pstore', type : 'boolean',
        description : 'install the pstore archival tool')
-option('oomd', type : 'boolean', value : 'false',
+option('oomd', type : 'combo', choices : ['auto', 'true', 'false'],
        description : 'install the userspace oom killer')
 option('logind', type : 'boolean',
        description : 'install the systemd-logind stack')

src/basic/meson.build

@@ -333,6 +333,7 @@ libbasic = static_library(
         dependencies : [versiondep,
                         threads,
                         libcap,
+                        libseccomp,
                         libselinux,
                         libm,
                         libdl],

src/oom/oomd-manager-bus.c

@@ -29,8 +29,19 @@ static int bus_method_dump_by_fd(sd_bus_message *message, void *userdata, sd_bus
         return sd_bus_reply_method_return(message, "h", fd);
 }
 
-const sd_bus_vtable manager_vtable[] = {
+static const sd_bus_vtable manager_vtable[] = {
         SD_BUS_VTABLE_START(0),
-        SD_BUS_METHOD("DumpByFileDescriptor", NULL, "h", bus_method_dump_by_fd, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD_WITH_NAMES("DumpByFileDescriptor",
+                                 NULL,,
+                                 "h",
+                                 SD_BUS_PARAM(fd),
+                                 bus_method_dump_by_fd,
+                                 SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_VTABLE_END
 };
+
+const BusObjectImplementation manager_object = {
+        "/org/freedesktop/oom1",
+        "org.freedesktop.oom1.Manager",
+        .vtables = BUS_VTABLES(manager_vtable),
+};

src/oom/oomd-manager-bus.h

@@ -1,8 +1,8 @@
 /* SPDX-License-Identifier: LGPL-2.1+ */
 #pragma once
 
-#include "sd-bus.h"
+#include "bus-object.h"
 
 typedef struct Manager Manager;
 
-extern const sd_bus_vtable manager_vtable[];
+extern const BusObjectImplementation manager_object;

src/oom/oomd-manager.c

@@ -455,9 +455,9 @@ static int manager_connect_bus(Manager *m) {
         if (r < 0)
                 return log_error_errno(r, "Failed to connect to bus: %m");
 
-        r = sd_bus_add_object_vtable(m->bus, NULL, "/org/freedesktop/oom1", "org.freedesktop.oom1.Manager", manager_vtable, m);
+        r = bus_add_implementation(m->bus, &manager_object, m);
         if (r < 0)
-                return log_error_errno(r, "Failed to add manager object vtable: %m");
+                return r;
 
         r = bus_log_control_api_register(m->bus);
         if (r < 0)

src/oom/oomd.c

@@ -2,12 +2,15 @@
 
 #include <getopt.h>
 
+#include "bus-log-control-api.h"
+#include "bus-object.h"
 #include "cgroup-util.h"
 #include "conf-parser.h"
 #include "daemon-util.h"
 #include "log.h"
 #include "main-func.h"
 #include "oomd-manager.h"
+#include "oomd-manager-bus.h"
 #include "parse-util.h"
 #include "pretty-print.c"
 #include "psi-util.h"
@@ -43,25 +46,31 @@ static int help(void) {
                 return log_oom();
 
         printf("%s [OPTIONS...]\n\n"
-                        "Run the userspace out-of-memory (OOM) killer.\n\n"
-                        "  -h --help     Show this help\n"
-                        "     --dry-run  Log write/destructive actions instead of doing them\n"
-                        "\nSee the %s for details.\n"
-                        , program_invocation_short_name
-                        , link
-              );
+               "Run the userspace out-of-memory (OOM) killer.\n\n"
+               "  -h --help                 Show this help\n"
+               "     --version              Show package version\n"
+               "     --dry-run              Only print destructive actions instead of doing them\n"
+               "     --bus-introspect=PATH  Write D-Bus XML introspection data\n"
+               "\nSee the %s for details.\n"
+               , program_invocation_short_name
+               , link
+        );
 
         return 0;
 }
 
 static int parse_argv(int argc, char *argv[]) {
         enum {
+                ARG_VERSION = 0x100,
                 ARG_DRY_RUN,
+                ARG_BUS_INTROSPECT,
         };
 
         static const struct option options[] = {
-                { "help",    no_argument, NULL, 'h'         },
-                { "dry-run", no_argument, NULL, ARG_DRY_RUN },
+                { "help",           no_argument,       NULL, 'h'                },
+                { "version",        no_argument,       NULL, ARG_VERSION        },
+                { "dry-run",        no_argument,       NULL, ARG_DRY_RUN        },
+                { "bus-introspect", required_argument, NULL, ARG_BUS_INTROSPECT },
                 {}
         };
 
@@ -74,20 +83,34 @@ static int parse_argv(int argc, char *argv[]) {
 
                 switch (c) {
 
-                        case 'h':
-                                return help();
+                case 'h':
+                        return help();
 
-                        case ARG_DRY_RUN:
-                                arg_dry_run = true;
-                                break;
+                case ARG_VERSION:
+                        return version();
 
-                        case '?':
-                                return -EINVAL;
+                case ARG_DRY_RUN:
+                        arg_dry_run = true;
+                        break;
 
-                        default:
-                                assert_not_reached("Invalid option passed.");
+                case ARG_BUS_INTROSPECT:
+                        return bus_introspect_implementations(
+                                        stdout,
+                                        optarg,
+                                        BUS_IMPLEMENTATIONS(&manager_object,
+                                                            &log_control_object));
+
+                case '?':
+                        return -EINVAL;
+
+                default:
+                        assert_not_reached("Unknown option code.");
                 }
 
+        if (optind < argc)
+                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+                                       "This program takes no arguments.");
+
         return 1;
 }
 

src/test/meson.build

@@ -333,7 +333,7 @@ tests += [
 
         [['src/test/test-parse-util.c'],
          [],
-         []],
+         [libseccomp]],
 
         [['src/test/test-sysctl-util.c'],
          [],