]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/journal/journald-server.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
nspawn: explicitly terminate machines when we exit nspawn
[thirdparty/systemd.git] / src / journal / journald-server.c
CommitLineData
d025f1e4
ZJS		 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3/***
4 This file is part of systemd.
5
6 Copyright 2011 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
22#include <sys/signalfd.h>
23#include <sys/ioctl.h>
24#include <linux/sockios.h>
25#include <sys/statvfs.h>
26#include <sys/mman.h>
26687bf8 27#include <sys/timerfd.h>
d025f1e4
ZJS		 28
29#include <libudev.h>
30#include <systemd/sd-journal.h>
31#include <systemd/sd-messages.h>
32#include <systemd/sd-daemon.h>
33
a5c32cff 34#include "fileio.h"
d025f1e4
ZJS		 35#include "mkdir.h"
36#include "hashmap.h"
37#include "journal-file.h"
38#include "socket-util.h"
39#include "cgroup-util.h"
40#include "list.h"
41#include "virt.h"
42#include "missing.h"
43#include "conf-parser.h"
44#include "journal-internal.h"
45#include "journal-vacuum.h"
46#include "journal-authenticate.h"
47#include "journald-server.h"
48#include "journald-rate-limit.h"
49#include "journald-kmsg.h"
50#include "journald-syslog.h"
51#include "journald-stream.h"
52#include "journald-console.h"
53#include "journald-native.h"
5a045dad 54#include "selinux-util.h"
d025f1e4
ZJS		 55
56#ifdef HAVE_ACL
57#include <sys/acl.h>
58#include <acl/libacl.h>
59#include "acl-util.h"
60#endif
61
62#ifdef HAVE_SELINUX
63#include <selinux/selinux.h>
64#endif
65
66#define USER_JOURNALS_MAX 1024
67
26687bf8 68#define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
7f1ad696
LP		 69#define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC)
70#define DEFAULT_RATE_LIMIT_BURST 1000
d025f1e4
ZJS		 71
72#define RECHECK_AVAILABLE_SPACE_USEC (30*USEC_PER_SEC)
73
74static const char* const storage_table[] = {
75 [STORAGE_AUTO] = "auto",
76 [STORAGE_VOLATILE] = "volatile",
77 [STORAGE_PERSISTENT] = "persistent",
78 [STORAGE_NONE] = "none"
79};
80
81DEFINE_STRING_TABLE_LOOKUP(storage, Storage);
82DEFINE_CONFIG_PARSE_ENUM(config_parse_storage, storage, Storage, "Failed to parse storage setting");
83
84static const char* const split_mode_table[] = {
85 [SPLIT_NONE] = "none",
86 [SPLIT_UID] = "uid",
87 [SPLIT_LOGIN] = "login"
88};
89
90DEFINE_STRING_TABLE_LOOKUP(split_mode, SplitMode);
91DEFINE_CONFIG_PARSE_ENUM(config_parse_split_mode, split_mode, SplitMode, "Failed to parse split mode setting");
92
670b110c 93static uint64_t available_space(Server *s, bool verbose) {
db91ea32 94 char ids[33];
7fd1b19b 95 _cleanup_free_ char *p = NULL;
d025f1e4
ZJS		 96 sd_id128_t machine;
97 struct statvfs ss;
670b110c 98 uint64_t sum = 0, ss_avail = 0, avail = 0;
d025f1e4 99 int r;
7fd1b19b 100 _cleanup_closedir_ DIR *d = NULL;
d025f1e4 101 usec_t ts;
670b110c 102 const char *f;
d025f1e4
ZJS		 103 JournalMetrics *m;
104
105 ts = now(CLOCK_MONOTONIC);
106
670b110c
ZJS		 107 if (s->cached_available_space_timestamp + RECHECK_AVAILABLE_SPACE_USEC > ts
108 && !verbose)
d025f1e4
ZJS		 109 return s->cached_available_space;
110
111 r = sd_id128_get_machine(&machine);
112 if (r < 0)
113 return 0;
114
115 if (s->system_journal) {
116 f = "/var/log/journal/";
117 m = &s->system_metrics;
118 } else {
119 f = "/run/log/journal/";
120 m = &s->runtime_metrics;
121 }
122
123 assert(m);
124
125 p = strappend(f, sd_id128_to_string(machine, ids));
126 if (!p)
127 return 0;
128
129 d = opendir(p);
d025f1e4
ZJS		 130 if (!d)
131 return 0;
132
133 if (fstatvfs(dirfd(d), &ss) < 0)
db91ea32 134 return 0;
d025f1e4
ZJS		 135
136 for (;;) {
137 struct stat st;
138 struct dirent *de;
139 union dirent_storage buf;
140
141 r = readdir_r(d, &buf.de, &de);
142 if (r != 0)
143 break;
144
145 if (!de)
146 break;
147
148 if (!endswith(de->d_name, ".journal") &&
149 !endswith(de->d_name, ".journal~"))
150 continue;
151
152 if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0)
153 continue;
154
155 if (!S_ISREG(st.st_mode))
156 continue;
157
158 sum += (uint64_t) st.st_blocks * 512UL;
159 }
160
d025f1e4 161 ss_avail = ss.f_bsize * ss.f_bavail;
670b110c 162 avail = ss_avail > m->keep_free ? ss_avail - m->keep_free : 0;
d025f1e4 163
670b110c 164 s->cached_available_space = MIN(m->max_use, avail) > sum ? MIN(m->max_use, avail) - sum : 0;
d025f1e4
ZJS		 165 s->cached_available_space_timestamp = ts;
166
670b110c
ZJS		 167 if (verbose) {
168 char fb1[FORMAT_BYTES_MAX], fb2[FORMAT_BYTES_MAX], fb3[FORMAT_BYTES_MAX],
169 fb4[FORMAT_BYTES_MAX], fb5[FORMAT_BYTES_MAX];
170
171 server_driver_message(s, SD_MESSAGE_JOURNAL_USAGE,
172 "%s journal is using %s (max %s, leaving %s of free %s, current limit %s).",
173 s->system_journal ? "Permanent" : "Runtime",
174 format_bytes(fb1, sizeof(fb1), sum),
175 format_bytes(fb2, sizeof(fb2), m->max_use),
176 format_bytes(fb3, sizeof(fb3), m->keep_free),
177 format_bytes(fb4, sizeof(fb4), ss_avail),
178 format_bytes(fb5, sizeof(fb5), MIN(m->max_use, avail)));
179 }
180
181 return s->cached_available_space;
d025f1e4
ZJS		 182}
183
d025f1e4
ZJS		 184void server_fix_perms(Server *s, JournalFile *f, uid_t uid) {
185 int r;
186#ifdef HAVE_ACL
187 acl_t acl;
188 acl_entry_t entry;
189 acl_permset_t permset;
190#endif
191
192 assert(f);
193
4608af43 194 r = fchmod(f->fd, 0640);
d025f1e4 195 if (r < 0)
4608af43 196 log_warning("Failed to fix access mode on %s, ignoring: %s", f->path, strerror(-r));
d025f1e4
ZJS		 197
198#ifdef HAVE_ACL
199 if (uid <= 0)
200 return;
201
202 acl = acl_get_fd(f->fd);
203 if (!acl) {
204 log_warning("Failed to read ACL on %s, ignoring: %m", f->path);
205 return;
206 }
207
208 r = acl_find_uid(acl, uid, &entry);
209 if (r <= 0) {
210
211 if (acl_create_entry(&acl, &entry) < 0 ||
212 acl_set_tag_type(entry, ACL_USER) < 0 ||
213 acl_set_qualifier(entry, &uid) < 0) {
214 log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
215 goto finish;
216 }
217 }
218
23ad4dd8
JAS		 219 /* We do not recalculate the mask unconditionally here,
220 * so that the fchmod() mask above stays intact. */
d025f1e4 221 if (acl_get_permset(entry, &permset) < 0 ||
23ad4dd8
JAS		 222 acl_add_perm(permset, ACL_READ) < 0 ||
223 calc_acl_mask_if_needed(&acl) < 0) {
d025f1e4
ZJS		 224 log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
225 goto finish;
226 }
227
228 if (acl_set_fd(f->fd, acl) < 0)
229 log_warning("Failed to set ACL on %s, ignoring: %m", f->path);
230
231finish:
232 acl_free(acl);
233#endif
234}
235
236static JournalFile* find_journal(Server *s, uid_t uid) {
ed375beb 237 _cleanup_free_ char *p = NULL;
d025f1e4
ZJS		 238 int r;
239 JournalFile *f;
240 sd_id128_t machine;
241
242 assert(s);
243
244 /* We split up user logs only on /var, not on /run. If the
245 * runtime file is open, we write to it exclusively, in order
246 * to guarantee proper order as soon as we flush /run to
247 * /var and close the runtime file. */
248
249 if (s->runtime_journal)
250 return s->runtime_journal;
251
252 if (uid <= 0)
253 return s->system_journal;
254
255 r = sd_id128_get_machine(&machine);
256 if (r < 0)
257 return s->system_journal;
258
259 f = hashmap_get(s->user_journals, UINT32_TO_PTR(uid));
260 if (f)
261 return f;
262
263 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/user-%lu.journal",
264 SD_ID128_FORMAT_VAL(machine), (unsigned long) uid) < 0)
265 return s->system_journal;
266
267 while (hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
268 /* Too many open? Then let's close one */
269 f = hashmap_steal_first(s->user_journals);
270 assert(f);
271 journal_file_close(f);
272 }
273
cbd67177 274 r = journal_file_open_reliably(p, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &f);
d025f1e4
ZJS		 275 if (r < 0)
276 return s->system_journal;
277
278 server_fix_perms(s, f, uid);
279
280 r = hashmap_put(s->user_journals, UINT32_TO_PTR(uid), f);
281 if (r < 0) {
282 journal_file_close(f);
283 return s->system_journal;
284 }
285
286 return f;
287}
288
289void server_rotate(Server *s) {
290 JournalFile *f;
291 void *k;
292 Iterator i;
293 int r;
294
295 log_debug("Rotating...");
296
297 if (s->runtime_journal) {
298 r = journal_file_rotate(&s->runtime_journal, s->compress, false);
299 if (r < 0)
300 if (s->runtime_journal)
301 log_error("Failed to rotate %s: %s", s->runtime_journal->path, strerror(-r));
302 else
303 log_error("Failed to create new runtime journal: %s", strerror(-r));
304 else
305 server_fix_perms(s, s->runtime_journal, 0);
306 }
307
308 if (s->system_journal) {
309 r = journal_file_rotate(&s->system_journal, s->compress, s->seal);
310 if (r < 0)
311 if (s->system_journal)
312 log_error("Failed to rotate %s: %s", s->system_journal->path, strerror(-r));
313 else
314 log_error("Failed to create new system journal: %s", strerror(-r));
315
316 else
317 server_fix_perms(s, s->system_journal, 0);
318 }
319
320 HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
321 r = journal_file_rotate(&f, s->compress, s->seal);
322 if (r < 0)
7d73c134 323 if (f)
d025f1e4 324 log_error("Failed to rotate %s: %s", f->path, strerror(-r));
2b98f75a 325 else {
d025f1e4 326 log_error("Failed to create user journal: %s", strerror(-r));
2b98f75a
ZJS		 327 hashmap_remove(s->user_journals, k);
328 }
d025f1e4
ZJS		 329 else {
330 hashmap_replace(s->user_journals, k, f);
331 server_fix_perms(s, f, PTR_TO_UINT32(k));
332 }
333 }
334}
335
26687bf8 336void server_sync(Server *s) {
d07f7b9e 337 static const struct itimerspec sync_timer_disable = {};
26687bf8
OS		 338 JournalFile *f;
339 void *k;
340 Iterator i;
341 int r;
342
26687bf8
OS		 343 if (s->system_journal) {
344 r = journal_file_set_offline(s->system_journal);
345 if (r < 0)
346 log_error("Failed to sync system journal: %s", strerror(-r));
347 }
348
349 HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
350 r = journal_file_set_offline(f);
351 if (r < 0)
352 log_error("Failed to sync user journal: %s", strerror(-r));
353 }
354
355 r = timerfd_settime(s->sync_timer_fd, 0, &sync_timer_disable, NULL);
356 if (r < 0)
357 log_error("Failed to disable max timer: %m");
358
359 s->sync_scheduled = false;
360}
361
d025f1e4 362void server_vacuum(Server *s) {
d025f1e4
ZJS		 363 char ids[33];
364 sd_id128_t machine;
365 int r;
366
367 log_debug("Vacuuming...");
368
369 s->oldest_file_usec = 0;
370
371 r = sd_id128_get_machine(&machine);
372 if (r < 0) {
373 log_error("Failed to get machine ID: %s", strerror(-r));
374 return;
375 }
376
377 sd_id128_to_string(machine, ids);
378
379 if (s->system_journal) {
ed375beb 380 char *p = strappenda("/var/log/journal/", ids);
d025f1e4
ZJS		 381
382 r = journal_directory_vacuum(p, s->system_metrics.max_use, s->system_metrics.keep_free, s->max_retention_usec, &s->oldest_file_usec);
383 if (r < 0 && r != -ENOENT)
384 log_error("Failed to vacuum %s: %s", p, strerror(-r));
d025f1e4
ZJS		 385 }
386
387 if (s->runtime_journal) {
ed375beb 388 char *p = strappenda("/run/log/journal/", ids);
d025f1e4
ZJS		 389
390 r = journal_directory_vacuum(p, s->runtime_metrics.max_use, s->runtime_metrics.keep_free, s->max_retention_usec, &s->oldest_file_usec);
391 if (r < 0 && r != -ENOENT)
392 log_error("Failed to vacuum %s: %s", p, strerror(-r));
d025f1e4
ZJS		 393 }
394
395 s->cached_available_space_timestamp = 0;
396}
397
d025f1e4
ZJS		 398bool shall_try_append_again(JournalFile *f, int r) {
399
400 /* -E2BIG Hit configured limit
401 -EFBIG Hit fs limit
402 -EDQUOT Quota limit hit
403 -ENOSPC Disk full
404 -EHOSTDOWN Other machine
405 -EBUSY Unclean shutdown
406 -EPROTONOSUPPORT Unsupported feature
407 -EBADMSG Corrupted
408 -ENODATA Truncated
409 -ESHUTDOWN Already archived */
410
411 if (r == -E2BIG || r == -EFBIG || r == -EDQUOT || r == -ENOSPC)
412 log_debug("%s: Allocation limit reached, rotating.", f->path);
413 else if (r == -EHOSTDOWN)
414 log_info("%s: Journal file from other machine, rotating.", f->path);
415 else if (r == -EBUSY)
416 log_info("%s: Unclean shutdown, rotating.", f->path);
417 else if (r == -EPROTONOSUPPORT)
418 log_info("%s: Unsupported feature, rotating.", f->path);
419 else if (r == -EBADMSG || r == -ENODATA || r == ESHUTDOWN)
420 log_warning("%s: Journal file corrupted, rotating.", f->path);
421 else
422 return false;
423
424 return true;
425}
426
d07f7b9e 427static void write_to_journal(Server *s, uid_t uid, struct iovec *iovec, unsigned n, int priority) {
d025f1e4
ZJS		 428 JournalFile *f;
429 bool vacuumed = false;
430 int r;
431
432 assert(s);
433 assert(iovec);
434 assert(n > 0);
435
436 f = find_journal(s, uid);
437 if (!f)
438 return;
439
440 if (journal_file_rotate_suggested(f, s->max_file_usec)) {
441 log_debug("%s: Journal header limits reached or header out-of-date, rotating.", f->path);
442 server_rotate(s);
443 server_vacuum(s);
444 vacuumed = true;
445
446 f = find_journal(s, uid);
447 if (!f)
448 return;
449 }
450
451 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
26687bf8 452 if (r >= 0) {
d07f7b9e 453 server_schedule_sync(s, priority);
d025f1e4 454 return;
26687bf8 455 }
d025f1e4
ZJS		 456
457 if (vacuumed || !shall_try_append_again(f, r)) {
e40ec7ae
ZJS		 458 size_t size = 0;
459 unsigned i;
460 for (i = 0; i < n; i++)
461 size += iovec[i].iov_len;
462
463 log_error("Failed to write entry (%d items, %zu bytes), ignoring: %s", n, size, strerror(-r));
d025f1e4
ZJS		 464 return;
465 }
466
467 server_rotate(s);
468 server_vacuum(s);
469
470 f = find_journal(s, uid);
471 if (!f)
472 return;
473
474 log_debug("Retrying write.");
475 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
e40ec7ae
ZJS		 476 if (r < 0) {
477 size_t size = 0;
478 unsigned i;
479 for (i = 0; i < n; i++)
480 size += iovec[i].iov_len;
481
482 log_error("Failed to write entry (%d items, %zu bytes) despite vacuuming, ignoring: %s", n, size, strerror(-r));
d07f7b9e
LP		 483 } else
484 server_schedule_sync(s, priority);
d025f1e4
ZJS		 485}
486
487static void dispatch_message_real(
488 Server *s,
489 struct iovec *iovec, unsigned n, unsigned m,
490 struct ucred *ucred,
491 struct timeval *tv,
492 const char *label, size_t label_len,
968f3196 493 const char *unit_id,
d07f7b9e 494 int priority,
968f3196 495 pid_t object_pid) {
d025f1e4 496
968f3196 497 char pid[sizeof("_PID=") + DECIMAL_STR_MAX(pid_t)],
ae018d9b
LP		 498 uid[sizeof("_UID=") + DECIMAL_STR_MAX(uid_t)],
499 gid[sizeof("_GID=") + DECIMAL_STR_MAX(gid_t)],
500 owner_uid[sizeof("_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)],
d3789917 501 source_time[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)],
adb435bb 502 boot_id[sizeof("_BOOT_ID=") + 32] = "_BOOT_ID=",
968f3196
ZJS		 503 machine_id[sizeof("_MACHINE_ID=") + 32] = "_MACHINE_ID=",
504 o_uid[sizeof("OBJECT_UID=") + DECIMAL_STR_MAX(uid_t)],
505 o_gid[sizeof("OBJECT_GID=") + DECIMAL_STR_MAX(gid_t)],
506 o_owner_uid[sizeof("OBJECT_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)];
507 uid_t object_uid;
508 gid_t object_gid;
968f3196 509 char *x;
d025f1e4
ZJS		 510 sd_id128_t id;
511 int r;
ae018d9b 512 char *t, *c;
82499507
LP		 513 uid_t realuid = 0, owner = 0, journal_uid;
514 bool owner_valid = false;
ae018d9b 515#ifdef HAVE_AUDIT
968f3196
ZJS		 516 char audit_session[sizeof("_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
517 audit_loginuid[sizeof("_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)],
518 o_audit_session[sizeof("OBJECT_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
519 o_audit_loginuid[sizeof("OBJECT_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)];
ae018d9b
LP		 520
521 uint32_t audit;
522 uid_t loginuid;
523#endif
d025f1e4
ZJS		 524
525 assert(s);
526 assert(iovec);
527 assert(n > 0);
968f3196 528 assert(n + N_IOVEC_META_FIELDS + (object_pid ? N_IOVEC_OBJECT_FIELDS : 0) <= m);
d025f1e4
ZJS		 529
530 if (ucred) {
d025f1e4
ZJS		 531 realuid = ucred->uid;
532
ae018d9b 533 sprintf(pid, "_PID=%lu", (unsigned long) ucred->pid);
c2457105 534 IOVEC_SET_STRING(iovec[n++], pid);
d025f1e4 535
ae018d9b 536 sprintf(uid, "_UID=%lu", (unsigned long) ucred->uid);
c2457105 537 IOVEC_SET_STRING(iovec[n++], uid);
d025f1e4 538
ae018d9b 539 sprintf(gid, "_GID=%lu", (unsigned long) ucred->gid);
c2457105 540 IOVEC_SET_STRING(iovec[n++], gid);
d025f1e4
ZJS		 541
542 r = get_process_comm(ucred->pid, &t);
543 if (r >= 0) {
968f3196 544 x = strappenda("_COMM=", t);
d025f1e4 545 free(t);
968f3196 546 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4
ZJS		 547 }
548
549 r = get_process_exe(ucred->pid, &t);
550 if (r >= 0) {
968f3196 551 x = strappenda("_EXE=", t);
d025f1e4 552 free(t);
968f3196 553 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4
ZJS		 554 }
555
9bdbc2e2 556 r = get_process_cmdline(ucred->pid, 0, false, &t);
d025f1e4 557 if (r >= 0) {
968f3196 558 x = strappenda("_CMDLINE=", t);
d025f1e4 559 free(t);
3a832116
SL		 560 IOVEC_SET_STRING(iovec[n++], x);
561 }
562
563 r = get_process_capeff(ucred->pid, &t);
564 if (r >= 0) {
565 x = strappenda("_CAP_EFFECTIVE=", t);
566 free(t);
968f3196 567 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4
ZJS		 568 }
569
0a20e3c1 570#ifdef HAVE_AUDIT
d025f1e4 571 r = audit_session_from_pid(ucred->pid, &audit);
ae018d9b
LP		 572 if (r >= 0) {
573 sprintf(audit_session, "_AUDIT_SESSION=%lu", (unsigned long) audit);
574 IOVEC_SET_STRING(iovec[n++], audit_session);
575 }
d025f1e4
ZJS		 576
577 r = audit_loginuid_from_pid(ucred->pid, &loginuid);
7027ff61 578 if (r >= 0) {
ae018d9b
LP		 579 sprintf(audit_loginuid, "_AUDIT_LOGINUID=%lu", (unsigned long) loginuid);
580 IOVEC_SET_STRING(iovec[n++], audit_loginuid);
d025f1e4 581 }
ae018d9b 582#endif
d025f1e4 583
ae018d9b 584 r = cg_pid_get_path_shifted(ucred->pid, NULL, &c);
7027ff61 585 if (r >= 0) {
968f3196
ZJS		 586 char *session = NULL;
587
588 x = strappenda("_SYSTEMD_CGROUP=", c);
589 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4 590
ae018d9b
LP		 591 r = cg_path_get_session(c, &t);
592 if (r >= 0) {
593 session = strappenda("_SYSTEMD_SESSION=", t);
594 free(t);
d025f1e4 595 IOVEC_SET_STRING(iovec[n++], session);
ae018d9b
LP		 596 }
597
598 if (cg_path_get_owner_uid(c, &owner) >= 0) {
599 owner_valid = true;
d025f1e4 600
ae018d9b 601 sprintf(owner_uid, "_SYSTEMD_OWNER_UID=%lu", (unsigned long) owner);
d025f1e4 602 IOVEC_SET_STRING(iovec[n++], owner_uid);
ae018d9b 603 }
d025f1e4 604
ae018d9b 605 if (cg_path_get_unit(c, &t) >= 0) {
968f3196 606 x = strappenda("_SYSTEMD_UNIT=", t);
ae018d9b 607 free(t);
19cace37
LP		 608 IOVEC_SET_STRING(iovec[n++], x);
609 } else if (unit_id && !session) {
610 x = strappenda("_SYSTEMD_UNIT=", unit_id);
611 IOVEC_SET_STRING(iovec[n++], x);
612 }
613
614 if (cg_path_get_user_unit(c, &t) >= 0) {
968f3196 615 x = strappenda("_SYSTEMD_USER_UNIT=", t);
ae018d9b 616 free(t);
968f3196 617 IOVEC_SET_STRING(iovec[n++], x);
19cace37
LP		 618 } else if (unit_id && session) {
619 x = strappenda("_SYSTEMD_USER_UNIT=", unit_id);
620 IOVEC_SET_STRING(iovec[n++], x);
621 }
ae018d9b 622
0a244b8e
LP		 623 if (cg_path_get_slice(c, &t) >= 0) {
624 x = strappenda("_SYSTEMD_SLICE=", t);
625 free(t);
626 IOVEC_SET_STRING(iovec[n++], x);
627 }
628
ae018d9b 629 free(c);
ef1673d1 630 }
d025f1e4 631
d025f1e4 632#ifdef HAVE_SELINUX
d682b3a7
LP		 633 if (use_selinux()) {
634 if (label) {
635 x = alloca(sizeof("_SELINUX_CONTEXT=") + label_len);
ae018d9b 636
d682b3a7
LP		 637 *((char*) mempcpy(stpcpy(x, "_SELINUX_CONTEXT="), label, label_len)) = 0;
638 IOVEC_SET_STRING(iovec[n++], x);
639 } else {
640 security_context_t con;
d025f1e4 641
d682b3a7
LP		 642 if (getpidcon(ucred->pid, &con) >= 0) {
643 x = strappenda("_SELINUX_CONTEXT=", con);
e7ff4e7f 644
d682b3a7
LP		 645 freecon(con);
646 IOVEC_SET_STRING(iovec[n++], x);
647 }
d025f1e4
ZJS		 648 }
649 }
650#endif
651 }
968f3196
ZJS		 652 assert(n <= m);
653
654 if (object_pid) {
655 r = get_process_uid(object_pid, &object_uid);
656 if (r >= 0) {
657 sprintf(o_uid, "OBJECT_UID=%lu", (unsigned long) object_uid);
658 IOVEC_SET_STRING(iovec[n++], o_uid);
659 }
660
661 r = get_process_gid(object_pid, &object_gid);
662 if (r >= 0) {
663 sprintf(o_gid, "OBJECT_GID=%lu", (unsigned long) object_gid);
664 IOVEC_SET_STRING(iovec[n++], o_gid);
665 }
666
667 r = get_process_comm(object_pid, &t);
668 if (r >= 0) {
669 x = strappenda("OBJECT_COMM=", t);
670 free(t);
671 IOVEC_SET_STRING(iovec[n++], x);
672 }
673
674 r = get_process_exe(object_pid, &t);
675 if (r >= 0) {
676 x = strappenda("OBJECT_EXE=", t);
677 free(t);
678 IOVEC_SET_STRING(iovec[n++], x);
679 }
680
681 r = get_process_cmdline(object_pid, 0, false, &t);
682 if (r >= 0) {
683 x = strappenda("OBJECT_CMDLINE=", t);
684 free(t);
685 IOVEC_SET_STRING(iovec[n++], x);
686 }
687
688#ifdef HAVE_AUDIT
689 r = audit_session_from_pid(object_pid, &audit);
690 if (r >= 0) {
691 sprintf(o_audit_session, "OBJECT_AUDIT_SESSION=%lu", (unsigned long) audit);
692 IOVEC_SET_STRING(iovec[n++], o_audit_session);
693 }
694
695 r = audit_loginuid_from_pid(object_pid, &loginuid);
696 if (r >= 0) {
697 sprintf(o_audit_loginuid, "OBJECT_AUDIT_LOGINUID=%lu", (unsigned long) loginuid);
698 IOVEC_SET_STRING(iovec[n++], o_audit_loginuid);
699 }
700#endif
701
702 r = cg_pid_get_path_shifted(object_pid, NULL, &c);
703 if (r >= 0) {
704 x = strappenda("OBJECT_SYSTEMD_CGROUP=", c);
705 IOVEC_SET_STRING(iovec[n++], x);
706
707 r = cg_path_get_session(c, &t);
708 if (r >= 0) {
709 x = strappenda("OBJECT_SYSTEMD_SESSION=", t);
710 free(t);
711 IOVEC_SET_STRING(iovec[n++], x);
712 }
713
714 if (cg_path_get_owner_uid(c, &owner) >= 0) {
715 sprintf(o_owner_uid, "OBJECT_SYSTEMD_OWNER_UID=%lu", (unsigned long) owner);
716 IOVEC_SET_STRING(iovec[n++], o_owner_uid);
717 }
718
719 if (cg_path_get_unit(c, &t) >= 0) {
720 x = strappenda("OBJECT_SYSTEMD_UNIT=", t);
721 free(t);
19cace37
LP		 722 IOVEC_SET_STRING(iovec[n++], x);
723 }
724
725 if (cg_path_get_user_unit(c, &t) >= 0) {
968f3196
ZJS		 726 x = strappenda("OBJECT_SYSTEMD_USER_UNIT=", t);
727 free(t);
968f3196 728 IOVEC_SET_STRING(iovec[n++], x);
19cace37 729 }
968f3196
ZJS		 730
731 free(c);
732 }
733 }
734 assert(n <= m);
d025f1e4
ZJS		 735
736 if (tv) {
ae018d9b 737 sprintf(source_time, "_SOURCE_REALTIME_TIMESTAMP=%llu", (unsigned long long) timeval_load(tv));
a5693989 738 IOVEC_SET_STRING(iovec[n++], source_time);
d025f1e4
ZJS		 739 }
740
741 /* Note that strictly speaking storing the boot id here is
742 * redundant since the entry includes this in-line
743 * anyway. However, we need this indexed, too. */
744 r = sd_id128_get_boot(&id);
adb435bb 745 if (r >= 0) {
968f3196 746 sd_id128_to_string(id, boot_id + strlen("_BOOT_ID="));
adb435bb
LP		 747 IOVEC_SET_STRING(iovec[n++], boot_id);
748 }
d025f1e4
ZJS		 749
750 r = sd_id128_get_machine(&id);
adb435bb 751 if (r >= 0) {
968f3196 752 sd_id128_to_string(id, machine_id + strlen("_MACHINE_ID="));
adb435bb
LP		 753 IOVEC_SET_STRING(iovec[n++], machine_id);
754 }
d025f1e4
ZJS		 755
756 t = gethostname_malloc();
757 if (t) {
968f3196 758 x = strappenda("_HOSTNAME=", t);
d025f1e4 759 free(t);
968f3196 760 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4
ZJS		 761 }
762
763 assert(n <= m);
764
da499392 765 if (s->split_mode == SPLIT_UID && realuid > 0)
40adcda8 766 /* Split up strictly by any UID */
759c945a 767 journal_uid = realuid;
82499507 768 else if (s->split_mode == SPLIT_LOGIN && realuid > 0 && owner_valid && owner > 0)
40adcda8
LP		 769 /* Split up by login UIDs, this avoids creation of
770 * individual journals for system UIDs. We do this
771 * only if the realuid is not root, in order not to
82499507
LP		 772 * accidentally leak privileged information to the
773 * user that is logged by a privileged process that is
774 * part of an unprivileged session.*/
8a0889df 775 journal_uid = owner;
da499392
KS		 776 else
777 journal_uid = 0;
759c945a 778
d07f7b9e 779 write_to_journal(s, journal_uid, iovec, n, priority);
d025f1e4
ZJS		 780}
781
782void server_driver_message(Server *s, sd_id128_t message_id, const char *format, ...) {
783 char mid[11 + 32 + 1];
784 char buffer[16 + LINE_MAX + 1];
785 struct iovec iovec[N_IOVEC_META_FIELDS + 4];
786 int n = 0;
787 va_list ap;
b92bea5d 788 struct ucred ucred = {};
d025f1e4
ZJS		 789
790 assert(s);
791 assert(format);
792
793 IOVEC_SET_STRING(iovec[n++], "PRIORITY=6");
794 IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=driver");
795
796 memcpy(buffer, "MESSAGE=", 8);
797 va_start(ap, format);
798 vsnprintf(buffer + 8, sizeof(buffer) - 8, format, ap);
799 va_end(ap);
800 char_array_0(buffer);
801 IOVEC_SET_STRING(iovec[n++], buffer);
802
803 if (!sd_id128_equal(message_id, SD_ID128_NULL)) {
804 snprintf(mid, sizeof(mid), MESSAGE_ID(message_id));
805 char_array_0(mid);
806 IOVEC_SET_STRING(iovec[n++], mid);
807 }
808
d025f1e4
ZJS		 809 ucred.pid = getpid();
810 ucred.uid = getuid();
811 ucred.gid = getgid();
812
d07f7b9e 813 dispatch_message_real(s, iovec, n, ELEMENTSOF(iovec), &ucred, NULL, NULL, 0, NULL, LOG_INFO, 0);
d025f1e4
ZJS		 814}
815
816void server_dispatch_message(
817 Server *s,
818 struct iovec *iovec, unsigned n, unsigned m,
819 struct ucred *ucred,
820 struct timeval *tv,
821 const char *label, size_t label_len,
822 const char *unit_id,
968f3196
ZJS		 823 int priority,
824 pid_t object_pid) {
d025f1e4 825
7027ff61 826 int rl, r;
7fd1b19b 827 _cleanup_free_ char *path = NULL;
db91ea32 828 char *c;
d025f1e4
ZJS		 829
830 assert(s);
831 assert(iovec || n == 0);
832
833 if (n == 0)
834 return;
835
836 if (LOG_PRI(priority) > s->max_level_store)
837 return;
838
2f5df74a
HHPF		 839 /* Stop early in case the information will not be stored
840 * in a journal. */
841 if (s->storage == STORAGE_NONE)
842 return;
843
d025f1e4
ZJS		 844 if (!ucred)
845 goto finish;
846
7027ff61
LP		 847 r = cg_pid_get_path_shifted(ucred->pid, NULL, &path);
848 if (r < 0)
d025f1e4
ZJS		 849 goto finish;
850
851 /* example: /user/lennart/3/foobar
852 * /system/dbus.service/foobar
853 *
854 * So let's cut of everything past the third /, since that is
855 * where user directories start */
856
857 c = strchr(path, '/');
858 if (c) {
859 c = strchr(c+1, '/');
860 if (c) {
861 c = strchr(c+1, '/');
862 if (c)
863 *c = 0;
864 }
865 }
866
db91ea32 867 rl = journal_rate_limit_test(s->rate_limit, path,
670b110c 868 priority & LOG_PRIMASK, available_space(s, false));
d025f1e4 869
db91ea32 870 if (rl == 0)
d025f1e4 871 return;
d025f1e4
ZJS		 872
873 /* Write a suppression message if we suppressed something */
874 if (rl > 1)
db91ea32
ZJS		 875 server_driver_message(s, SD_MESSAGE_JOURNAL_DROPPED,
876 "Suppressed %u messages from %s", rl - 1, path);
d025f1e4
ZJS		 877
878finish:
d07f7b9e 879 dispatch_message_real(s, iovec, n, m, ucred, tv, label, label_len, unit_id, priority, object_pid);
d025f1e4
ZJS		 880}
881
882
883static int system_journal_open(Server *s) {
884 int r;
885 char *fn;
886 sd_id128_t machine;
887 char ids[33];
888
889 r = sd_id128_get_machine(&machine);
00a16861
OB		 890 if (r < 0) {
891 log_error("Failed to get machine id: %s", strerror(-r));
d025f1e4 892 return r;
00a16861 893 }
d025f1e4
ZJS		 894
895 sd_id128_to_string(machine, ids);
896
897 if (!s->system_journal &&
898 (s->storage == STORAGE_PERSISTENT || s->storage == STORAGE_AUTO) &&
899 access("/run/systemd/journal/flushed", F_OK) >= 0) {
900
901 /* If in auto mode: first try to create the machine
902 * path, but not the prefix.
903 *
904 * If in persistent mode: create /var/log/journal and
905 * the machine path */
906
907 if (s->storage == STORAGE_PERSISTENT)
908 (void) mkdir("/var/log/journal/", 0755);
909
e40ec7ae 910 fn = strappenda("/var/log/journal/", ids);
d025f1e4 911 (void) mkdir(fn, 0755);
d025f1e4 912
e40ec7ae 913 fn = strappenda(fn, "/system.journal");
d025f1e4 914 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &s->system_journal);
d025f1e4 915
670b110c 916 if (r >= 0)
d025f1e4 917 server_fix_perms(s, s->system_journal, 0);
433dd100
LN		 918 else if (r < 0) {
919 if (r != -ENOENT && r != -EROFS)
920 log_warning("Failed to open system journal: %s", strerror(-r));
e40ec7ae 921
433dd100
LN		 922 r = 0;
923 }
d025f1e4
ZJS		 924 }
925
926 if (!s->runtime_journal &&
927 (s->storage != STORAGE_NONE)) {
928
929 fn = strjoin("/run/log/journal/", ids, "/system.journal", NULL);
930 if (!fn)
931 return -ENOMEM;
932
933 if (s->system_journal) {
934
935 /* Try to open the runtime journal, but only
936 * if it already exists, so that we can flush
937 * it into the system journal */
938
939 r = journal_file_open(fn, O_RDWR, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
940 free(fn);
941
942 if (r < 0) {
943 if (r != -ENOENT)
944 log_warning("Failed to open runtime journal: %s", strerror(-r));
945
946 r = 0;
947 }
948
949 } else {
950
951 /* OK, we really need the runtime journal, so create
952 * it if necessary. */
953
954 (void) mkdir_parents(fn, 0755);
955 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
956 free(fn);
957
958 if (r < 0) {
959 log_error("Failed to open runtime journal: %s", strerror(-r));
960 return r;
961 }
962 }
963
670b110c 964 if (s->runtime_journal)
d025f1e4 965 server_fix_perms(s, s->runtime_journal, 0);
d025f1e4
ZJS		 966 }
967
670b110c
ZJS		 968 available_space(s, true);
969
d025f1e4
ZJS		 970 return r;
971}
972
973int server_flush_to_var(Server *s) {
974 int r;
975 sd_id128_t machine;
976 sd_journal *j = NULL;
977
978 assert(s);
979
980 if (s->storage != STORAGE_AUTO &&
981 s->storage != STORAGE_PERSISTENT)
982 return 0;
983
984 if (!s->runtime_journal)
985 return 0;
986
987 system_journal_open(s);
988
989 if (!s->system_journal)
990 return 0;
991
992 log_debug("Flushing to /var...");
993
994 r = sd_id128_get_machine(&machine);
00a16861 995 if (r < 0)
d025f1e4 996 return r;
d025f1e4
ZJS		 997
998 r = sd_journal_open(&j, SD_JOURNAL_RUNTIME_ONLY);
999 if (r < 0) {
1000 log_error("Failed to read runtime journal: %s", strerror(-r));
1001 return r;
1002 }
1003
93b73b06
LP		 1004 sd_journal_set_data_threshold(j, 0);
1005
d025f1e4
ZJS		 1006 SD_JOURNAL_FOREACH(j) {
1007 Object *o = NULL;
1008 JournalFile *f;
1009
1010 f = j->current_file;
1011 assert(f && f->current_offset > 0);
1012
1013 r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
1014 if (r < 0) {
1015 log_error("Can't read entry: %s", strerror(-r));
1016 goto finish;
1017 }
1018
1019 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
1020 if (r >= 0)
1021 continue;
1022
1023 if (!shall_try_append_again(s->system_journal, r)) {
1024 log_error("Can't write entry: %s", strerror(-r));
1025 goto finish;
1026 }
1027
1028 server_rotate(s);
1029 server_vacuum(s);
1030
253f59df
LP		 1031 if (!s->system_journal) {
1032 log_notice("Didn't flush runtime journal since rotation of system journal wasn't successful.");
1033 r = -EIO;
1034 goto finish;
1035 }
1036
d025f1e4
ZJS		 1037 log_debug("Retrying write.");
1038 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
1039 if (r < 0) {
1040 log_error("Can't write entry: %s", strerror(-r));
1041 goto finish;
1042 }
1043 }
1044
1045finish:
1046 journal_file_post_change(s->system_journal);
1047
1048 journal_file_close(s->runtime_journal);
1049 s->runtime_journal = NULL;
1050
1051 if (r >= 0)
1052 rm_rf("/run/log/journal", false, true, false);
1053
763c7aa2 1054 sd_journal_close(j);
d025f1e4
ZJS		 1055
1056 return r;
1057}
1058
1059int process_event(Server *s, struct epoll_event *ev) {
1060 assert(s);
1061 assert(ev);
1062
1063 if (ev->data.fd == s->signal_fd) {
1064 struct signalfd_siginfo sfsi;
1065 ssize_t n;
1066
1067 if (ev->events != EPOLLIN) {
5843c5eb
ZJS		 1068 log_error("Got invalid event from epoll for %s: %"PRIx32,
1069 "signal fd", ev->events);
d025f1e4
ZJS		 1070 return -EIO;
1071 }
1072
1073 n = read(s->signal_fd, &sfsi, sizeof(sfsi));
1074 if (n != sizeof(sfsi)) {
1075
1076 if (n >= 0)
1077 return -EIO;
1078
1079 if (errno == EINTR || errno == EAGAIN)
1080 return 1;
1081
1082 return -errno;
1083 }
1084
d025f1e4 1085 if (sfsi.ssi_signo == SIGUSR1) {
289f910e
ZJS		 1086 log_info("Received request to flush runtime journal from PID %"PRIu32,
1087 sfsi.ssi_pid);
d025f1e4
ZJS		 1088 touch("/run/systemd/journal/flushed");
1089 server_flush_to_var(s);
26687bf8 1090 server_sync(s);
d025f1e4
ZJS		 1091 return 1;
1092 }
1093
1094 if (sfsi.ssi_signo == SIGUSR2) {
289f910e
ZJS		 1095 log_info("Received request to rotate journal from PID %"PRIu32,
1096 sfsi.ssi_pid);
d025f1e4
ZJS		 1097 server_rotate(s);
1098 server_vacuum(s);
1099 return 1;
1100 }
1101
26687bf8
OS		 1102 log_info("Received SIG%s", signal_to_string(sfsi.ssi_signo));
1103
d025f1e4
ZJS		 1104 return 0;
1105
26687bf8
OS		 1106 } else if (ev->data.fd == s->sync_timer_fd) {
1107 int r;
1108 uint64_t t;
1109
1110 log_debug("Got sync request from epoll.");
1111
1112 r = read(ev->data.fd, (void *)&t, sizeof(t));
1113 if (r < 0)
1114 return 0;
1115
1116 server_sync(s);
1117 return 1;
1118
d025f1e4
ZJS		 1119 } else if (ev->data.fd == s->dev_kmsg_fd) {
1120 int r;
1121
5843c5eb
ZJS		 1122 if (ev->events & EPOLLERR)
1123 log_warning("/dev/kmsg buffer overrun, some messages lost.");
1124
1125 if (!(ev->events & EPOLLIN)) {
1126 log_error("Got invalid event from epoll for %s: %"PRIx32,
1127 "/dev/kmsg", ev->events);
d025f1e4
ZJS		 1128 return -EIO;
1129 }
1130
1131 r = server_read_dev_kmsg(s);
1132 if (r < 0)
1133 return r;
1134
1135 return 1;
1136
1137 } else if (ev->data.fd == s->native_fd ||
1138 ev->data.fd == s->syslog_fd) {
1139
1140 if (ev->events != EPOLLIN) {
5843c5eb
ZJS		 1141 log_error("Got invalid event from epoll for %s: %"PRIx32,
1142 ev->data.fd == s->native_fd ? "native fd" : "syslog fd",
1143 ev->events);
d025f1e4
ZJS		 1144 return -EIO;
1145 }
1146
1147 for (;;) {
d025f1e4
ZJS		 1148 struct ucred *ucred = NULL;
1149 struct timeval *tv = NULL;
1150 struct cmsghdr *cmsg;
1151 char *label = NULL;
1152 size_t label_len = 0;
7ca9dffa
ZJS		 1153
1154 struct iovec iovec;
d025f1e4
ZJS		 1155 union {
1156 struct cmsghdr cmsghdr;
1157
1158 /* We use NAME_MAX space for the
1159 * SELinux label here. The kernel
1160 * currently enforces no limit, but
1161 * according to suggestions from the
1162 * SELinux people this will change and
1163 * it will probably be identical to
1164 * NAME_MAX. For now we use that, but
1165 * this should be updated one day when
1166 * the final limit is known.*/
1167 uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
1168 CMSG_SPACE(sizeof(struct timeval)) +
1169 CMSG_SPACE(sizeof(int)) + /* fd */
1170 CMSG_SPACE(NAME_MAX)]; /* selinux label */
7ca9dffa
ZJS		 1171 } control = {};
1172 struct msghdr msghdr = {
1173 .msg_iov = &iovec,
1174 .msg_iovlen = 1,
1175 .msg_control = &control,
1176 .msg_controllen = sizeof(control),
1177 };
1178
d025f1e4
ZJS		 1179 ssize_t n;
1180 int v;
1181 int *fds = NULL;
1182 unsigned n_fds = 0;
1183
1184 if (ioctl(ev->data.fd, SIOCINQ, &v) < 0) {
1185 log_error("SIOCINQ failed: %m");
1186 return -errno;
1187 }
1188
7ca9dffa
ZJS		 1189 if (!GREEDY_REALLOC(s->buffer, s->buffer_size, LINE_MAX + (size_t) v))
1190 return log_oom();
d025f1e4 1191
d025f1e4
ZJS		 1192 iovec.iov_base = s->buffer;
1193 iovec.iov_len = s->buffer_size;
1194
d025f1e4
ZJS		 1195 n = recvmsg(ev->data.fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
1196 if (n < 0) {
d025f1e4
ZJS		 1197 if (errno == EINTR || errno == EAGAIN)
1198 return 1;
1199
1200 log_error("recvmsg() failed: %m");
1201 return -errno;
1202 }
1203
1204 for (cmsg = CMSG_FIRSTHDR(&msghdr); cmsg; cmsg = CMSG_NXTHDR(&msghdr, cmsg)) {
1205
1206 if (cmsg->cmsg_level == SOL_SOCKET &&
1207 cmsg->cmsg_type == SCM_CREDENTIALS &&
1208 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
1209 ucred = (struct ucred*) CMSG_DATA(cmsg);
1210 else if (cmsg->cmsg_level == SOL_SOCKET &&
1211 cmsg->cmsg_type == SCM_SECURITY) {
1212 label = (char*) CMSG_DATA(cmsg);
1213 label_len = cmsg->cmsg_len - CMSG_LEN(0);
1214 } else if (cmsg->cmsg_level == SOL_SOCKET &&
670b110c
ZJS		 1215 cmsg->cmsg_type == SO_TIMESTAMP &&
1216 cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval)))
d025f1e4
ZJS		 1217 tv = (struct timeval*) CMSG_DATA(cmsg);
1218 else if (cmsg->cmsg_level == SOL_SOCKET &&
1219 cmsg->cmsg_type == SCM_RIGHTS) {
1220 fds = (int*) CMSG_DATA(cmsg);
1221 n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
1222 }
1223 }
1224
1225 if (ev->data.fd == s->syslog_fd) {
d025f1e4 1226 if (n > 0 && n_fds == 0) {
04fefcdd 1227 s->buffer[n] = 0;
d025f1e4
ZJS		 1228 server_process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len);
1229 } else if (n_fds > 0)
1230 log_warning("Got file descriptors via syslog socket. Ignoring.");
1231
1232 } else {
1233 if (n > 0 && n_fds == 0)
1234 server_process_native_message(s, s->buffer, n, ucred, tv, label, label_len);
1235 else if (n == 0 && n_fds == 1)
1236 server_process_native_file(s, fds[0], ucred, tv, label, label_len);
1237 else if (n_fds > 0)
1238 log_warning("Got too many file descriptors via native socket. Ignoring.");
1239 }
1240
1241 close_many(fds, n_fds);
1242 }
1243
1244 return 1;
1245
1246 } else if (ev->data.fd == s->stdout_fd) {
1247
1248 if (ev->events != EPOLLIN) {
5843c5eb
ZJS		 1249 log_error("Got invalid event from epoll for %s: %"PRIx32,
1250 "stdout fd", ev->events);
d025f1e4
ZJS		 1251 return -EIO;
1252 }
1253
1254 stdout_stream_new(s);
1255 return 1;
1256
1257 } else {
1258 StdoutStream *stream;
1259
1260 if ((ev->events|EPOLLIN|EPOLLHUP) != (EPOLLIN|EPOLLHUP)) {
5843c5eb
ZJS		 1261 log_error("Got invalid event from epoll for %s: %"PRIx32,
1262 "stdout stream", ev->events);
d025f1e4
ZJS		 1263 return -EIO;
1264 }
1265
1266 /* If it is none of the well-known fds, it must be an
1267 * stdout stream fd. Note that this is a bit ugly here
1268 * (since we rely that none of the well-known fds
1269 * could be interpreted as pointer), but nonetheless
1270 * safe, since the well-known fds would never get an
1271 * fd > 4096, i.e. beyond the first memory page */
1272
1273 stream = ev->data.ptr;
1274
1275 if (stdout_stream_process(stream) <= 0)
1276 stdout_stream_free(stream);
1277
1278 return 1;
1279 }
1280
1281 log_error("Unknown event.");
1282 return 0;
1283}
1284
1285static int open_signalfd(Server *s) {
1286 sigset_t mask;
1287 struct epoll_event ev;
1288
1289 assert(s);
1290
1291 assert_se(sigemptyset(&mask) == 0);
1292 sigset_add_many(&mask, SIGINT, SIGTERM, SIGUSR1, SIGUSR2, -1);
1293 assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);
1294
1295 s->signal_fd = signalfd(-1, &mask, SFD_NONBLOCK|SFD_CLOEXEC);
1296 if (s->signal_fd < 0) {
1297 log_error("signalfd(): %m");
1298 return -errno;
1299 }
1300
1301 zero(ev);
1302 ev.events = EPOLLIN;
1303 ev.data.fd = s->signal_fd;
1304
1305 if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->signal_fd, &ev) < 0) {
1306 log_error("epoll_ctl(): %m");
1307 return -errno;
1308 }
1309
1310 return 0;
1311}
1312
1313static int server_parse_proc_cmdline(Server *s) {
7fd1b19b 1314 _cleanup_free_ char *line = NULL;
db91ea32 1315 char *w, *state;
d025f1e4
ZJS		 1316 int r;
1317 size_t l;
1318
1319 if (detect_container(NULL) > 0)
1320 return 0;
1321
1322 r = read_one_line_file("/proc/cmdline", &line);
1323 if (r < 0) {
1324 log_warning("Failed to read /proc/cmdline, ignoring: %s", strerror(-r));
1325 return 0;
1326 }
1327
1328 FOREACH_WORD_QUOTED(w, l, line, state) {
7fd1b19b 1329 _cleanup_free_ char *word;
d025f1e4
ZJS		 1330
1331 word = strndup(w, l);
db91ea32
ZJS		 1332 if (!word)
1333 return -ENOMEM;
d025f1e4
ZJS		 1334
1335 if (startswith(word, "systemd.journald.forward_to_syslog=")) {
1336 r = parse_boolean(word + 35);
1337 if (r < 0)
1338 log_warning("Failed to parse forward to syslog switch %s. Ignoring.", word + 35);
1339 else
1340 s->forward_to_syslog = r;
1341 } else if (startswith(word, "systemd.journald.forward_to_kmsg=")) {
1342 r = parse_boolean(word + 33);
1343 if (r < 0)
1344 log_warning("Failed to parse forward to kmsg switch %s. Ignoring.", word + 33);
1345 else
1346 s->forward_to_kmsg = r;
1347 } else if (startswith(word, "systemd.journald.forward_to_console=")) {
1348 r = parse_boolean(word + 36);
1349 if (r < 0)
1350 log_warning("Failed to parse forward to console switch %s. Ignoring.", word + 36);
1351 else
1352 s->forward_to_console = r;
1353 } else if (startswith(word, "systemd.journald"))
1354 log_warning("Invalid systemd.journald parameter. Ignoring.");
d025f1e4
ZJS		 1355 }
1356
db91ea32 1357 return 0;
d025f1e4
ZJS		 1358}
1359
1360static int server_parse_config_file(Server *s) {
db5c0122 1361 static const char fn[] = "/etc/systemd/journald.conf";
7fd1b19b 1362 _cleanup_fclose_ FILE *f = NULL;
d025f1e4
ZJS		 1363 int r;
1364
1365 assert(s);
1366
d025f1e4
ZJS		 1367 f = fopen(fn, "re");
1368 if (!f) {
1369 if (errno == ENOENT)
1370 return 0;
1371
1372 log_warning("Failed to open configuration file %s: %m", fn);
1373 return -errno;
1374 }
1375
e8e581bf 1376 r = config_parse(NULL, fn, f, "Journal\0", config_item_perf_lookup,
db5c0122 1377 (void*) journald_gperf_lookup, false, false, s);
d025f1e4
ZJS		 1378 if (r < 0)
1379 log_warning("Failed to parse configuration file: %s", strerror(-r));
1380
d025f1e4
ZJS		 1381 return r;
1382}
1383
26687bf8
OS		 1384static int server_open_sync_timer(Server *s) {
1385 int r;
1386 struct epoll_event ev;
1387
1388 assert(s);
1389
1390 s->sync_timer_fd = timerfd_create(CLOCK_MONOTONIC, TFD_CLOEXEC);
1391 if (s->sync_timer_fd < 0)
1392 return -errno;
1393
1394 zero(ev);
1395 ev.events = EPOLLIN;
1396 ev.data.fd = s->sync_timer_fd;
1397
1398 r = epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->sync_timer_fd, &ev);
1399 if (r < 0) {
1400 log_error("Failed to add idle timer fd to epoll object: %m");
1401 return -errno;
1402 }
1403
1404 return 0;
1405}
1406
d07f7b9e 1407int server_schedule_sync(Server *s, int priority) {
26687bf8
OS		 1408 int r;
1409
26687bf8
OS		 1410 assert(s);
1411
d07f7b9e
LP		 1412 if (priority <= LOG_CRIT) {
1413 /* Immediately sync to disk when this is of priority CRIT, ALERT, EMERG */
1414 server_sync(s);
1415 return 0;
1416 }
1417
26687bf8
OS		 1418 if (s->sync_scheduled)
1419 return 0;
1420
1421 if (s->sync_interval_usec) {
ca267016
MB		 1422 struct itimerspec sync_timer_enable = {};
1423
1424 timespec_store(&sync_timer_enable.it_value, s->sync_interval_usec);
26687bf8
OS		 1425
1426 r = timerfd_settime(s->sync_timer_fd, 0, &sync_timer_enable, NULL);
1427 if (r < 0)
1428 return -errno;
1429 }
1430
1431 s->sync_scheduled = true;
1432
1433 return 0;
1434}
1435
d025f1e4
ZJS		 1436int server_init(Server *s) {
1437 int n, r, fd;
1438
1439 assert(s);
1440
1441 zero(*s);
26687bf8 1442 s->sync_timer_fd = s->syslog_fd = s->native_fd = s->stdout_fd =
670b110c 1443 s->signal_fd = s->epoll_fd = s->dev_kmsg_fd = -1;
d025f1e4
ZJS		 1444 s->compress = true;
1445 s->seal = true;
1446
26687bf8
OS		 1447 s->sync_interval_usec = DEFAULT_SYNC_INTERVAL_USEC;
1448 s->sync_scheduled = false;
1449
d025f1e4
ZJS		 1450 s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL;
1451 s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST;
1452
1453 s->forward_to_syslog = true;
1454
1455 s->max_level_store = LOG_DEBUG;
1456 s->max_level_syslog = LOG_DEBUG;
1457 s->max_level_kmsg = LOG_NOTICE;
1458 s->max_level_console = LOG_INFO;
1459
1460 memset(&s->system_metrics, 0xFF, sizeof(s->system_metrics));
1461 memset(&s->runtime_metrics, 0xFF, sizeof(s->runtime_metrics));
1462
1463 server_parse_config_file(s);
1464 server_parse_proc_cmdline(s);
d288f79f
ZJS		 1465 if (!!s->rate_limit_interval ^ !!s->rate_limit_burst) {
1466 log_debug("Setting both rate limit interval and burst from %llu,%u to 0,0",
1467 (long long unsigned) s->rate_limit_interval,
1468 s->rate_limit_burst);
1469 s->rate_limit_interval = s->rate_limit_burst = 0;
1470 }
d025f1e4
ZJS		 1471
1472 mkdir_p("/run/systemd/journal", 0755);
1473
1474 s->user_journals = hashmap_new(trivial_hash_func, trivial_compare_func);
1475 if (!s->user_journals)
1476 return log_oom();
1477
1478 s->mmap = mmap_cache_new();
1479 if (!s->mmap)
1480 return log_oom();
1481
1482 s->epoll_fd = epoll_create1(EPOLL_CLOEXEC);
1483 if (s->epoll_fd < 0) {
1484 log_error("Failed to create epoll object: %m");
1485 return -errno;
1486 }
1487
1488 n = sd_listen_fds(true);
1489 if (n < 0) {
1490 log_error("Failed to read listening file descriptors from environment: %s", strerror(-n));
1491 return n;
1492 }
1493
1494 for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
1495
1496 if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/socket", 0) > 0) {
1497
1498 if (s->native_fd >= 0) {
1499 log_error("Too many native sockets passed.");
1500 return -EINVAL;
1501 }
1502
1503 s->native_fd = fd;
1504
1505 } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, "/run/systemd/journal/stdout", 0) > 0) {
1506
1507 if (s->stdout_fd >= 0) {
1508 log_error("Too many stdout sockets passed.");
1509 return -EINVAL;
1510 }
1511
1512 s->stdout_fd = fd;
1513
1514 } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0) {
1515
1516 if (s->syslog_fd >= 0) {
1517 log_error("Too many /dev/log sockets passed.");
1518 return -EINVAL;
1519 }
1520
1521 s->syslog_fd = fd;
1522
1523 } else {
1524 log_error("Unknown socket passed.");
1525 return -EINVAL;
1526 }
1527 }
1528
1529 r = server_open_syslog_socket(s);
1530 if (r < 0)
1531 return r;
1532
1533 r = server_open_native_socket(s);
1534 if (r < 0)
1535 return r;
1536
1537 r = server_open_stdout_socket(s);
1538 if (r < 0)
1539 return r;
1540
1541 r = server_open_dev_kmsg(s);
1542 if (r < 0)
1543 return r;
1544
1545 r = server_open_kernel_seqnum(s);
1546 if (r < 0)
1547 return r;
1548
26687bf8
OS		 1549 r = server_open_sync_timer(s);
1550 if (r < 0)
1551 return r;
1552
d025f1e4
ZJS		 1553 r = open_signalfd(s);
1554 if (r < 0)
1555 return r;
1556
1557 s->udev = udev_new();
1558 if (!s->udev)
1559 return -ENOMEM;
1560
d288f79f
ZJS		 1561 s->rate_limit = journal_rate_limit_new(s->rate_limit_interval,
1562 s->rate_limit_burst);
d025f1e4
ZJS		 1563 if (!s->rate_limit)
1564 return -ENOMEM;
1565
1566 r = system_journal_open(s);
1567 if (r < 0)
1568 return r;
1569
1570 return 0;
1571}
1572
1573void server_maybe_append_tags(Server *s) {
1574#ifdef HAVE_GCRYPT
1575 JournalFile *f;
1576 Iterator i;
1577 usec_t n;
1578
1579 n = now(CLOCK_REALTIME);
1580
1581 if (s->system_journal)
1582 journal_file_maybe_append_tag(s->system_journal, n);
1583
1584 HASHMAP_FOREACH(f, s->user_journals, i)
1585 journal_file_maybe_append_tag(f, n);
1586#endif
1587}
1588
1589void server_done(Server *s) {
1590 JournalFile *f;
1591 assert(s);
1592
1593 while (s->stdout_streams)
1594 stdout_stream_free(s->stdout_streams);
1595
1596 if (s->system_journal)
1597 journal_file_close(s->system_journal);
1598
1599 if (s->runtime_journal)
1600 journal_file_close(s->runtime_journal);
1601
1602 while ((f = hashmap_steal_first(s->user_journals)))
1603 journal_file_close(f);
1604
1605 hashmap_free(s->user_journals);
1606
1607 if (s->epoll_fd >= 0)
1608 close_nointr_nofail(s->epoll_fd);
1609
1610 if (s->signal_fd >= 0)
1611 close_nointr_nofail(s->signal_fd);
1612
1613 if (s->syslog_fd >= 0)
1614 close_nointr_nofail(s->syslog_fd);
1615
1616 if (s->native_fd >= 0)
1617 close_nointr_nofail(s->native_fd);
1618
1619 if (s->stdout_fd >= 0)
1620 close_nointr_nofail(s->stdout_fd);
1621
1622 if (s->dev_kmsg_fd >= 0)
1623 close_nointr_nofail(s->dev_kmsg_fd);
1624
26687bf8
OS		 1625 if (s->sync_timer_fd >= 0)
1626 close_nointr_nofail(s->sync_timer_fd);
1627
d025f1e4
ZJS		 1628 if (s->rate_limit)
1629 journal_rate_limit_free(s->rate_limit);
1630
1631 if (s->kernel_seqnum)
1632 munmap(s->kernel_seqnum, sizeof(uint64_t));
1633
1634 free(s->buffer);
1635 free(s->tty_path);
1636
1637 if (s->mmap)
1638 mmap_cache_unref(s->mmap);
1639
1640 if (s->udev)
1641 udev_unref(s->udev);
1642}
Unnamed repository; edit this file 'description' to name the repository.