confd: replace initctl shell-outs with direct finit_ C API

Add a finit_enable/disable/reload() family in core.c that directly
manipulates Finit's service state without fork+exec overhead:

  finit_enable(svc)  -- create symlink in /etc/finit.d/enabled/
  finit_disable(svc) -- remove symlink from /etc/finit.d/enabled/
  finit_delete(svc)  -- remove both symlink and service entirely
  finit_reload(svc)  -- utimensat() on .conf to schedule reload

Printf-style variants (finit_enablef/disablef/reloadf) handle
template instance names such as container@foo and hostapd@wlan0.

All systemf("initctl ... enable/disable/touch ...") call sites across
containers, dhcp-server, firewall, hardware, ntp, routing, services,
syslog, and system are converted to the new API.

As a related cleanup in services.c, drop the remaining srx_enabled()
calls in favour of reading the already-fetched config tree directly
via lydx_is_enabled(lydx_get_xpathf(config, ...)), eliminating the
last sysrepo round-trips from that module.

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>

Author: troglobit

src/confd/src/containers.c

@@ -322,9 +322,9 @@ static int add(const char *name, struct lyd_node *cif)
 	fchmod(fileno(fp), 0700);
 	fclose(fp);
 
-	systemf("initctl -bnq touch container@%s.conf", name);
-	systemf("initctl -bnq %s container@%s.conf", lydx_is_enabled(cif, "enabled")
-		? "enable" : "disable", name);
+	finit_reloadf("container@%s", name);
+	lydx_is_enabled(cif, "enabled") ? finit_enablef("container@%s", name)
+					: finit_disablef("container@%s", name);
 
 	return 0;
 }
@@ -341,7 +341,7 @@ static int del(const char *name)
 	FILE *pp;
 
 	erasef("%s/%s.sh", _PATH_CONT, name);
-	systemf("initctl -bnq disable container@%s.conf", name);
+	finit_disablef("container@%s", name);
 
 	/* Schedule a cleanup job for this container as soon as it has stopped */
 	snprintf(prune_dir, sizeof(prune_dir), "%s/%s", _PATH_CLEAN, name);

src/confd/src/core.c

@@ -9,6 +9,120 @@
 
 struct confd confd;
 
+/*
+ * Touch a Finit service .conf file to schedule a synchronized reload.
+ * Equivalent to 'initctl touch <svc>' but without the fork+exec overhead.
+ * The service name should be given without the .conf suffix.
+ */
+int finit_reload(const char *svc)
+{
+	char path[256];
+
+	/* Prefer the enabled/ symlink -- that's what Finit watches */
+	snprintf(path, sizeof(path), FINIT_RCSD "/enabled/%s.conf", svc);
+	if (!utimensat(AT_FDCWD, path, NULL, AT_SYMLINK_NOFOLLOW))
+		return 0;
+
+	snprintf(path, sizeof(path), FINIT_RCSD "/available/%s.conf", svc);
+	if (!utimensat(AT_FDCWD, path, NULL, AT_SYMLINK_NOFOLLOW))
+		return 0;
+
+	ERRNO("failed marking %s for reload", svc);
+	return -1;
+}
+
+int finit_reloadf(const char *fmt, ...)
+{
+	char svc[64];
+	va_list ap;
+
+	va_start(ap, fmt);
+	vsnprintf(svc, sizeof(svc), fmt, ap);
+	va_end(ap);
+
+	return finit_reload(svc);
+}
+
+int finit_enable(const char *svc)
+{
+	char src[256], dst[256];
+
+	snprintf(src, sizeof(src), FINIT_RCSD "/available/%s.conf", svc);
+	snprintf(dst, sizeof(dst), FINIT_RCSD "/enabled/%s.conf", svc);
+	if (symlink(src, dst) && errno != EEXIST) {
+		ERRNO("failed enabling %s", svc);
+		return -1;
+	}
+	return 0;
+}
+
+int finit_disable(const char *svc)
+{
+	char path[256];
+
+	snprintf(path, sizeof(path), FINIT_RCSD "/enabled/%s.conf", svc);
+	if (remove(path) && errno != ENOENT) {
+		ERRNO("failed disabling %s", svc);
+		return -1;
+	}
+	return 0;
+}
+
+int finit_delete(const char *svc)
+{
+	char path[256];
+
+	snprintf(path, sizeof(path), FINIT_RCSD "/enabled/%s.conf", svc);
+	if (remove(path) && errno != ENOENT) {
+		ERRNO("failed removing enabled symlink for %s", svc);
+		return -1;
+	}
+
+	snprintf(path, sizeof(path), FINIT_RCSD "/available/%s.conf", svc);
+	if (remove(path) && errno != ENOENT) {
+		ERRNO("failed removing available conf for %s", svc);
+		return -1;
+	}
+
+	return 0;
+}
+
+int finit_deletef(const char *fmt, ...)
+{
+	char svc[64];
+	va_list ap;
+
+	va_start(ap, fmt);
+	vsnprintf(svc, sizeof(svc), fmt, ap);
+	va_end(ap);
+
+	return finit_delete(svc);
+}
+
+int finit_enablef(const char *fmt, ...)
+{
+	char svc[64];
+	va_list ap;
+
+	va_start(ap, fmt);
+	vsnprintf(svc, sizeof(svc), fmt, ap);
+	va_end(ap);
+
+	return finit_enable(svc);
+}
+
+int finit_disablef(const char *fmt, ...)
+{
+	char svc[64];
+	va_list ap;
+
+	va_start(ap, fmt);
+	vsnprintf(svc, sizeof(svc), fmt, ap);
+	va_end(ap);
+
+	return finit_disable(svc);
+}
+
 
 static int startup_save(sr_session_ctx_t *session, uint32_t sub_id, const char *model,
 			const char *xpath, sr_event_t event, unsigned request_id, void *priv)
@@ -433,7 +547,7 @@ static int change_cb(sr_session_ctx_t *session, uint32_t sub_id, const char *mod
 		client = srx_enabled(session, "/ietf-system:system/ntp/enabled");
 		server = lydx_get_xpathf(config, "/ietf-ntp:ntp") != NULL;
 
-		systemf("initctl -nbq %s chronyd", client || server ? "enable" : "disable");
+		(client || server) ? finit_enable("chronyd") : finit_disable("chronyd");
 	}
 
 	if (cfg)

src/confd/src/core.h

@@ -4,11 +4,14 @@
 #define CONFD_CORE_H_
 
 #include <errno.h>
+#include <fcntl.h>
+#include <stdarg.h>
 #include <stdio.h>
 #include <syslog.h>
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
+#include <sys/stat.h>
 #include <sys/time.h>
 #include <sys/param.h>
 #include <unistd.h>
@@ -31,6 +34,8 @@
 
 #include "dagger.h"
 
+#define FINIT_RCSD        "/etc/finit.d"
+
 #define SSH_HOSTKEYS      "/etc/ssh/hostkeys"
 #define SSH_HOSTKEYS_NEXT SSH_HOSTKEYS"+"
 #define SSL_CERT_DIR      "/etc/ssl/certs"
@@ -188,6 +193,16 @@ static inline int register_rpc(sr_session_ctx_t *session, const char *xpath,
 }
 
 
+/* core.c */
+int finit_enable(const char *svc);
+int finit_disable(const char *svc);
+int finit_delete(const char *svc);
+int finit_reload(const char *svc);
+int finit_enablef(const char *fmt, ...) __attribute__((format(printf, 1, 2)));
+int finit_disablef(const char *fmt, ...) __attribute__((format(printf, 1, 2)));
+int finit_deletef(const char *fmt, ...) __attribute__((format(printf, 1, 2)));
+int finit_reloadf(const char *fmt, ...) __attribute__((format(printf, 1, 2)));
+
 /* interfaces.c */
 int interfaces_change(sr_session_ctx_t *session, struct lyd_node *config, struct lyd_node *diff, sr_event_t event, struct confd *confd);
 int interfaces_cand_init(struct confd *confd);

src/confd/src/dhcp-client.c

@@ -99,7 +99,7 @@ static void add(const char *ifname, struct lyd_node *cfg)
 	const char *metric = lydx_get_cattr(cfg, "route-preference");
 	const char *client_id = lydx_get_cattr(cfg, "client-id");
 	char *cid = NULL, *options = NULL;
-	const char *action = "disable";
+	int ena = 0;
 	const char *vendor_class;
 	char vendor[128] = { 0 };
 	char do_arp[20] = { 0 };
@@ -153,9 +153,10 @@ static void add(const char *ifname, struct lyd_node *cfg)
 		options ? "-o " : "", options,
 		ifname, cid ?: "", vendor, ifname);
 	fclose(fp);
-	action = "enable";
+	ena = 1;
 err:
-	systemf("initctl -bfqn %s dhcp-client-%s", action, ifname);
+	ena ? finit_enablef("dhcp-client-%s", ifname)
+	    : finit_disablef("dhcp-client-%s", ifname);
 	if (options)
 		free(options);
 	if (cid)
@@ -164,7 +165,7 @@ static void add(const char *ifname, struct lyd_node *cfg)
 
 static void del(const char *ifname)
 {
-	systemf("initctl -bfq delete dhcp-client-%s", ifname);
+	finit_deletef("dhcp-client-%s", ifname);
 }
 
 int dhcp_client_change(sr_session_ctx_t *session, struct lyd_node *config, struct lyd_node *diff,

src/confd/src/dhcp-server.c

@@ -377,7 +377,7 @@ int dhcp_server_change(sr_session_ctx_t *session, struct lyd_node *config, struc
 
 err_done:
 	if (added || deleted)
-		system("initctl -nbq touch dnsmasq");
+		finit_reload("dnsmasq");
 
 	return err;
 }

src/confd/src/dhcpv6-client.c

@@ -80,7 +80,7 @@ static void add_v6(const char *ifname, struct lyd_node *cfg)
 	const char *metric = lydx_get_cattr(cfg, "route-preference");
 	const char *duid = lydx_get_cattr(cfg, "duid");
 	char *client_duid = NULL, *options = NULL;
-	const char *action = "disable";
+	int ena = 0;
 	const char *addr_mode = "-N try";  /* Default: stateful mode */
 	char prefix_del[16] = { 0 };
 	bool request_pd = false;
@@ -127,9 +127,10 @@ static void add_v6(const char *ifname, struct lyd_node *cfg)
 		options ?: "", client_duid ?: "",
 		ifname, ifname);
 	fclose(fp);
-	action = "enable";
+	ena = 1;
 err:
-	systemf("initctl -bfqn %s dhcpv6-client-%s", action, ifname);
+	ena ? finit_enablef("dhcpv6-client-%s", ifname)
+	    : finit_disablef("dhcpv6-client-%s", ifname);
 	if (options)
 		free(options);
 	if (client_duid)
@@ -138,7 +139,7 @@ static void add_v6(const char *ifname, struct lyd_node *cfg)
 
 static void del_v6(const char *ifname)
 {
-	systemf("initctl -bfq delete dhcpv6-client-%s", ifname);
+	finit_deletef("dhcpv6-client-%s", ifname);
 }
 
 int dhcpv6_client_change(sr_session_ctx_t *session, struct lyd_node *config, struct lyd_node *diff,

src/confd/src/firewall.c

@@ -510,7 +510,7 @@ int firewall_change(sr_session_ctx_t *session, struct lyd_node *config, struct l
 	case SR_EV_DONE:
 		if (!fisdir(FIREWALLD_DIR_NEXT)) {
 			/* Firewall is disabled */
-			systemf("initctl -nbq disable firewalld");
+			finit_disable("firewalld");
 			return SR_ERR_OK;
 		}
 
@@ -521,8 +521,8 @@ int firewall_change(sr_session_ctx_t *session, struct lyd_node *config, struct l
 			return SR_ERR_SYS;
 		}
 
-		systemf("initctl -nbq touch firewalld");
-		systemf("initctl -nbq enable firewalld");
+		finit_reload("firewalld");
+		finit_enable("firewalld");
 		return SR_ERR_OK;
 
 	default:

src/confd/src/hardware.c

@@ -685,14 +685,14 @@ int hardware_change(sr_session_ctx_t *session, struct lyd_node *config, struct l
 							ap_interfaces++;
 
 							if (running)
-								systemf("initctl -bfq touch hostapd@%s", name);
+								finit_reloadf("hostapd@%s", name);
 							else
-								systemf("initctl -bfq enable hostapd@%s", name);
+								finit_enablef("hostapd@%s", name);
 						}
 					}
 				}
 				if (!ap_interfaces) {
-					systemf("initctl -bfq disable hostapd@%s", name);
+					finit_disablef("hostapd@%s", name);
 					erasef(HOSTAPD_CONF, name);
 					erasef(HOSTAPD_CONF_NEXT, name);
 				}
@@ -784,10 +784,10 @@ int hardware_change(sr_session_ctx_t *session, struct lyd_node *config, struct l
 			if (fexist(GPSD_CONF_NEXT)) {
 				unlink(GPSD_CONF);
 				rename(GPSD_CONF_NEXT, GPSD_CONF);
-				systemf("initctl -nbq enable gpsd");
+				finit_enable("gpsd");
 			} else {
 				unlink(GPSD_CONF);
-				systemf("initctl -nbq disable gpsd");
+				finit_disable("gpsd");
 			}
 			break;
 		}

src/confd/src/ntp.c

@@ -48,7 +48,7 @@ static int change(sr_session_ctx_t *session, struct lyd_node *config, struct lyd
 		if (systemf("chronyc reload sources >/dev/null 2>&1"))
 			ERRNO("Failed reloading chronyd sources");
 
-		systemf("initctl -nbq touch chronyd");
+		finit_reload("chronyd");
 		return SR_ERR_OK;
 
 	default:

src/confd/src/routing.c

@@ -605,17 +605,17 @@ int routing_change(sr_session_ctx_t *session, struct lyd_node *config, struct ly
 
 	/* Enable/disable FRR daemons as standalone finit services.
 	 * Harmless no-op when using watchfrr (services not installed). */
-	systemf("initctl -nbq %s ospfd", ospfd_enabled ? "enable" : "disable");
+	ospfd_enabled ? finit_enable("ospfd") : finit_disable("ospfd");
 	if (ospfd_enabled)
-		systemf("initctl -nbq touch ospfd");
-	systemf("initctl -nbq %s ripd",  ripd_enabled  ? "enable" : "disable");
-	systemf("initctl -nbq %s bfdd",  bfdd_enabled  ? "enable" : "disable");
+		finit_reload("ospfd");
+	ripd_enabled  ? finit_enable("ripd")  : finit_disable("ripd");
+	bfdd_enabled  ? finit_enable("bfdd")  : finit_disable("bfdd");
 
 	/*
 	 * Signal netd to reload - it assembles /etc/frr/frr.conf and
 	 * Finit propagates the restart to the frr sysv service
 	 */
-	if (systemf("initctl -bfq touch netd"))
+	if (finit_reload("netd"))
 		ERROR("Failed to signal netd for reload");
 
 	return rc;