network: Add varlink socket unit

src/network/networkd-manager-varlink.c

@@ -259,8 +259,9 @@ static int vl_method_set_persistent_storage(sd_varlink *vlink, sd_json_variant *
         return sd_varlink_reply(vlink, NULL);
 }
 
-int manager_connect_varlink(Manager *m) {
+int manager_connect_varlink(Manager *m, int fd) {
         _cleanup_(sd_varlink_server_unrefp) sd_varlink_server *s = NULL;
+        _unused_ _cleanup_close_ int fd_close = fd;
         int r;
 
         assert(m);
@@ -297,10 +298,15 @@ int manager_connect_varlink(Manager *m) {
         if (r < 0)
                 return log_error_errno(r, "Failed to register varlink methods: %m");
 
-        r = sd_varlink_server_listen_address(s, "/run/systemd/netif/io.systemd.Network", 0666);
+        if (fd < 0)
+                r = sd_varlink_server_listen_address(s, "/run/systemd/netif/io.systemd.Network", /* mode= */ 0666);
+        else
+                r = sd_varlink_server_listen_fd(s, fd);
         if (r < 0)
                 return log_error_errno(r, "Failed to bind to varlink socket: %m");
 
+        TAKE_FD(fd_close);
+
         r = sd_varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL);
         if (r < 0)
                 return log_error_errno(r, "Failed to attach varlink connection to event loop: %m");
@@ -313,5 +319,4 @@ void manager_varlink_done(Manager *m) {
         assert(m);
 
         m->varlink_server = sd_varlink_server_unref(m->varlink_server);
-        (void) unlink("/run/systemd/netif/io.systemd.Network");
 }

src/network/networkd-manager-varlink.h

@@ -3,5 +3,5 @@
 
 #include "networkd-forward.h"
 
-int manager_connect_varlink(Manager *m);
+int manager_connect_varlink(Manager *m, int fd);
 void manager_varlink_done(Manager *m);

src/network/networkd-manager.c

@@ -205,12 +205,13 @@ static int manager_connect_udev(Manager *m) {
         return 0;
 }
 
-static int manager_listen_fds(Manager *m, int *ret_rtnl_fd) {
+static int manager_listen_fds(Manager *m, int *ret_rtnl_fd, int *ret_varlink_fd) {
         _cleanup_strv_free_ char **names = NULL;
-        int n, rtnl_fd = -EBADF;
+        int n, rtnl_fd = -EBADF, varlink_fd = -EBADF;
 
         assert(m);
         assert(ret_rtnl_fd);
+        assert(ret_varlink_fd);
 
         n = sd_listen_fds_with_names(/* unset_environment = */ true, &names);
         if (n < 0)
@@ -221,7 +222,7 @@ static int manager_listen_fds(Manager *m, int *ret_rtnl_fd) {
 
                 if (sd_is_socket(fd, AF_NETLINK, SOCK_RAW, -1) > 0) {
                         if (rtnl_fd >= 0) {
-                                log_debug("Received multiple netlink socket, ignoring.");
+                                log_debug("Received multiple netlink sockets, ignoring.");
                                 goto unused;
                         }
 
@@ -229,6 +230,11 @@ static int manager_listen_fds(Manager *m, int *ret_rtnl_fd) {
                         continue;
                 }
 
+                if (streq(names[i], "varlink")) {
+                        varlink_fd = fd;
+                        continue;
+                }
+
                 if (manager_set_serialization_fd(m, fd, names[i]) >= 0)
                         continue;
 
@@ -243,6 +249,8 @@ static int manager_listen_fds(Manager *m, int *ret_rtnl_fd) {
         }
 
         *ret_rtnl_fd = rtnl_fd;
+        *ret_varlink_fd = varlink_fd;
+
         return 0;
 }
 
@@ -513,7 +521,7 @@ static int manager_set_keep_configuration(Manager *m) {
 }
 
 int manager_setup(Manager *m) {
-        _cleanup_close_ int rtnl_fd = -EBADF;
+        _cleanup_close_ int rtnl_fd = -EBADF, varlink_fd = -EBADF;
         int r;
 
         assert(m);
@@ -537,7 +545,7 @@ int manager_setup(Manager *m) {
         if (r < 0)
                 return r;
 
-        r = manager_listen_fds(m, &rtnl_fd);
+        r = manager_listen_fds(m, &rtnl_fd, &varlink_fd);
         if (r < 0)
                 return r;
 
@@ -552,7 +560,7 @@ int manager_setup(Manager *m) {
         if (m->test_mode)
                 return 0;
 
-        r = manager_connect_varlink(m);
+        r = manager_connect_varlink(m, TAKE_FD(varlink_fd));
         if (r < 0)
                 return r;
 

units/meson.build

@@ -502,6 +502,10 @@ units = [
           'file' : 'systemd-networkd-persistent-storage.service',
           'conditions' : ['ENABLE_NETWORKD'],
         },
+        {
+          'file' : 'systemd-networkd-varlink.socket',
+          'conditions' : ['ENABLE_NETWORKD'],
+        },
         {
           'file' : 'systemd-networkd-wait-online.service.in',
           'conditions' : ['ENABLE_NETWORKD'],

units/systemd-networkd-varlink.socket

@@ -0,0 +1,25 @@
+#  SPDX-License-Identifier: LGPL-2.1-or-later
+#
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+[Unit]
+Description=Network Service Varlink Socket
+Documentation=man:systemd-networkd.service(8)
+ConditionCapability=CAP_NET_ADMIN
+DefaultDependencies=no
+Before=sockets.target shutdown.target
+Conflicts=shutdown.target
+
+[Socket]
+ListenStream=/run/systemd/netif/io.systemd.Network
+FileDescriptorName=varlink
+SocketMode=0666
+Service=systemd-networkd.service
+
+[Install]
+WantedBy=sockets.target

units/systemd-networkd.service.in

@@ -46,7 +46,7 @@ RestrictRealtime=yes
 RestrictSUIDSGID=yes
 RuntimeDirectory=systemd/netif
 RuntimeDirectoryPreserve=yes
-Sockets=systemd-networkd.socket
+Sockets=systemd-networkd.socket systemd-networkd-varlink.socket
 SystemCallArchitectures=native
 SystemCallErrorNumber=EPERM
 SystemCallFilter=@system-service bpf
@@ -56,7 +56,7 @@ User=systemd-network
 
 [Install]
 WantedBy=multi-user.target
-Also=systemd-networkd.socket
+Also=systemd-networkd.socket systemd-networkd-varlink.socket
 Alias=dbus-org.freedesktop.network1.service
 
 # The output from this generator is used by udevd and networkd. Enable it by