Merge pull request #13743 from anitazha/dropin_all_the_things

core: support top level drop-ins through -.service.d for service units

man/systemd.service.xml

@@ -63,6 +63,19 @@
     <para>The <citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry>
     command allows creating <filename>.service</filename> and <filename>.scope</filename> units dynamically
     and transiently from the command line.</para>
+
+    <para>In addition to the various drop-in behaviors described in
+    <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+    services also support a top-level drop-in with <filename>-.service.d/</filename> that allows
+    altering or adding to the settings of all services on the system.
+    The formatting and precedence of applying drop-in configurations follow what is defined in
+    <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+    However, configurations in <filename>-.service.d/</filename> have the lowest precedence compared to settings
+    in the service specific override directories. For example, for <filename>foo-bar-baz.service</filename>,
+    drop-ins in <filename>foo-bar-baz.service.d/</filename> override the ones in
+    <filename>foo-bar-.service.d/</filename>, which override the ones <filename>foo-.service.d/</filename>,
+    which override the ones in <filename>-.service.d/</filename>.
+    </para>
   </refsect1>
 
   <refsect1>

man/systemd.special.xml

@@ -119,6 +119,15 @@
           </listitem>
         </varlistentry>
 
+        <varlistentry>
+          <term><filename>-.service</filename></term>
+          <listitem>
+            <para>This is a reserved unit name used to support top-level drop-ins for services. See
+            <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+            for details.</para>
+          </listitem>
+        </varlistentry>
+
         <varlistentry>
           <term><filename>basic.target</filename></term>
           <listitem>

man/systemd.unit.xml

@@ -192,6 +192,10 @@
     over unit files wherever located. Multiple drop-in files with different names are applied in
     lexicographic order, regardless of which of the directories they reside in.</para>
 
+    <para>Service units also support a top-level drop-in directory for modifying the settings of all service units. See
+    <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+    for details.</para>
+
     <!-- Note that we do not document .include here, as we consider it mostly obsolete, and want
          people to use .d/ drop-ins instead. -->
 

src/basic/set.h

@@ -102,8 +102,8 @@ static inline void *set_steal_first(Set *s) {
 /* no set_steal_first_key */
 /* no set_first_key */
 
-static inline void *set_first(Set *s) {
-        return internal_hashmap_first_key_and_value(HASHMAP_BASE(s), false, NULL);
+static inline void *set_first(const Set *s) {
+        return internal_hashmap_first_key_and_value(HASHMAP_BASE((Set *) s), false, NULL);
 }
 
 /* no set_next */

src/basic/special.h

@@ -105,3 +105,7 @@
 
 /* The root directory. */
 #define SPECIAL_ROOT_MOUNT "-.mount"
+
+/* Used to apply settings to all services through drop-ins.
+ * Should not exist as an actual service. */
+#define SPECIAL_ROOT_SERVICE "-.service"

src/basic/unit-name.c

@@ -665,6 +665,36 @@ good:
         return 0;
 }
 
+bool service_unit_name_is_valid(const char *name) {
+        _cleanup_free_ char *prefix = NULL, *s = NULL;
+        const char *e, *service_name = name;
+
+        if (!unit_name_is_valid(name, UNIT_NAME_ANY))
+                return false;
+
+        e = endswith(name, ".service");
+        if (!e)
+                return false;
+
+        /* If it's a template or instance, get the prefix as a service name. */
+        if (unit_name_is_valid(name, UNIT_NAME_INSTANCE|UNIT_NAME_TEMPLATE)) {
+                if (unit_name_to_prefix(name, &prefix) < 0)
+                        return false;
+
+                s = strjoin(prefix, ".service");
+                if (!s)
+                        return false;
+
+                service_name = s;
+        }
+
+        /* Reject reserved service name(s). */
+        if (streq(service_name, SPECIAL_ROOT_SERVICE))
+                return false;
+
+        return true;
+}
+
 int slice_build_parent_slice(const char *slice, char **ret) {
         char *s, *dash;
         int r;

src/basic/unit-name.h

@@ -58,6 +58,8 @@ static inline int unit_name_mangle(const char *name, UnitNameMangle flags, char
         return unit_name_mangle_with_suffix(name, flags, ".service", ret);
 }
 
+bool service_unit_name_is_valid(const char *name);
+
 int slice_build_parent_slice(const char *slice, char **ret);
 int slice_build_subslice(const char *slice, const char *name, char **subslice);
 bool slice_name_is_valid(const char *name);

src/core/load-fragment.c

@@ -215,7 +215,7 @@ int config_parse_unit_string_printf(
                 void *userdata) {
 
         _cleanup_free_ char *k = NULL;
-        Unit *u = userdata;
+        const Unit *u = userdata;
         int r;
 
         assert(filename);
@@ -244,7 +244,7 @@ int config_parse_unit_strv_printf(
                 void *data,
                 void *userdata) {
 
-        Unit *u = userdata;
+        const Unit *u = userdata;
         _cleanup_free_ char *k = NULL;
         int r;
 
@@ -275,7 +275,7 @@ int config_parse_unit_path_printf(
                 void *userdata) {
 
         _cleanup_free_ char *k = NULL;
-        Unit *u = userdata;
+        const Unit *u = userdata;
         int r;
         bool fatal = ltype;
 
@@ -316,7 +316,7 @@ int config_parse_unit_path_strv_printf(
                 void *userdata) {
 
         char ***x = data;
-        Unit *u = userdata;
+        const Unit *u = userdata;
         int r;
         const char *p;
 
@@ -606,7 +606,7 @@ int config_parse_exec(
                 void *userdata) {
 
         ExecCommand **e = data;
-        Unit *u = userdata;
+        const Unit *u = userdata;
         const char *p;
         bool semicolon;
         int r;
@@ -878,7 +878,7 @@ int config_parse_exec_input(
                 void *userdata) {
 
         ExecContext *c = data;
-        Unit *u = userdata;
+        const Unit *u = userdata;
         const char *n;
         ExecInput ei;
         int r;
@@ -948,7 +948,7 @@ int config_parse_exec_input_text(
 
         _cleanup_free_ char *unescaped = NULL, *resolved = NULL;
         ExecContext *c = data;
-        Unit *u = userdata;
+        const Unit *u = userdata;
         size_t sz;
         void *p;
         int r;
@@ -1061,7 +1061,7 @@ int config_parse_exec_output(
         _cleanup_free_ char *resolved = NULL;
         const char *n;
         ExecContext *c = data;
-        Unit *u = userdata;
+        const Unit *u = userdata;
         ExecOutput eo;
         int r;
 
@@ -1405,7 +1405,7 @@ int config_parse_exec_selinux_context(
                 void *userdata) {
 
         ExecContext *c = data;
-        Unit *u = userdata;
+        const Unit *u = userdata;
         bool ignore;
         char *k;
         int r;
@@ -1454,7 +1454,7 @@ int config_parse_exec_apparmor_profile(
                 void *userdata) {
 
         ExecContext *c = data;
-        Unit *u = userdata;
+        const Unit *u = userdata;
         bool ignore;
         char *k;
         int r;
@@ -1503,7 +1503,7 @@ int config_parse_exec_smack_process_label(
                 void *userdata) {
 
         ExecContext *c = data;
-        Unit *u = userdata;
+        const Unit *u = userdata;
         bool ignore;
         char *k;
         int r;
@@ -1553,7 +1553,7 @@ int config_parse_timer(
 
         _cleanup_(calendar_spec_freep) CalendarSpec *c = NULL;
         _cleanup_free_ char *k = NULL;
-        Unit *u = userdata;
+        const Unit *u = userdata;
         Timer *t = data;
         usec_t usec = 0;
         TimerValue *v;
@@ -1871,7 +1871,7 @@ int config_parse_bus_name(
                 void *userdata) {
 
         _cleanup_free_ char *k = NULL;
-        Unit *u = userdata;
+        const Unit *u = userdata;
         int r;
 
         assert(filename);
@@ -2017,7 +2017,7 @@ int config_parse_user_group_compat(
 
         _cleanup_free_ char *k = NULL;
         char **user = data;
-        Unit *u = userdata;
+        const Unit *u = userdata;
         int r;
 
         assert(filename);
@@ -2057,7 +2057,7 @@ int config_parse_user_group_strv_compat(
                 void *userdata) {
 
         char ***users = data;
-        Unit *u = userdata;
+        const Unit *u = userdata;
         const char *p = rvalue;
         int r;
 
@@ -2118,7 +2118,7 @@ int config_parse_working_directory(
                 void *userdata) {
 
         ExecContext *c = data;
-        Unit *u = userdata;
+        const Unit *u = userdata;
         bool missing_ok;
         int r;
 
@@ -2178,7 +2178,7 @@ int config_parse_unit_env_file(const char *unit,
                                void *userdata) {
 
         char ***env = data;
-        Unit *u = userdata;
+        const Unit *u = userdata;
         _cleanup_free_ char *n = NULL;
         int r;
 
@@ -2224,7 +2224,7 @@ int config_parse_environ(
                 void *data,
                 void *userdata) {
 
-        Unit *u = userdata;
+        const Unit *u = userdata;
         char ***env = data;
         const char *p;
         int r;
@@ -2294,7 +2294,7 @@ int config_parse_pass_environ(
         size_t nlen = 0, nbufsize = 0;
         char*** passenv = data;
         const char *p = rvalue;
-        Unit *u = userdata;
+        const Unit *u = userdata;
         int r;
 
         assert(filename);
@@ -2370,7 +2370,7 @@ int config_parse_unset_environ(
         size_t nlen = 0, nbufsize = 0;
         char*** unsetenv = data;
         const char *p = rvalue;
-        Unit *u = userdata;
+        const Unit *u = userdata;
         int r;
 
         assert(filename);
@@ -2443,7 +2443,7 @@ int config_parse_log_extra_fields(
                 void *userdata) {
 
         ExecContext *c = data;
-        Unit *u = userdata;
+        const Unit *u = userdata;
         const char *p = rvalue;
         int r;
 
@@ -2516,7 +2516,7 @@ int config_parse_unit_condition_path(
         Condition **list = data, *c;
         ConditionType t = ltype;
         bool trigger, negate;
-        Unit *u = userdata;
+        const Unit *u = userdata;
         int r;
 
         assert(filename);
@@ -2572,7 +2572,7 @@ int config_parse_unit_condition_string(
         Condition **list = data, *c;
         ConditionType t = ltype;
         bool trigger, negate;
-        Unit *u = userdata;
+        const Unit *u = userdata;
         int r;
 
         assert(filename);
@@ -2776,7 +2776,7 @@ int config_parse_syscall_filter(
                 void *userdata) {
 
         ExecContext *c = data;
-        Unit *u = userdata;
+        const Unit *u = userdata;
         bool invert = false;
         const char *p;
         int r;
@@ -3086,7 +3086,7 @@ int config_parse_unit_slice(
 
         _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
         _cleanup_free_ char *k = NULL;
-        Unit *u = userdata, *slice = NULL;
+        Unit *u = userdata, *slice;
         int r;
 
         assert(filename);
@@ -3267,7 +3267,7 @@ int config_parse_tasks_max(
                 void *userdata) {
 
         uint64_t *tasks_max = data, v;
-        Unit *u = userdata;
+        const Unit *u = userdata;
         int r;
 
         if (isempty(rvalue)) {
@@ -3890,7 +3890,7 @@ int config_parse_exec_directories(
                 void *userdata) {
 
         char***rt = data;
-        Unit *u = userdata;
+        const Unit *u = userdata;
         const char *p;
         int r;
 
@@ -4019,7 +4019,7 @@ int config_parse_namespace_path_strv(
                 void *data,
                 void *userdata) {
 
-        Unit *u = userdata;
+        const Unit *u = userdata;
         char*** sv = data;
         const char *p = rvalue;
         int r;
@@ -4096,7 +4096,7 @@ int config_parse_temporary_filesystems(
                 void *data,
                 void *userdata) {
 
-        Unit *u = userdata;
+        const Unit *u = userdata;
         ExecContext *c = data;
         const char *p = rvalue;
         int r;
@@ -4170,7 +4170,7 @@ int config_parse_bind_paths(
                 void *userdata) {
 
         ExecContext *c = data;
-        Unit *u = userdata;
+        const Unit *u = userdata;
         const char *p;
         int r;
 
@@ -4423,7 +4423,7 @@ int config_parse_pid_file(
                 void *userdata) {
 
         _cleanup_free_ char *k = NULL, *n = NULL;
-        Unit *u = userdata;
+        const Unit *u = userdata;
         char **s = data;
         int r;
 
@@ -4545,7 +4545,7 @@ int config_parse_ip_filter_bpf_progs(
                 void *userdata) {
 
         _cleanup_free_ char *resolved = NULL;
-        Unit *u = userdata;
+        const Unit *u = userdata;
         char ***paths = data;
         int r;
 

src/core/service.c

@@ -550,6 +550,11 @@ static int service_verify(Service *s) {
         assert(s);
         assert(UNIT(s)->load_state == UNIT_LOADED);
 
+        if (!service_unit_name_is_valid(UNIT(s)->id)) {
+                log_unit_error(UNIT(s), "Service name is invalid or reserved. Refusing.");
+                return -EINVAL;
+        }
+
         if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP]
             && UNIT(s)->success_action == EMERGENCY_ACTION_NONE) {
                 /* FailureAction= only makes sense if one of the start or stop commands is specified.

src/core/unit-printf.c

@@ -171,7 +171,7 @@ static int specifier_special_directory(char specifier, const void *data, const v
         return 0;
 }
 
-int unit_name_printf(Unit *u, const char* format, char **ret) {
+int unit_name_printf(const Unit *u, const char* format, char **ret) {
 
         /*
          * This will use the passed string as format string and replace the following specifiers (which should all be
@@ -215,8 +215,7 @@ int unit_name_printf(Unit *u, const char* format, char **ret) {
         return specifier_printf(format, table, u, ret);
 }
 
-int unit_full_printf(Unit *u, const char *format, char **ret) {
-
+int unit_full_printf(const Unit *u, const char *format, char **ret) {
         /* This is similar to unit_name_printf() but also supports unescaping. Also, adds a couple of additional codes
          * (which are likely not suitable for unescaped inclusion in unit names):
          *

src/core/unit-printf.h

@@ -3,5 +3,5 @@
 
 #include "unit.h"
 
-int unit_name_printf(Unit *u, const char* text, char **ret);
-int unit_full_printf(Unit *u, const char *text, char **ret);
+int unit_name_printf(const Unit *u, const char* text, char **ret);
+int unit_full_printf(const Unit *u, const char *text, char **ret);

src/shared/dropin.c

@@ -19,6 +19,7 @@
 #include "mkdir.h"
 #include "path-util.h"
 #include "set.h"
+#include "special.h"
 #include "string-util.h"
 #include "strv.h"
 #include "unit-name.h"
@@ -226,12 +227,34 @@ int unit_file_find_dropin_paths(
                 char ***ret) {
 
         _cleanup_strv_free_ char **dirs = NULL;
+        UnitType type = _UNIT_TYPE_INVALID;
         char *name, **p;
         Iterator i;
         int r;
 
         assert(ret);
 
+        /* All the names in the unit are of the same type so just grab one. */
+        name = (char*) set_first(names);
+        if (name) {
+                type = unit_name_to_type(name);
+                if (type < 0)
+                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+                                               "Failed to to derive unit type from unit name: %s",
+                                               name);
+        }
+
+        /* Special drop in for -.service. Add this first as it's the most generic
+         * and should be able to be overridden by more specific drop-ins. */
+        if (type == UNIT_SERVICE)
+                STRV_FOREACH(p, lookup_path)
+                        (void) unit_file_find_dirs(original_root,
+                                                   unit_path_cache,
+                                                   *p,
+                                                   SPECIAL_ROOT_SERVICE,
+                                                   dir_suffix,
+                                                   &dirs);
+
         SET_FOREACH(name, names, i)
                 STRV_FOREACH(p, lookup_path)
                         (void) unit_file_find_dirs(original_root, unit_path_cache, *p, name, dir_suffix, &dirs);

src/test/test-unit-name.c

@@ -355,6 +355,24 @@ static void test_unit_name_build(void) {
         free(t);
 }
 
+static void test_service_unit_name_is_valid(void) {
+        assert_se(service_unit_name_is_valid("foo.service"));
+        assert_se(service_unit_name_is_valid("foo@bar.service"));
+        assert_se(service_unit_name_is_valid("foo@bar@bar.service"));
+        assert_se(service_unit_name_is_valid("--.service"));
+        assert_se(service_unit_name_is_valid(".-.service"));
+        assert_se(service_unit_name_is_valid("-foo-bar.service"));
+        assert_se(service_unit_name_is_valid("-foo-bar-.service"));
+        assert_se(service_unit_name_is_valid("foo-bar-.service"));
+
+        assert_se(!service_unit_name_is_valid("-.service"));
+        assert_se(!service_unit_name_is_valid(""));
+        assert_se(!service_unit_name_is_valid("foo.slice"));
+        assert_se(!service_unit_name_is_valid("@.service"));
+        assert_se(!service_unit_name_is_valid("@bar.service"));
+        assert_se(!service_unit_name_is_valid("-@.service"));
+}
+
 static void test_slice_name_is_valid(void) {
         assert_se( slice_name_is_valid(SPECIAL_ROOT_SLICE));
         assert_se( slice_name_is_valid("foo.slice"));
@@ -840,6 +858,7 @@ int main(int argc, char* argv[]) {
         test_unit_prefix_is_valid();
         test_unit_name_change_suffix();
         test_unit_name_build();
+        test_service_unit_name_is_valid();
         test_slice_name_is_valid();
         test_build_subslice();
         test_build_parent_slice();

test/TEST-15-DROPIN/test-dropin.sh

@@ -101,6 +101,19 @@ test_basic_dropins () {
     check_ok b Wants c.service
     systemctl stop a c
 
+    echo "*** test -.service.d/ top level drop-in"
+    create_services a b
+    check_ko a ExecCondition "/bin/echo a"
+    check_ko b ExecCondition "/bin/echo b"
+    mkdir -p /usr/lib/systemd/system/-.service.d
+    cat >/usr/lib/systemd/system/-.service.d/override.conf <<EOF
+[Service]
+ExecCondition=/bin/echo %n
+EOF
+    check_ok a ExecCondition "/bin/echo a"
+    check_ok b ExecCondition "/bin/echo b"
+    rm -rf /usr/lib/systemd/system/-.service.d
+
     clear_services a b c
 }