52b84b
From ab9c835796a27f0fbaee75a90f0311ec456941d8 Mon Sep 17 00:00:00 2001
52b84b
From: Anita Zhang <the.anitazha@gmail.com>
52b84b
Date: Fri, 28 Jun 2019 17:02:30 -0700
52b84b
Subject: [PATCH] core: ExecCondition= for services
52b84b
52b84b
Closes #10596
52b84b
52b84b
(cherry picked from commit 31cd5f63ce86a0784c4ef869c4d323a11ff14adc)
52b84b
52b84b
Resolves: #1737283
52b84b
---
52b84b
 TODO                                          |  2 -
52b84b
 catalog/systemd.catalog.in                    |  7 ++
52b84b
 doc/TRANSIENT-SETTINGS.md                     |  1 +
52b84b
 man/systemd.service.xml                       | 20 ++++
52b84b
 src/basic/unit-def.c                          |  1 +
52b84b
 src/basic/unit-def.h                          |  1 +
52b84b
 src/core/dbus-service.c                       |  1 +
52b84b
 src/core/job.c                                |  3 +-
52b84b
 src/core/job.h                                |  2 +-
52b84b
 src/core/load-fragment-gperf.gperf.m4         |  1 +
52b84b
 src/core/service.c                            | 93 ++++++++++++++++---
52b84b
 src/core/service.h                            |  2 +
52b84b
 src/core/unit.c                               | 25 ++++-
52b84b
 src/core/unit.h                               |  4 +
52b84b
 src/shared/bus-unit-util.c                    |  2 +-
52b84b
 src/systemd/sd-messages.h                     |  2 +
52b84b
 src/test/test-execute.c                       | 50 +++++++++-
52b84b
 test/fuzz/fuzz-unit-file/directives.service   |  1 +
52b84b
 test/meson.build                              |  2 +
52b84b
 .../exec-condition-failed.service             | 11 +++
52b84b
 test/test-execute/exec-condition-skip.service | 15 +++
52b84b
 21 files changed, 222 insertions(+), 24 deletions(-)
52b84b
 create mode 100644 test/test-execute/exec-condition-failed.service
52b84b
 create mode 100644 test/test-execute/exec-condition-skip.service
52b84b
52b84b
diff --git a/TODO b/TODO
52b84b
index ff1008accf..8f78000089 100644
52b84b
--- a/TODO
52b84b
+++ b/TODO
52b84b
@@ -626,8 +626,6 @@ Features:
52b84b
 
52b84b
 * merge unit_kill_common() and unit_kill_context()
52b84b
 
52b84b
-* introduce ExecCondition= in services
52b84b
-
52b84b
 * EFI:
52b84b
   - honor language efi variables for default language selection (if there are any?)
52b84b
   - honor timezone efi variables for default timezone selection (if there are any?)
52b84b
diff --git a/catalog/systemd.catalog.in b/catalog/systemd.catalog.in
52b84b
index 2492ad2028..dc44414f9d 100644
52b84b
--- a/catalog/systemd.catalog.in
52b84b
+++ b/catalog/systemd.catalog.in
52b84b
@@ -358,6 +358,13 @@ Support: %SUPPORT_URL%
52b84b
 
52b84b
 The unit @UNIT@ has entered the 'failed' state with result '@UNIT_RESULT@'.
52b84b
 
52b84b
+-- 0e4284a0caca4bfc81c0bb6786972673
52b84b
+Subject: Unit skipped
52b84b
+Defined-By: systemd
52b84b
+Support: %SUPPORT_URL%
52b84b
+
52b84b
+The unit @UNIT@ was skipped and has entered the 'dead' state with result '@UNIT_RESULT@'.
52b84b
+
52b84b
 -- 50876a9db00f4c40bde1a2ad381c3a1b
52b84b
 Subject: The system is configured in a way that might cause problems
52b84b
 Defined-By: systemd
52b84b
diff --git a/doc/TRANSIENT-SETTINGS.md b/doc/TRANSIENT-SETTINGS.md
52b84b
index 0b2ad66dcb..23fe84e4d1 100644
52b84b
--- a/doc/TRANSIENT-SETTINGS.md
52b84b
+++ b/doc/TRANSIENT-SETTINGS.md
52b84b
@@ -267,6 +267,7 @@ Most service unit settings are available for transient units.
52b84b
 
52b84b
 ```
52b84b
 ✓ PIDFile=
52b84b
+✓ ExecCondition=
52b84b
 ✓ ExecStartPre=
52b84b
 ✓ ExecStart=
52b84b
 ✓ ExecStartPost=
52b84b
diff --git a/man/systemd.service.xml b/man/systemd.service.xml
52b84b
index 315b80e704..54586d1948 100644
52b84b
--- a/man/systemd.service.xml
52b84b
+++ b/man/systemd.service.xml
52b84b
@@ -414,6 +414,26 @@
52b84b
         </listitem>
52b84b
       </varlistentry>
52b84b
 
52b84b
+      <varlistentry>
52b84b
+        <term><varname>ExecCondition=</varname></term>
52b84b
+        <listitem><para>Optional commands that are executed before the command(s) in <varname>ExecStartPre=</varname>.
52b84b
+        Syntax is the same as for <varname>ExecStart=</varname>, except that multiple command lines are allowed and the
52b84b
+        commands are executed one after the other, serially.</para>
52b84b
+
52b84b
+        <para>The behavior is like an <varname>ExecStartPre=</varname> and condition check hybrid: when an
52b84b
+        <varname>ExecCondition=</varname> command exits with exit code 1 through 254 (inclusive), the remaining
52b84b
+        commands are skipped and the unit is <emphasis>not</emphasis> marked as failed. However, if an
52b84b
+        <varname>ExecCondition=</varname> command exits with 255 or abnormally (e.g. timeout, killed by a
52b84b
+        signal, etc.), the unit will be considered failed (and remaining commands will be skipped). Exit code of 0 or
52b84b
+        those matching <varname>SuccessExitStatus=</varname> will continue execution to the next command(s).</para>
52b84b
+
52b84b
+        <para>The same recommendations about not running long-running processes in <varname>ExecStartPre=</varname>
52b84b
+        also applies to <varname>ExecCondition=</varname>. <varname>ExecCondition=</varname> will also run the commands
52b84b
+        in <varname>ExecStopPost=</varname>, as part of stopping the service, in the case of any non-zero or abnormal
52b84b
+        exits, like the ones described above.</para>
52b84b
+        </listitem>
52b84b
+      </varlistentry>
52b84b
+
52b84b
       <varlistentry>
52b84b
         <term><varname>ExecReload=</varname></term>
52b84b
         <listitem><para>Commands to execute to trigger a configuration
52b84b
diff --git a/src/basic/unit-def.c b/src/basic/unit-def.c
52b84b
index ac6a9b37e8..46593f6e65 100644
52b84b
--- a/src/basic/unit-def.c
52b84b
+++ b/src/basic/unit-def.c
52b84b
@@ -162,6 +162,7 @@ DEFINE_STRING_TABLE_LOOKUP(scope_state, ScopeState);
52b84b
 
52b84b
 static const char* const service_state_table[_SERVICE_STATE_MAX] = {
52b84b
         [SERVICE_DEAD] = "dead",
52b84b
+        [SERVICE_CONDITION] = "condition",
52b84b
         [SERVICE_START_PRE] = "start-pre",
52b84b
         [SERVICE_START] = "start",
52b84b
         [SERVICE_START_POST] = "start-post",
52b84b
diff --git a/src/basic/unit-def.h b/src/basic/unit-def.h
52b84b
index d7e2d74669..db397a31ed 100644
52b84b
--- a/src/basic/unit-def.h
52b84b
+++ b/src/basic/unit-def.h
52b84b
@@ -101,6 +101,7 @@ typedef enum ScopeState {
52b84b
 
52b84b
 typedef enum ServiceState {
52b84b
         SERVICE_DEAD,
52b84b
+        SERVICE_CONDITION,
52b84b
         SERVICE_START_PRE,
52b84b
         SERVICE_START,
52b84b
         SERVICE_START_POST,
52b84b
diff --git a/src/core/dbus-service.c b/src/core/dbus-service.c
52b84b
index 1b4c98c7d2..5f768a77c8 100644
52b84b
--- a/src/core/dbus-service.c
52b84b
+++ b/src/core/dbus-service.c
52b84b
@@ -127,6 +127,7 @@ const sd_bus_vtable bus_service_vtable[] = {
52b84b
         SD_BUS_PROPERTY("NRestarts", "u", bus_property_get_unsigned, offsetof(Service, n_restarts), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
52b84b
 
52b84b
         BUS_EXEC_STATUS_VTABLE("ExecMain", offsetof(Service, main_exec_status), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
52b84b
+        BUS_EXEC_COMMAND_LIST_VTABLE("ExecCondition", offsetof(Service, exec_command[SERVICE_EXEC_CONDITION]), SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION),
52b84b
         BUS_EXEC_COMMAND_LIST_VTABLE("ExecStartPre", offsetof(Service, exec_command[SERVICE_EXEC_START_PRE]), SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION),
52b84b
         BUS_EXEC_COMMAND_LIST_VTABLE("ExecStart", offsetof(Service, exec_command[SERVICE_EXEC_START]), SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION),
52b84b
         BUS_EXEC_COMMAND_LIST_VTABLE("ExecStartPost", offsetof(Service, exec_command[SERVICE_EXEC_START_POST]), SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION),
52b84b
diff --git a/src/core/job.c b/src/core/job.c
52b84b
index b9eee91cf3..870ec0a387 100644
52b84b
--- a/src/core/job.c
52b84b
+++ b/src/core/job.c
52b84b
@@ -870,7 +870,8 @@ static void job_log_done_status_message(Unit *u, uint32_t job_id, JobType t, Job
52b84b
                 return;
52b84b
 
52b84b
         /* Show condition check message if the job did not actually do anything due to failed condition. */
52b84b
-        if (t == JOB_START && result == JOB_DONE && !u->condition_result) {
52b84b
+        if ((t == JOB_START && result == JOB_DONE && !u->condition_result) ||
52b84b
+            (t == JOB_START && result == JOB_SKIPPED)) {
52b84b
                 log_struct(LOG_INFO,
52b84b
                            "MESSAGE=Condition check resulted in %s being skipped.", unit_description(u),
52b84b
                            "JOB_ID=%" PRIu32, job_id,
52b84b
diff --git a/src/core/job.h b/src/core/job.h
52b84b
index 2f5f3f3989..189fea20ca 100644
52b84b
--- a/src/core/job.h
52b84b
+++ b/src/core/job.h
52b84b
@@ -85,7 +85,7 @@ enum JobResult {
52b84b
         JOB_TIMEOUT,             /* Job timeout elapsed */
52b84b
         JOB_FAILED,              /* Job failed */
52b84b
         JOB_DEPENDENCY,          /* A required dependency job did not result in JOB_DONE */
52b84b
-        JOB_SKIPPED,             /* Negative result of JOB_VERIFY_ACTIVE */
52b84b
+        JOB_SKIPPED,             /* Negative result of JOB_VERIFY_ACTIVE or skip due to ExecCondition= */
52b84b
         JOB_INVALID,             /* JOB_RELOAD of inactive unit */
52b84b
         JOB_ASSERT,              /* Couldn't start a unit, because an assert didn't hold */
52b84b
         JOB_UNSUPPORTED,         /* Couldn't start a unit, because the unit type is not supported on the system */
52b84b
diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
52b84b
index 161c5a2c82..8883818ff2 100644
52b84b
--- a/src/core/load-fragment-gperf.gperf.m4
52b84b
+++ b/src/core/load-fragment-gperf.gperf.m4
52b84b
@@ -291,6 +291,7 @@ Unit.AssertNull,                 config_parse_unit_condition_null,   0,
52b84b
 Unit.CollectMode,                config_parse_collect_mode,          0,                             offsetof(Unit, collect_mode)
52b84b
 m4_dnl
52b84b
 Service.PIDFile,                 config_parse_unit_path_printf,      0,                             offsetof(Service, pid_file)
52b84b
+Service.ExecCondition,           config_parse_exec,                  SERVICE_EXEC_CONDITION,        offsetof(Service, exec_command)
52b84b
 Service.ExecStartPre,            config_parse_exec,                  SERVICE_EXEC_START_PRE,        offsetof(Service, exec_command)
52b84b
 Service.ExecStart,               config_parse_exec,                  SERVICE_EXEC_START,            offsetof(Service, exec_command)
52b84b
 Service.ExecStartPost,           config_parse_exec,                  SERVICE_EXEC_START_POST,       offsetof(Service, exec_command)
52b84b
diff --git a/src/core/service.c b/src/core/service.c
52b84b
index 2c31e70ef6..92be4280f6 100644
52b84b
--- a/src/core/service.c
52b84b
+++ b/src/core/service.c
52b84b
@@ -41,6 +41,7 @@
52b84b
 
52b84b
 static const UnitActiveState state_translation_table[_SERVICE_STATE_MAX] = {
52b84b
         [SERVICE_DEAD] = UNIT_INACTIVE,
52b84b
+        [SERVICE_CONDITION] = UNIT_ACTIVATING,
52b84b
         [SERVICE_START_PRE] = UNIT_ACTIVATING,
52b84b
         [SERVICE_START] = UNIT_ACTIVATING,
52b84b
         [SERVICE_START_POST] = UNIT_ACTIVATING,
52b84b
@@ -62,6 +63,7 @@ static const UnitActiveState state_translation_table[_SERVICE_STATE_MAX] = {
52b84b
  * consider idle jobs active as soon as we start working on them */
52b84b
 static const UnitActiveState state_translation_table_idle[_SERVICE_STATE_MAX] = {
52b84b
         [SERVICE_DEAD] = UNIT_INACTIVE,
52b84b
+        [SERVICE_CONDITION] = UNIT_ACTIVE,
52b84b
         [SERVICE_START_PRE] = UNIT_ACTIVE,
52b84b
         [SERVICE_START] = UNIT_ACTIVE,
52b84b
         [SERVICE_START_POST] = UNIT_ACTIVE,
52b84b
@@ -1024,7 +1026,7 @@ static void service_set_state(Service *s, ServiceState state) {
52b84b
         service_unwatch_pid_file(s);
52b84b
 
52b84b
         if (!IN_SET(state,
52b84b
-                    SERVICE_START_PRE, SERVICE_START, SERVICE_START_POST,
52b84b
+                    SERVICE_CONDITION, SERVICE_START_PRE, SERVICE_START, SERVICE_START_POST,
52b84b
                     SERVICE_RUNNING,
52b84b
                     SERVICE_RELOAD,
52b84b
                     SERVICE_STOP, SERVICE_STOP_SIGABRT, SERVICE_STOP_SIGTERM, SERVICE_STOP_SIGKILL, SERVICE_STOP_POST,
52b84b
@@ -1042,7 +1044,7 @@ static void service_set_state(Service *s, ServiceState state) {
52b84b
         }
52b84b
 
52b84b
         if (!IN_SET(state,
52b84b
-                    SERVICE_START_PRE, SERVICE_START, SERVICE_START_POST,
52b84b
+                    SERVICE_CONDITION, SERVICE_START_PRE, SERVICE_START, SERVICE_START_POST,
52b84b
                     SERVICE_RELOAD,
52b84b
                     SERVICE_STOP, SERVICE_STOP_SIGABRT, SERVICE_STOP_SIGTERM, SERVICE_STOP_SIGKILL, SERVICE_STOP_POST,
52b84b
                     SERVICE_FINAL_SIGTERM, SERVICE_FINAL_SIGKILL)) {
52b84b
@@ -1057,7 +1059,7 @@ static void service_set_state(Service *s, ServiceState state) {
52b84b
         }
52b84b
 
52b84b
         if (!IN_SET(state,
52b84b
-                    SERVICE_START_PRE, SERVICE_START, SERVICE_START_POST,
52b84b
+                    SERVICE_CONDITION, SERVICE_START_PRE, SERVICE_START, SERVICE_START_POST,
52b84b
                     SERVICE_RUNNING, SERVICE_RELOAD,
52b84b
                     SERVICE_STOP, SERVICE_STOP_SIGABRT, SERVICE_STOP_SIGTERM, SERVICE_STOP_SIGKILL, SERVICE_STOP_POST,
52b84b
                     SERVICE_FINAL_SIGTERM, SERVICE_FINAL_SIGKILL) &&
52b84b
@@ -1080,7 +1082,8 @@ static void service_set_state(Service *s, ServiceState state) {
52b84b
 
52b84b
         unit_notify(UNIT(s), table[old_state], table[state],
52b84b
                     (s->reload_result == SERVICE_SUCCESS ? 0 : UNIT_NOTIFY_RELOAD_FAILURE) |
52b84b
-                    (s->will_auto_restart ? UNIT_NOTIFY_WILL_AUTO_RESTART : 0));
52b84b
+                    (s->will_auto_restart ? UNIT_NOTIFY_WILL_AUTO_RESTART : 0) |
52b84b
+                    (s->result == SERVICE_SKIP_CONDITION ? UNIT_NOTIFY_SKIP_CONDITION : 0));
52b84b
 }
52b84b
 
52b84b
 static usec_t service_coldplug_timeout(Service *s) {
52b84b
@@ -1088,6 +1091,7 @@ static usec_t service_coldplug_timeout(Service *s) {
52b84b
 
52b84b
         switch (s->deserialized_state) {
52b84b
 
52b84b
+        case SERVICE_CONDITION:
52b84b
         case SERVICE_START_PRE:
52b84b
         case SERVICE_START:
52b84b
         case SERVICE_START_POST:
52b84b
@@ -1143,7 +1147,7 @@ static int service_coldplug(Unit *u) {
52b84b
         if (s->control_pid > 0 &&
52b84b
             pid_is_unwaited(s->control_pid) &&
52b84b
             IN_SET(s->deserialized_state,
52b84b
-                   SERVICE_START_PRE, SERVICE_START, SERVICE_START_POST,
52b84b
+                   SERVICE_CONDITION, SERVICE_START_PRE, SERVICE_START, SERVICE_START_POST,
52b84b
                    SERVICE_RELOAD,
52b84b
                    SERVICE_STOP, SERVICE_STOP_SIGABRT, SERVICE_STOP_SIGTERM, SERVICE_STOP_SIGKILL, SERVICE_STOP_POST,
52b84b
                    SERVICE_FINAL_SIGTERM, SERVICE_FINAL_SIGKILL)) {
52b84b
@@ -1667,6 +1671,7 @@ static bool service_will_restart(Unit *u) {
52b84b
 }
52b84b
 
52b84b
 static void service_enter_dead(Service *s, ServiceResult f, bool allow_restart) {
52b84b
+        ServiceState end_state;
52b84b
         int r;
52b84b
 
52b84b
         assert(s);
52b84b
@@ -1679,10 +1684,16 @@ static void service_enter_dead(Service *s, ServiceResult f, bool allow_restart)
52b84b
         if (s->result == SERVICE_SUCCESS)
52b84b
                 s->result = f;
52b84b
 
52b84b
-        if (s->result == SERVICE_SUCCESS)
52b84b
+        if (s->result == SERVICE_SUCCESS) {
52b84b
                 unit_log_success(UNIT(s));
52b84b
-        else
52b84b
+                end_state = SERVICE_DEAD;
52b84b
+        } else if (s->result == SERVICE_SKIP_CONDITION) {
52b84b
+                unit_log_skip(UNIT(s), service_result_to_string(s->result));
52b84b
+                end_state = SERVICE_DEAD;
52b84b
+        } else {
52b84b
                 unit_log_failure(UNIT(s), service_result_to_string(s->result));
52b84b
+                end_state = SERVICE_FAILED;
52b84b
+        }
52b84b
 
52b84b
         if (allow_restart && service_shall_restart(s))
52b84b
                 s->will_auto_restart = true;
52b84b
@@ -1691,7 +1702,7 @@ static void service_enter_dead(Service *s, ServiceResult f, bool allow_restart)
52b84b
          * SERVICE_FAILED/SERVICE_DEAD before entering into SERVICE_AUTO_RESTART. */
52b84b
         s->n_keep_fd_store ++;
52b84b
 
52b84b
-        service_set_state(s, s->result != SERVICE_SUCCESS ? SERVICE_FAILED : SERVICE_DEAD);
52b84b
+        service_set_state(s, end_state);
52b84b
 
52b84b
         if (s->will_auto_restart) {
52b84b
                 s->will_auto_restart = false;
52b84b
@@ -2110,6 +2121,40 @@ fail:
52b84b
         service_enter_dead(s, SERVICE_FAILURE_RESOURCES, true);
52b84b
 }
52b84b
 
52b84b
+static void service_enter_condition(Service *s) {
52b84b
+        int r;
52b84b
+
52b84b
+        assert(s);
52b84b
+
52b84b
+        service_unwatch_control_pid(s);
52b84b
+
52b84b
+        s->control_command = s->exec_command[SERVICE_EXEC_CONDITION];
52b84b
+        if (s->control_command) {
52b84b
+
52b84b
+                unit_warn_leftover_processes(UNIT(s));
52b84b
+
52b84b
+                s->control_command_id = SERVICE_EXEC_CONDITION;
52b84b
+
52b84b
+                r = service_spawn(s,
52b84b
+                                  s->control_command,
52b84b
+                                  s->timeout_start_usec,
52b84b
+                                  EXEC_APPLY_SANDBOXING|EXEC_APPLY_CHROOT|EXEC_IS_CONTROL|EXEC_APPLY_TTY_STDIN,
52b84b
+                                  &s->control_pid);
52b84b
+
52b84b
+                if (r < 0)
52b84b
+                        goto fail;
52b84b
+
52b84b
+                service_set_state(s, SERVICE_CONDITION);
52b84b
+        } else
52b84b
+                service_enter_start_pre(s);
52b84b
+
52b84b
+        return;
52b84b
+
52b84b
+fail:
52b84b
+        log_unit_warning_errno(UNIT(s), r, "Failed to run 'exec-condition' task: %m");
52b84b
+        service_enter_dead(s, SERVICE_FAILURE_RESOURCES, true);
52b84b
+}
52b84b
+
52b84b
 static void service_enter_restart(Service *s) {
52b84b
         _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
52b84b
         int r;
52b84b
@@ -2222,7 +2267,7 @@ static void service_run_next_control(Service *s) {
52b84b
         s->control_command = s->control_command->command_next;
52b84b
         service_unwatch_control_pid(s);
52b84b
 
52b84b
-        if (IN_SET(s->state, SERVICE_START_PRE, SERVICE_START, SERVICE_START_POST, SERVICE_RUNNING, SERVICE_RELOAD))
52b84b
+        if (IN_SET(s->state, SERVICE_CONDITION, SERVICE_START_PRE, SERVICE_START, SERVICE_START_POST, SERVICE_RUNNING, SERVICE_RELOAD))
52b84b
                 timeout = s->timeout_start_usec;
52b84b
         else
52b84b
                 timeout = s->timeout_stop_usec;
52b84b
@@ -2231,7 +2276,7 @@ static void service_run_next_control(Service *s) {
52b84b
                           s->control_command,
52b84b
                           timeout,
52b84b
                           EXEC_APPLY_SANDBOXING|EXEC_APPLY_CHROOT|EXEC_IS_CONTROL|
52b84b
-                          (IN_SET(s->control_command_id, SERVICE_EXEC_START_PRE, SERVICE_EXEC_STOP_POST) ? EXEC_APPLY_TTY_STDIN : 0)|
52b84b
+                          (IN_SET(s->control_command_id, SERVICE_EXEC_CONDITION, SERVICE_EXEC_START_PRE, SERVICE_EXEC_STOP_POST) ? EXEC_APPLY_TTY_STDIN : 0)|
52b84b
                           (IN_SET(s->control_command_id, SERVICE_EXEC_STOP, SERVICE_EXEC_STOP_POST) ? EXEC_SETENV_RESULT : 0),
52b84b
                           &s->control_pid);
52b84b
         if (r < 0)
52b84b
@@ -2242,7 +2287,7 @@ static void service_run_next_control(Service *s) {
52b84b
 fail:
52b84b
         log_unit_warning_errno(UNIT(s), r, "Failed to run next control task: %m");
52b84b
 
52b84b
-        if (IN_SET(s->state, SERVICE_START_PRE, SERVICE_START_POST, SERVICE_STOP))
52b84b
+        if (IN_SET(s->state, SERVICE_CONDITION, SERVICE_START_PRE, SERVICE_START_POST, SERVICE_STOP))
52b84b
                 service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_FAILURE_RESOURCES);
52b84b
         else if (s->state == SERVICE_STOP_POST)
52b84b
                 service_enter_dead(s, SERVICE_FAILURE_RESOURCES, true);
52b84b
@@ -2296,7 +2341,7 @@ static int service_start(Unit *u) {
52b84b
                 return -EAGAIN;
52b84b
 
52b84b
         /* Already on it! */
52b84b
-        if (IN_SET(s->state, SERVICE_START_PRE, SERVICE_START, SERVICE_START_POST))
52b84b
+        if (IN_SET(s->state, SERVICE_CONDITION, SERVICE_START_PRE, SERVICE_START, SERVICE_START_POST))
52b84b
                 return 0;
52b84b
 
52b84b
         /* A service that will be restarted must be stopped first to
52b84b
@@ -2344,7 +2389,9 @@ static int service_start(Unit *u) {
52b84b
                 s->flush_n_restarts = false;
52b84b
         }
52b84b
 
52b84b
-        service_enter_start_pre(s);
52b84b
+        u->reset_accounting = true;
52b84b
+
52b84b
+        service_enter_condition(s);
52b84b
         return 1;
52b84b
 }
52b84b
 
52b84b
@@ -2370,7 +2417,7 @@ static int service_stop(Unit *u) {
52b84b
 
52b84b
         /* If there's already something running we go directly into
52b84b
          * kill mode. */
52b84b
-        if (IN_SET(s->state, SERVICE_START_PRE, SERVICE_START, SERVICE_START_POST, SERVICE_RELOAD)) {
52b84b
+        if (IN_SET(s->state, SERVICE_CONDITION, SERVICE_START_PRE, SERVICE_START, SERVICE_START_POST, SERVICE_RELOAD)) {
52b84b
                 service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_SUCCESS);
52b84b
                 return 0;
52b84b
         }
52b84b
@@ -3303,6 +3350,10 @@ static void service_sigchld_event(Unit *u, pid_t pid, int code, int status) {
52b84b
         } else if (s->control_pid == pid) {
52b84b
                 s->control_pid = 0;
52b84b
 
52b84b
+                /* ExecCondition= calls that exit with (0, 254] should invoke skip-like behavior instead of failing */
52b84b
+                if (f == SERVICE_FAILURE_EXIT_CODE && s->state == SERVICE_CONDITION && status < 255)
52b84b
+                        f = SERVICE_SKIP_CONDITION;
52b84b
+
52b84b
                 if (s->control_command) {
52b84b
                         exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
52b84b
 
52b84b
@@ -3338,6 +3389,13 @@ static void service_sigchld_event(Unit *u, pid_t pid, int code, int status) {
52b84b
 
52b84b
                         switch (s->state) {
52b84b
 
52b84b
+                        case SERVICE_CONDITION:
52b84b
+                                if (f == SERVICE_SUCCESS)
52b84b
+                                        service_enter_start_pre(s);
52b84b
+                                else
52b84b
+                                        service_enter_signal(s, SERVICE_STOP_SIGTERM, f);
52b84b
+                                break;
52b84b
+
52b84b
                         case SERVICE_START_PRE:
52b84b
                                 if (f == SERVICE_SUCCESS)
52b84b
                                         service_enter_start(s);
52b84b
@@ -3462,9 +3520,10 @@ static int service_dispatch_timer(sd_event_source *source, usec_t usec, void *us
52b84b
 
52b84b
         switch (s->state) {
52b84b
 
52b84b
+        case SERVICE_CONDITION:
52b84b
         case SERVICE_START_PRE:
52b84b
         case SERVICE_START:
52b84b
-                log_unit_warning(UNIT(s), "%s operation timed out. Terminating.", s->state == SERVICE_START ? "Start" : "Start-pre");
52b84b
+                log_unit_warning(UNIT(s), "%s operation timed out. Terminating.", service_state_to_string(s->state));
52b84b
                 service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_FAILURE_TIMEOUT);
52b84b
                 break;
52b84b
 
52b84b
@@ -3975,6 +4034,7 @@ static bool service_needs_console(Unit *u) {
52b84b
                 return false;
52b84b
 
52b84b
         return IN_SET(s->state,
52b84b
+                      SERVICE_CONDITION,
52b84b
                       SERVICE_START_PRE,
52b84b
                       SERVICE_START,
52b84b
                       SERVICE_START_POST,
52b84b
@@ -4014,6 +4074,7 @@ static const char* const service_type_table[_SERVICE_TYPE_MAX] = {
52b84b
 DEFINE_STRING_TABLE_LOOKUP(service_type, ServiceType);
52b84b
 
52b84b
 static const char* const service_exec_command_table[_SERVICE_EXEC_COMMAND_MAX] = {
52b84b
+        [SERVICE_EXEC_CONDITION] = "ExecCondition",
52b84b
         [SERVICE_EXEC_START_PRE] = "ExecStartPre",
52b84b
         [SERVICE_EXEC_START] = "ExecStart",
52b84b
         [SERVICE_EXEC_START_POST] = "ExecStartPost",
52b84b
@@ -4043,6 +4104,7 @@ static const char* const service_result_table[_SERVICE_RESULT_MAX] = {
52b84b
         [SERVICE_FAILURE_CORE_DUMP] = "core-dump",
52b84b
         [SERVICE_FAILURE_WATCHDOG] = "watchdog",
52b84b
         [SERVICE_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
52b84b
+        [SERVICE_SKIP_CONDITION] = "exec-condition",
52b84b
 };
52b84b
 
52b84b
 DEFINE_STRING_TABLE_LOOKUP(service_result, ServiceResult);
52b84b
@@ -4118,6 +4180,7 @@ const UnitVTable service_vtable = {
52b84b
                 .finished_start_job = {
52b84b
                         [JOB_DONE]       = "Started %s.",
52b84b
                         [JOB_FAILED]     = "Failed to start %s.",
52b84b
+                        [JOB_SKIPPED]    = "Skipped %s.",
52b84b
                 },
52b84b
                 .finished_stop_job = {
52b84b
                         [JOB_DONE]       = "Stopped %s.",
52b84b
diff --git a/src/core/service.h b/src/core/service.h
52b84b
index 1206e3cdda..62b78cadf1 100644
52b84b
--- a/src/core/service.h
52b84b
+++ b/src/core/service.h
52b84b
@@ -36,6 +36,7 @@ typedef enum ServiceType {
52b84b
 } ServiceType;
52b84b
 
52b84b
 typedef enum ServiceExecCommand {
52b84b
+        SERVICE_EXEC_CONDITION,
52b84b
         SERVICE_EXEC_START_PRE,
52b84b
         SERVICE_EXEC_START,
52b84b
         SERVICE_EXEC_START_POST,
52b84b
@@ -67,6 +68,7 @@ typedef enum ServiceResult {
52b84b
         SERVICE_FAILURE_CORE_DUMP,
52b84b
         SERVICE_FAILURE_WATCHDOG,
52b84b
         SERVICE_FAILURE_START_LIMIT_HIT,
52b84b
+        SERVICE_SKIP_CONDITION,
52b84b
         _SERVICE_RESULT_MAX,
52b84b
         _SERVICE_RESULT_INVALID = -1
52b84b
 } ServiceResult;
52b84b
diff --git a/src/core/unit.c b/src/core/unit.c
52b84b
index ccb0106719..61799bf9e3 100644
52b84b
--- a/src/core/unit.c
52b84b
+++ b/src/core/unit.c
52b84b
@@ -2227,6 +2227,7 @@ static void unit_update_on_console(Unit *u) {
52b84b
 
52b84b
 static bool unit_process_job(Job *j, UnitActiveState ns, UnitNotifyFlags flags) {
52b84b
         bool unexpected = false;
52b84b
+        JobResult result;
52b84b
 
52b84b
         assert(j);
52b84b
 
52b84b
@@ -2249,8 +2250,16 @@ static bool unit_process_job(Job *j, UnitActiveState ns, UnitNotifyFlags flags)
52b84b
                 else if (j->state == JOB_RUNNING && ns != UNIT_ACTIVATING) {
52b84b
                         unexpected = true;
52b84b
 
52b84b
-                        if (UNIT_IS_INACTIVE_OR_FAILED(ns))
52b84b
-                                job_finish_and_invalidate(j, ns == UNIT_FAILED ? JOB_FAILED : JOB_DONE, true, false);
52b84b
+                        if (UNIT_IS_INACTIVE_OR_FAILED(ns)) {
52b84b
+                                if (ns == UNIT_FAILED)
52b84b
+                                        result = JOB_FAILED;
52b84b
+                                else if (FLAGS_SET(flags, UNIT_NOTIFY_SKIP_CONDITION))
52b84b
+                                        result = JOB_SKIPPED;
52b84b
+                                else
52b84b
+                                        result = JOB_DONE;
52b84b
+
52b84b
+                                job_finish_and_invalidate(j, result, true, false);
52b84b
+                        }
52b84b
                 }
52b84b
 
52b84b
                 break;
52b84b
@@ -5484,6 +5493,18 @@ void unit_log_failure(Unit *u, const char *result) {
52b84b
                    "UNIT_RESULT=%s", result);
52b84b
 }
52b84b
 
52b84b
+void unit_log_skip(Unit *u, const char *result) {
52b84b
+        assert(u);
52b84b
+        assert(result);
52b84b
+
52b84b
+        log_struct(LOG_INFO,
52b84b
+                   "MESSAGE_ID=" SD_MESSAGE_UNIT_SKIPPED_STR,
52b84b
+                   LOG_UNIT_ID(u),
52b84b
+                   LOG_UNIT_INVOCATION_ID(u),
52b84b
+                   LOG_UNIT_MESSAGE(u, "Skipped due to '%s'.", result),
52b84b
+                   "UNIT_RESULT=%s", result);
52b84b
+}
52b84b
+
52b84b
 static const char* const collect_mode_table[_COLLECT_MODE_MAX] = {
52b84b
         [COLLECT_INACTIVE] = "inactive",
52b84b
         [COLLECT_INACTIVE_OR_FAILED] = "inactive-or-failed",
52b84b
diff --git a/src/core/unit.h b/src/core/unit.h
52b84b
index 4ae1b38624..39179f5fd4 100644
52b84b
--- a/src/core/unit.h
52b84b
+++ b/src/core/unit.h
52b84b
@@ -658,6 +658,7 @@ int unit_kill_common(Unit *u, KillWho who, int signo, pid_t main_pid, pid_t cont
52b84b
 typedef enum UnitNotifyFlags {
52b84b
         UNIT_NOTIFY_RELOAD_FAILURE    = 1 << 0,
52b84b
         UNIT_NOTIFY_WILL_AUTO_RESTART = 1 << 1,
52b84b
+        UNIT_NOTIFY_SKIP_CONDITION    = 1 << 2,
52b84b
 } UnitNotifyFlags;
52b84b
 
52b84b
 void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, UnitNotifyFlags flags);
52b84b
@@ -806,6 +807,9 @@ int unit_pid_attachable(Unit *unit, pid_t pid, sd_bus_error *error);
52b84b
 
52b84b
 void unit_log_success(Unit *u);
52b84b
 void unit_log_failure(Unit *u, const char *result);
52b84b
+/* unit_log_skip is for cases like ExecCondition= where a unit is considered "done"
52b84b
+ * after some execution, rather than succeeded or failed. */
52b84b
+void unit_log_skip(Unit *u, const char *result);
52b84b
 
52b84b
 /* Macros which append UNIT= or USER_UNIT= to the message */
52b84b
 
52b84b
diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
52b84b
index 8f3b463c6b..e0b2cfb170 100644
52b84b
--- a/src/shared/bus-unit-util.c
52b84b
+++ b/src/shared/bus-unit-util.c
52b84b
@@ -1334,7 +1334,7 @@ static int bus_append_service_property(sd_bus_message *m, const char *field, con
52b84b
                 return bus_append_safe_atou(m, field, eq);
52b84b
 
52b84b
         if (STR_IN_SET(field,
52b84b
-                       "ExecStartPre", "ExecStart", "ExecStartPost",
52b84b
+                       "ExecCondition", "ExecStartPre", "ExecStart", "ExecStartPost",
52b84b
                        "ExecReload", "ExecStop", "ExecStopPost"))
52b84b
 
52b84b
                 return bus_append_exec_command(m, field, eq);
52b84b
diff --git a/src/systemd/sd-messages.h b/src/systemd/sd-messages.h
52b84b
index e7ef81b597..bdd4fd3974 100644
52b84b
--- a/src/systemd/sd-messages.h
52b84b
+++ b/src/systemd/sd-messages.h
52b84b
@@ -111,6 +111,8 @@ _SD_BEGIN_DECLARATIONS;
52b84b
 #define SD_MESSAGE_UNIT_FAILURE_RESULT    SD_ID128_MAKE(d9,b3,73,ed,55,a6,4f,eb,82,42,e0,2d,be,79,a4,9c)
52b84b
 #define SD_MESSAGE_UNIT_FAILURE_RESULT_STR \
52b84b
                                           SD_ID128_MAKE_STR(d9,b3,73,ed,55,a6,4f,eb,82,42,e0,2d,be,79,a4,9c)
52b84b
+#define SD_MESSAGE_UNIT_SKIPPED           SD_ID128_MAKE(0e,42,84,a0,ca,ca,4b,fc,81,c0,bb,67,86,97,26,73)
52b84b
+#define SD_MESSAGE_UNIT_SKIPPED_STR       SD_ID128_MAKE_STR(0e,42,84,a0,ca,ca,4b,fc,81,c0,bb,67,86,97,26,73)
52b84b
 
52b84b
 #define SD_MESSAGE_SPAWN_FAILED           SD_ID128_MAKE(64,12,57,65,1c,1b,4e,c9,a8,62,4d,7a,40,a9,e1,e7)
52b84b
 #define SD_MESSAGE_SPAWN_FAILED_STR       SD_ID128_MAKE_STR(64,12,57,65,1c,1b,4e,c9,a8,62,4d,7a,40,a9,e1,e7)
52b84b
diff --git a/src/test/test-execute.c b/src/test/test-execute.c
52b84b
index e42d0d30a8..882e866ea9 100644
52b84b
--- a/src/test/test-execute.c
52b84b
+++ b/src/test/test-execute.c
52b84b
@@ -30,7 +30,7 @@
52b84b
 
52b84b
 typedef void (*test_function_t)(Manager *m);
52b84b
 
52b84b
-static void check(const char *func, Manager *m, Unit *unit, int status_expected, int code_expected) {
52b84b
+static void wait_for_service_finish(Manager *m, Unit *unit) {
52b84b
         Service *service = NULL;
52b84b
         usec_t ts;
52b84b
         usec_t timeout = 2 * USEC_PER_MINUTE;
52b84b
@@ -55,6 +55,17 @@ static void check(const char *func, Manager *m, Unit *unit, int status_expected,
52b84b
                         exit(EXIT_FAILURE);
52b84b
                 }
52b84b
         }
52b84b
+}
52b84b
+
52b84b
+static void check_main_result(const char *func, Manager *m, Unit *unit, int status_expected, int code_expected) {
52b84b
+        Service *service = NULL;
52b84b
+
52b84b
+        assert_se(m);
52b84b
+        assert_se(unit);
52b84b
+
52b84b
+        wait_for_service_finish(m, unit);
52b84b
+
52b84b
+        service = SERVICE(unit);
52b84b
         exec_status_dump(&service->main_exec_status, stdout, "\t");
52b84b
         if (service->main_exec_status.status != status_expected) {
52b84b
                 log_error("%s: %s: exit status %d, expected %d",
52b84b
@@ -70,6 +81,25 @@ static void check(const char *func, Manager *m, Unit *unit, int status_expected,
52b84b
         }
52b84b
 }
52b84b
 
52b84b
+static void check_service_result(const char *func, Manager *m, Unit *unit, ServiceResult result_expected) {
52b84b
+        Service *service = NULL;
52b84b
+
52b84b
+        assert_se(m);
52b84b
+        assert_se(unit);
52b84b
+
52b84b
+        wait_for_service_finish(m, unit);
52b84b
+
52b84b
+        service = SERVICE(unit);
52b84b
+
52b84b
+        if (service->result != result_expected) {
52b84b
+                log_error("%s: %s: service end result %s, expected %s",
52b84b
+                          func, unit->id,
52b84b
+                          service_result_to_string(service->result),
52b84b
+                          service_result_to_string(result_expected));
52b84b
+                abort();
52b84b
+        }
52b84b
+}
52b84b
+
52b84b
 static bool check_nobody_user_and_group(void) {
52b84b
         static int cache = -1;
52b84b
         struct passwd *p;
52b84b
@@ -140,7 +170,17 @@ static void test(const char *func, Manager *m, const char *unit_name, int status
52b84b
 
52b84b
         assert_se(manager_load_startable_unit_or_warn(m, unit_name, NULL, &unit) >= 0);
52b84b
         assert_se(unit_start(unit) >= 0);
52b84b
-        check(func, m, unit, status_expected, code_expected);
52b84b
+        check_main_result(func, m, unit, status_expected, code_expected);
52b84b
+}
52b84b
+
52b84b
+static void test_service(const char *func, Manager *m, const char *unit_name, ServiceResult result_expected) {
52b84b
+        Unit *unit;
52b84b
+
52b84b
+        assert_se(unit_name);
52b84b
+
52b84b
+        assert_se(manager_load_startable_unit_or_warn(m, unit_name, NULL, &unit) >= 0);
52b84b
+        assert_se(unit_start(unit) >= 0);
52b84b
+        check_service_result(func, m, unit, result_expected);
52b84b
 }
52b84b
 
52b84b
 static void test_exec_bindpaths(Manager *m) {
52b84b
@@ -669,6 +709,11 @@ static void test_exec_standardoutput_append(Manager *m) {
52b84b
         test(__func__, m, "exec-standardoutput-append.service", 0, CLD_EXITED);
52b84b
 }
52b84b
 
52b84b
+static void test_exec_condition(Manager *m) {
52b84b
+        test_service(__func__, m, "exec-condition-failed.service", SERVICE_FAILURE_EXIT_CODE);
52b84b
+        test_service(__func__, m, "exec-condition-skip.service", SERVICE_SKIP_CONDITION);
52b84b
+}
52b84b
+
52b84b
 typedef struct test_entry {
52b84b
         test_function_t f;
52b84b
         const char *name;
52b84b
@@ -709,6 +754,7 @@ int main(int argc, char *argv[]) {
52b84b
                 entry(test_exec_ambientcapabilities),
52b84b
                 entry(test_exec_bindpaths),
52b84b
                 entry(test_exec_capabilityboundingset),
52b84b
+                entry(test_exec_condition),
52b84b
                 entry(test_exec_cpuaffinity),
52b84b
                 entry(test_exec_environment),
52b84b
                 entry(test_exec_environmentfile),
52b84b
diff --git a/test/fuzz/fuzz-unit-file/directives.service b/test/fuzz/fuzz-unit-file/directives.service
52b84b
index eab1820e20..9d0530df72 100644
52b84b
--- a/test/fuzz/fuzz-unit-file/directives.service
52b84b
+++ b/test/fuzz/fuzz-unit-file/directives.service
52b84b
@@ -83,6 +83,7 @@ DirectoryNotEmpty=
52b84b
 Documentation=
52b84b
 DynamicUser=
52b84b
 ExecReload=
52b84b
+ExecCondition=
52b84b
 ExecStart=
52b84b
 ExecStartPost=
52b84b
 ExecStartPre=
52b84b
diff --git a/test/meson.build b/test/meson.build
52b84b
index 4d1c51048c..070731c4a9 100644
52b84b
--- a/test/meson.build
52b84b
+++ b/test/meson.build
52b84b
@@ -42,6 +42,8 @@ test_data_files = '''
52b84b
         test-execute/exec-capabilityboundingset-merge.service
52b84b
         test-execute/exec-capabilityboundingset-reset.service
52b84b
         test-execute/exec-capabilityboundingset-simple.service
52b84b
+        test-execute/exec-condition-failed.service
52b84b
+        test-execute/exec-condition-skip.service
52b84b
         test-execute/exec-cpuaffinity1.service
52b84b
         test-execute/exec-cpuaffinity2.service
52b84b
         test-execute/exec-cpuaffinity3.service
52b84b
diff --git a/test/test-execute/exec-condition-failed.service b/test/test-execute/exec-condition-failed.service
52b84b
new file mode 100644
52b84b
index 0000000000..4a406dc17f
52b84b
--- /dev/null
52b84b
+++ b/test/test-execute/exec-condition-failed.service
52b84b
@@ -0,0 +1,11 @@
52b84b
+[Unit]
52b84b
+Description=Test for exec condition that fails the unit
52b84b
+
52b84b
+[Service]
52b84b
+Type=oneshot
52b84b
+
52b84b
+# exit 255 will fail the unit
52b84b
+ExecCondition=/bin/sh -c 'exit 255'
52b84b
+
52b84b
+# This should not get run
52b84b
+ExecStart=/bin/sh -c 'true'
52b84b
diff --git a/test/test-execute/exec-condition-skip.service b/test/test-execute/exec-condition-skip.service
52b84b
new file mode 100644
52b84b
index 0000000000..9450e8442a
52b84b
--- /dev/null
52b84b
+++ b/test/test-execute/exec-condition-skip.service
52b84b
@@ -0,0 +1,15 @@
52b84b
+[Unit]
52b84b
+Description=Test for exec condition that triggers skipping
52b84b
+
52b84b
+[Service]
52b84b
+Type=oneshot
52b84b
+
52b84b
+# exit codes [1, 254] will result in skipping the rest of execution
52b84b
+ExecCondition=/bin/sh -c 'exit 0'
52b84b
+ExecCondition=/bin/sh -c 'exit 254'
52b84b
+
52b84b
+# This would normally fail the unit but will not get run due to the skip above
52b84b
+ExecCondition=/bin/sh -c 'exit 255'
52b84b
+
52b84b
+# This should not get run
52b84b
+ExecStart=/bin/sh -c 'true'