Compare commits
8 Commits
d727acb650
...
959daf9bfc
Author | SHA1 | Date |
---|---|---|
Chris Down | 959daf9bfc | |
Yu Watanabe | 7f66ff56eb | |
Zbigniew Jędrzejewski-Szmek | abc9fa1cf1 | |
Zbigniew Jędrzejewski-Szmek | 47538b7686 | |
Zbigniew Jędrzejewski-Szmek | a2262bcafa | |
Anita Zhang | d272467882 | |
Anita Zhang | f18f809c07 | |
Anita Zhang | e23d911664 |
|
@ -63,6 +63,19 @@
|
|||
<para>The <citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||||
command allows creating <filename>.service</filename> and <filename>.scope</filename> units dynamically
|
||||
and transiently from the command line.</para>
|
||||
|
||||
<para>In addition to the various drop-in behaviors described in
|
||||
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
services also support a top-level drop-in with <filename>-.service.d/</filename> that allows
|
||||
altering or adding to the settings of all services on the system.
|
||||
The formatting and precedence of applying drop-in configurations follow what is defined in
|
||||
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||||
However, configurations in <filename>-.service.d/</filename> have the lowest precedence compared to settings
|
||||
in the service specific override directories. For example, for <filename>foo-bar-baz.service</filename>,
|
||||
drop-ins in <filename>foo-bar-baz.service.d/</filename> override the ones in
|
||||
<filename>foo-bar-.service.d/</filename>, which override the ones <filename>foo-.service.d/</filename>,
|
||||
which override the ones in <filename>-.service.d/</filename>.
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
|
|
|
@ -119,6 +119,15 @@
|
|||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><filename>-.service</filename></term>
|
||||
<listitem>
|
||||
<para>This is a reserved unit name used to support top-level drop-ins for services. See
|
||||
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
for details.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><filename>basic.target</filename></term>
|
||||
<listitem>
|
||||
|
|
|
@ -192,6 +192,10 @@
|
|||
over unit files wherever located. Multiple drop-in files with different names are applied in
|
||||
lexicographic order, regardless of which of the directories they reside in.</para>
|
||||
|
||||
<para>Service units also support a top-level drop-in directory for modifying the settings of all service units. See
|
||||
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
for details.</para>
|
||||
|
||||
<!-- Note that we do not document .include here, as we consider it mostly obsolete, and want
|
||||
people to use .d/ drop-ins instead. -->
|
||||
|
||||
|
|
|
@ -102,8 +102,8 @@ static inline void *set_steal_first(Set *s) {
|
|||
/* no set_steal_first_key */
|
||||
/* no set_first_key */
|
||||
|
||||
static inline void *set_first(Set *s) {
|
||||
return internal_hashmap_first_key_and_value(HASHMAP_BASE(s), false, NULL);
|
||||
static inline void *set_first(const Set *s) {
|
||||
return internal_hashmap_first_key_and_value(HASHMAP_BASE((Set *) s), false, NULL);
|
||||
}
|
||||
|
||||
/* no set_next */
|
||||
|
|
|
@ -105,3 +105,7 @@
|
|||
|
||||
/* The root directory. */
|
||||
#define SPECIAL_ROOT_MOUNT "-.mount"
|
||||
|
||||
/* Used to apply settings to all services through drop-ins.
|
||||
* Should not exist as an actual service. */
|
||||
#define SPECIAL_ROOT_SERVICE "-.service"
|
||||
|
|
|
@ -665,6 +665,36 @@ good:
|
|||
return 0;
|
||||
}
|
||||
|
||||
bool service_unit_name_is_valid(const char *name) {
|
||||
_cleanup_free_ char *prefix = NULL, *s = NULL;
|
||||
const char *e, *service_name = name;
|
||||
|
||||
if (!unit_name_is_valid(name, UNIT_NAME_ANY))
|
||||
return false;
|
||||
|
||||
e = endswith(name, ".service");
|
||||
if (!e)
|
||||
return false;
|
||||
|
||||
/* If it's a template or instance, get the prefix as a service name. */
|
||||
if (unit_name_is_valid(name, UNIT_NAME_INSTANCE|UNIT_NAME_TEMPLATE)) {
|
||||
if (unit_name_to_prefix(name, &prefix) < 0)
|
||||
return false;
|
||||
|
||||
s = strjoin(prefix, ".service");
|
||||
if (!s)
|
||||
return false;
|
||||
|
||||
service_name = s;
|
||||
}
|
||||
|
||||
/* Reject reserved service name(s). */
|
||||
if (streq(service_name, SPECIAL_ROOT_SERVICE))
|
||||
return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
int slice_build_parent_slice(const char *slice, char **ret) {
|
||||
char *s, *dash;
|
||||
int r;
|
||||
|
|
|
@ -58,6 +58,8 @@ static inline int unit_name_mangle(const char *name, UnitNameMangle flags, char
|
|||
return unit_name_mangle_with_suffix(name, flags, ".service", ret);
|
||||
}
|
||||
|
||||
bool service_unit_name_is_valid(const char *name);
|
||||
|
||||
int slice_build_parent_slice(const char *slice, char **ret);
|
||||
int slice_build_subslice(const char *slice, const char *name, char **subslice);
|
||||
bool slice_name_is_valid(const char *name);
|
||||
|
|
|
@ -215,7 +215,7 @@ int config_parse_unit_string_printf(
|
|||
void *userdata) {
|
||||
|
||||
_cleanup_free_ char *k = NULL;
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
int r;
|
||||
|
||||
assert(filename);
|
||||
|
@ -244,7 +244,7 @@ int config_parse_unit_strv_printf(
|
|||
void *data,
|
||||
void *userdata) {
|
||||
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
_cleanup_free_ char *k = NULL;
|
||||
int r;
|
||||
|
||||
|
@ -275,7 +275,7 @@ int config_parse_unit_path_printf(
|
|||
void *userdata) {
|
||||
|
||||
_cleanup_free_ char *k = NULL;
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
int r;
|
||||
bool fatal = ltype;
|
||||
|
||||
|
@ -316,7 +316,7 @@ int config_parse_unit_path_strv_printf(
|
|||
void *userdata) {
|
||||
|
||||
char ***x = data;
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
int r;
|
||||
const char *p;
|
||||
|
||||
|
@ -606,7 +606,7 @@ int config_parse_exec(
|
|||
void *userdata) {
|
||||
|
||||
ExecCommand **e = data;
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
const char *p;
|
||||
bool semicolon;
|
||||
int r;
|
||||
|
@ -878,7 +878,7 @@ int config_parse_exec_input(
|
|||
void *userdata) {
|
||||
|
||||
ExecContext *c = data;
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
const char *n;
|
||||
ExecInput ei;
|
||||
int r;
|
||||
|
@ -948,7 +948,7 @@ int config_parse_exec_input_text(
|
|||
|
||||
_cleanup_free_ char *unescaped = NULL, *resolved = NULL;
|
||||
ExecContext *c = data;
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
size_t sz;
|
||||
void *p;
|
||||
int r;
|
||||
|
@ -1061,7 +1061,7 @@ int config_parse_exec_output(
|
|||
_cleanup_free_ char *resolved = NULL;
|
||||
const char *n;
|
||||
ExecContext *c = data;
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
ExecOutput eo;
|
||||
int r;
|
||||
|
||||
|
@ -1405,7 +1405,7 @@ int config_parse_exec_selinux_context(
|
|||
void *userdata) {
|
||||
|
||||
ExecContext *c = data;
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
bool ignore;
|
||||
char *k;
|
||||
int r;
|
||||
|
@ -1454,7 +1454,7 @@ int config_parse_exec_apparmor_profile(
|
|||
void *userdata) {
|
||||
|
||||
ExecContext *c = data;
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
bool ignore;
|
||||
char *k;
|
||||
int r;
|
||||
|
@ -1503,7 +1503,7 @@ int config_parse_exec_smack_process_label(
|
|||
void *userdata) {
|
||||
|
||||
ExecContext *c = data;
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
bool ignore;
|
||||
char *k;
|
||||
int r;
|
||||
|
@ -1553,7 +1553,7 @@ int config_parse_timer(
|
|||
|
||||
_cleanup_(calendar_spec_freep) CalendarSpec *c = NULL;
|
||||
_cleanup_free_ char *k = NULL;
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
Timer *t = data;
|
||||
usec_t usec = 0;
|
||||
TimerValue *v;
|
||||
|
@ -1871,7 +1871,7 @@ int config_parse_bus_name(
|
|||
void *userdata) {
|
||||
|
||||
_cleanup_free_ char *k = NULL;
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
int r;
|
||||
|
||||
assert(filename);
|
||||
|
@ -2017,7 +2017,7 @@ int config_parse_user_group_compat(
|
|||
|
||||
_cleanup_free_ char *k = NULL;
|
||||
char **user = data;
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
int r;
|
||||
|
||||
assert(filename);
|
||||
|
@ -2057,7 +2057,7 @@ int config_parse_user_group_strv_compat(
|
|||
void *userdata) {
|
||||
|
||||
char ***users = data;
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
const char *p = rvalue;
|
||||
int r;
|
||||
|
||||
|
@ -2118,7 +2118,7 @@ int config_parse_working_directory(
|
|||
void *userdata) {
|
||||
|
||||
ExecContext *c = data;
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
bool missing_ok;
|
||||
int r;
|
||||
|
||||
|
@ -2178,7 +2178,7 @@ int config_parse_unit_env_file(const char *unit,
|
|||
void *userdata) {
|
||||
|
||||
char ***env = data;
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
_cleanup_free_ char *n = NULL;
|
||||
int r;
|
||||
|
||||
|
@ -2224,7 +2224,7 @@ int config_parse_environ(
|
|||
void *data,
|
||||
void *userdata) {
|
||||
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
char ***env = data;
|
||||
const char *p;
|
||||
int r;
|
||||
|
@ -2294,7 +2294,7 @@ int config_parse_pass_environ(
|
|||
size_t nlen = 0, nbufsize = 0;
|
||||
char*** passenv = data;
|
||||
const char *p = rvalue;
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
int r;
|
||||
|
||||
assert(filename);
|
||||
|
@ -2370,7 +2370,7 @@ int config_parse_unset_environ(
|
|||
size_t nlen = 0, nbufsize = 0;
|
||||
char*** unsetenv = data;
|
||||
const char *p = rvalue;
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
int r;
|
||||
|
||||
assert(filename);
|
||||
|
@ -2443,7 +2443,7 @@ int config_parse_log_extra_fields(
|
|||
void *userdata) {
|
||||
|
||||
ExecContext *c = data;
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
const char *p = rvalue;
|
||||
int r;
|
||||
|
||||
|
@ -2516,7 +2516,7 @@ int config_parse_unit_condition_path(
|
|||
Condition **list = data, *c;
|
||||
ConditionType t = ltype;
|
||||
bool trigger, negate;
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
int r;
|
||||
|
||||
assert(filename);
|
||||
|
@ -2572,7 +2572,7 @@ int config_parse_unit_condition_string(
|
|||
Condition **list = data, *c;
|
||||
ConditionType t = ltype;
|
||||
bool trigger, negate;
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
int r;
|
||||
|
||||
assert(filename);
|
||||
|
@ -2776,7 +2776,7 @@ int config_parse_syscall_filter(
|
|||
void *userdata) {
|
||||
|
||||
ExecContext *c = data;
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
bool invert = false;
|
||||
const char *p;
|
||||
int r;
|
||||
|
@ -3086,7 +3086,7 @@ int config_parse_unit_slice(
|
|||
|
||||
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
||||
_cleanup_free_ char *k = NULL;
|
||||
Unit *u = userdata, *slice = NULL;
|
||||
Unit *u = userdata, *slice;
|
||||
int r;
|
||||
|
||||
assert(filename);
|
||||
|
@ -3267,7 +3267,7 @@ int config_parse_tasks_max(
|
|||
void *userdata) {
|
||||
|
||||
uint64_t *tasks_max = data, v;
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
int r;
|
||||
|
||||
if (isempty(rvalue)) {
|
||||
|
@ -3890,7 +3890,7 @@ int config_parse_exec_directories(
|
|||
void *userdata) {
|
||||
|
||||
char***rt = data;
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
const char *p;
|
||||
int r;
|
||||
|
||||
|
@ -4019,7 +4019,7 @@ int config_parse_namespace_path_strv(
|
|||
void *data,
|
||||
void *userdata) {
|
||||
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
char*** sv = data;
|
||||
const char *p = rvalue;
|
||||
int r;
|
||||
|
@ -4096,7 +4096,7 @@ int config_parse_temporary_filesystems(
|
|||
void *data,
|
||||
void *userdata) {
|
||||
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
ExecContext *c = data;
|
||||
const char *p = rvalue;
|
||||
int r;
|
||||
|
@ -4170,7 +4170,7 @@ int config_parse_bind_paths(
|
|||
void *userdata) {
|
||||
|
||||
ExecContext *c = data;
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
const char *p;
|
||||
int r;
|
||||
|
||||
|
@ -4423,7 +4423,7 @@ int config_parse_pid_file(
|
|||
void *userdata) {
|
||||
|
||||
_cleanup_free_ char *k = NULL, *n = NULL;
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
char **s = data;
|
||||
int r;
|
||||
|
||||
|
@ -4545,7 +4545,7 @@ int config_parse_ip_filter_bpf_progs(
|
|||
void *userdata) {
|
||||
|
||||
_cleanup_free_ char *resolved = NULL;
|
||||
Unit *u = userdata;
|
||||
const Unit *u = userdata;
|
||||
char ***paths = data;
|
||||
int r;
|
||||
|
||||
|
|
|
@ -550,6 +550,11 @@ static int service_verify(Service *s) {
|
|||
assert(s);
|
||||
assert(UNIT(s)->load_state == UNIT_LOADED);
|
||||
|
||||
if (!service_unit_name_is_valid(UNIT(s)->id)) {
|
||||
log_unit_error(UNIT(s), "Service name is invalid or reserved. Refusing.");
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP]
|
||||
&& UNIT(s)->success_action == EMERGENCY_ACTION_NONE) {
|
||||
/* FailureAction= only makes sense if one of the start or stop commands is specified.
|
||||
|
|
|
@ -171,7 +171,7 @@ static int specifier_special_directory(char specifier, const void *data, const v
|
|||
return 0;
|
||||
}
|
||||
|
||||
int unit_name_printf(Unit *u, const char* format, char **ret) {
|
||||
int unit_name_printf(const Unit *u, const char* format, char **ret) {
|
||||
|
||||
/*
|
||||
* This will use the passed string as format string and replace the following specifiers (which should all be
|
||||
|
@ -215,8 +215,7 @@ int unit_name_printf(Unit *u, const char* format, char **ret) {
|
|||
return specifier_printf(format, table, u, ret);
|
||||
}
|
||||
|
||||
int unit_full_printf(Unit *u, const char *format, char **ret) {
|
||||
|
||||
int unit_full_printf(const Unit *u, const char *format, char **ret) {
|
||||
/* This is similar to unit_name_printf() but also supports unescaping. Also, adds a couple of additional codes
|
||||
* (which are likely not suitable for unescaped inclusion in unit names):
|
||||
*
|
||||
|
|
|
@ -3,5 +3,5 @@
|
|||
|
||||
#include "unit.h"
|
||||
|
||||
int unit_name_printf(Unit *u, const char* text, char **ret);
|
||||
int unit_full_printf(Unit *u, const char *text, char **ret);
|
||||
int unit_name_printf(const Unit *u, const char* text, char **ret);
|
||||
int unit_full_printf(const Unit *u, const char *text, char **ret);
|
||||
|
|
|
@ -19,6 +19,7 @@
|
|||
#include "mkdir.h"
|
||||
#include "path-util.h"
|
||||
#include "set.h"
|
||||
#include "special.h"
|
||||
#include "string-util.h"
|
||||
#include "strv.h"
|
||||
#include "unit-name.h"
|
||||
|
@ -226,12 +227,34 @@ int unit_file_find_dropin_paths(
|
|||
char ***ret) {
|
||||
|
||||
_cleanup_strv_free_ char **dirs = NULL;
|
||||
UnitType type = _UNIT_TYPE_INVALID;
|
||||
char *name, **p;
|
||||
Iterator i;
|
||||
int r;
|
||||
|
||||
assert(ret);
|
||||
|
||||
/* All the names in the unit are of the same type so just grab one. */
|
||||
name = (char*) set_first(names);
|
||||
if (name) {
|
||||
type = unit_name_to_type(name);
|
||||
if (type < 0)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||
"Failed to to derive unit type from unit name: %s",
|
||||
name);
|
||||
}
|
||||
|
||||
/* Special drop in for -.service. Add this first as it's the most generic
|
||||
* and should be able to be overridden by more specific drop-ins. */
|
||||
if (type == UNIT_SERVICE)
|
||||
STRV_FOREACH(p, lookup_path)
|
||||
(void) unit_file_find_dirs(original_root,
|
||||
unit_path_cache,
|
||||
*p,
|
||||
SPECIAL_ROOT_SERVICE,
|
||||
dir_suffix,
|
||||
&dirs);
|
||||
|
||||
SET_FOREACH(name, names, i)
|
||||
STRV_FOREACH(p, lookup_path)
|
||||
(void) unit_file_find_dirs(original_root, unit_path_cache, *p, name, dir_suffix, &dirs);
|
||||
|
|
|
@ -355,6 +355,24 @@ static void test_unit_name_build(void) {
|
|||
free(t);
|
||||
}
|
||||
|
||||
static void test_service_unit_name_is_valid(void) {
|
||||
assert_se(service_unit_name_is_valid("foo.service"));
|
||||
assert_se(service_unit_name_is_valid("foo@bar.service"));
|
||||
assert_se(service_unit_name_is_valid("foo@bar@bar.service"));
|
||||
assert_se(service_unit_name_is_valid("--.service"));
|
||||
assert_se(service_unit_name_is_valid(".-.service"));
|
||||
assert_se(service_unit_name_is_valid("-foo-bar.service"));
|
||||
assert_se(service_unit_name_is_valid("-foo-bar-.service"));
|
||||
assert_se(service_unit_name_is_valid("foo-bar-.service"));
|
||||
|
||||
assert_se(!service_unit_name_is_valid("-.service"));
|
||||
assert_se(!service_unit_name_is_valid(""));
|
||||
assert_se(!service_unit_name_is_valid("foo.slice"));
|
||||
assert_se(!service_unit_name_is_valid("@.service"));
|
||||
assert_se(!service_unit_name_is_valid("@bar.service"));
|
||||
assert_se(!service_unit_name_is_valid("-@.service"));
|
||||
}
|
||||
|
||||
static void test_slice_name_is_valid(void) {
|
||||
assert_se( slice_name_is_valid(SPECIAL_ROOT_SLICE));
|
||||
assert_se( slice_name_is_valid("foo.slice"));
|
||||
|
@ -840,6 +858,7 @@ int main(int argc, char* argv[]) {
|
|||
test_unit_prefix_is_valid();
|
||||
test_unit_name_change_suffix();
|
||||
test_unit_name_build();
|
||||
test_service_unit_name_is_valid();
|
||||
test_slice_name_is_valid();
|
||||
test_build_subslice();
|
||||
test_build_parent_slice();
|
||||
|
|
|
@ -101,6 +101,19 @@ test_basic_dropins () {
|
|||
check_ok b Wants c.service
|
||||
systemctl stop a c
|
||||
|
||||
echo "*** test -.service.d/ top level drop-in"
|
||||
create_services a b
|
||||
check_ko a ExecCondition "/bin/echo a"
|
||||
check_ko b ExecCondition "/bin/echo b"
|
||||
mkdir -p /usr/lib/systemd/system/-.service.d
|
||||
cat >/usr/lib/systemd/system/-.service.d/override.conf <<EOF
|
||||
[Service]
|
||||
ExecCondition=/bin/echo %n
|
||||
EOF
|
||||
check_ok a ExecCondition "/bin/echo a"
|
||||
check_ok b ExecCondition "/bin/echo b"
|
||||
rm -rf /usr/lib/systemd/system/-.service.d
|
||||
|
||||
clear_services a b c
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue