]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/journal/journald-server.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
journald: use structured message + catalog entry for disk usage
[thirdparty/systemd.git] / src / journal / journald-server.c
CommitLineData
d025f1e4
ZJS		 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3/***
4 This file is part of systemd.
5
6 Copyright 2011 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
24882e06
LP		 22#ifdef HAVE_SELINUX
23#include <selinux/selinux.h>
24#endif
8580d1f7
LP		 25#include <sys/ioctl.h>
26#include <sys/mman.h>
27#include <sys/signalfd.h>
28#include <sys/statvfs.h>
07630cea 29#include <linux/sockios.h>
24882e06 30
b4bbcaa9 31#include "libudev.h"
8580d1f7 32#include "sd-daemon.h"
74df0fca
LP		 33#include "sd-journal.h"
34#include "sd-messages.h"
8580d1f7
LP		 35
36#include "acl-util.h"
b5efdb8a 37#include "alloc-util.h"
430f0182 38#include "audit-util.h"
d025f1e4 39#include "cgroup-util.h"
d025f1e4 40#include "conf-parser.h"
a0956174 41#include "dirent-util.h"
0dec689b 42#include "extract-word.h"
3ffd4af2 43#include "fd-util.h"
33d52ab9 44#include "fileio.h"
958b66ea 45#include "formats-util.h"
f4f15635 46#include "fs-util.h"
8580d1f7 47#include "hashmap.h"
958b66ea 48#include "hostname-util.h"
afc5dbf3 49#include "io-util.h"
8580d1f7
LP		 50#include "journal-authenticate.h"
51#include "journal-file.h"
d025f1e4
ZJS		 52#include "journal-internal.h"
53#include "journal-vacuum.h"
8580d1f7 54#include "journald-audit.h"
d025f1e4 55#include "journald-kmsg.h"
d025f1e4 56#include "journald-native.h"
8580d1f7 57#include "journald-rate-limit.h"
3ffd4af2 58#include "journald-server.h"
8580d1f7
LP		 59#include "journald-stream.h"
60#include "journald-syslog.h"
07630cea
LP		 61#include "missing.h"
62#include "mkdir.h"
6bedfcbb 63#include "parse-util.h"
4e731273 64#include "proc-cmdline.h"
07630cea
LP		 65#include "process-util.h"
66#include "rm-rf.h"
67#include "selinux-util.h"
68#include "signal-util.h"
69#include "socket-util.h"
8b43440b 70#include "string-table.h"
07630cea 71#include "string-util.h"
4a0b58c4 72#include "user-util.h"
8a03c9ef 73#include "log.h"
d025f1e4 74
d025f1e4
ZJS		 75#define USER_JOURNALS_MAX 1024
76
26687bf8 77#define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
7f1ad696
LP		 78#define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC)
79#define DEFAULT_RATE_LIMIT_BURST 1000
e150e820 80#define DEFAULT_MAX_FILE_USEC USEC_PER_MONTH
d025f1e4 81
8580d1f7 82#define RECHECK_SPACE_USEC (30*USEC_PER_SEC)
d025f1e4 83
e22aa3d3
LP		 84#define NOTIFY_SNDBUF_SIZE (8*1024*1024)
85
8580d1f7
LP		 86static int determine_space_for(
87 Server *s,
88 JournalMetrics *metrics,
89 const char *path,
90 const char *name,
91 bool verbose,
92 bool patch_min_use,
93 uint64_t *available,
94 uint64_t *limit) {
95
96 uint64_t sum = 0, ss_avail, avail;
7fd1b19b 97 _cleanup_closedir_ DIR *d = NULL;
8580d1f7
LP		 98 struct dirent *de;
99 struct statvfs ss;
100 const char *p;
d025f1e4 101 usec_t ts;
d025f1e4 102
8580d1f7
LP		 103 assert(s);
104 assert(metrics);
105 assert(path);
106 assert(name);
d025f1e4 107
8580d1f7 108 ts = now(CLOCK_MONOTONIC);
d025f1e4 109
8580d1f7 110 if (!verbose && s->cached_space_timestamp + RECHECK_SPACE_USEC > ts) {
d025f1e4 111
8580d1f7
LP		 112 if (available)
113 *available = s->cached_space_available;
114 if (limit)
115 *limit = s->cached_space_limit;
d025f1e4 116
d025f1e4 117 return 0;
8580d1f7 118 }
d025f1e4 119
8580d1f7 120 p = strjoina(path, SERVER_MACHINE_ID(s));
d025f1e4 121 d = opendir(p);
d025f1e4 122 if (!d)
8580d1f7 123 return log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, errno, "Failed to open %s: %m", p);
d025f1e4
ZJS		 124
125 if (fstatvfs(dirfd(d), &ss) < 0)
8580d1f7 126 return log_error_errno(errno, "Failed to fstatvfs(%s): %m", p);
d025f1e4 127
8580d1f7 128 FOREACH_DIRENT_ALL(de, d, break) {
d025f1e4 129 struct stat st;
d025f1e4
ZJS		 130
131 if (!endswith(de->d_name, ".journal") &&
132 !endswith(de->d_name, ".journal~"))
133 continue;
134
8580d1f7
LP		 135 if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
136 log_debug_errno(errno, "Failed to stat %s/%s, ignoring: %m", p, de->d_name);
d025f1e4 137 continue;
8580d1f7 138 }
d025f1e4
ZJS		 139
140 if (!S_ISREG(st.st_mode))
141 continue;
142
143 sum += (uint64_t) st.st_blocks * 512UL;
144 }
145
8a03c9ef 146 /* If requested, then let's bump the min_use limit to the
8580d1f7
LP		 147 * current usage on disk. We do this when starting up and
148 * first opening the journal files. This way sudden spikes in
149 * disk usage will not cause journald to vacuum files without
150 * bounds. Note that this means that only a restart of
151 * journald will make it reset this value. */
d025f1e4 152
8580d1f7
LP		 153 if (patch_min_use)
154 metrics->min_use = MAX(metrics->min_use, sum);
348ced90 155
8580d1f7
LP		 156 ss_avail = ss.f_bsize * ss.f_bavail;
157 avail = LESS_BY(ss_avail, metrics->keep_free);
348ced90 158
8580d1f7
LP		 159 s->cached_space_limit = MIN(MAX(sum + avail, metrics->min_use), metrics->max_use);
160 s->cached_space_available = LESS_BY(s->cached_space_limit, sum);
161 s->cached_space_timestamp = ts;
d025f1e4 162
670b110c
ZJS		 163 if (verbose) {
164 char fb1[FORMAT_BYTES_MAX], fb2[FORMAT_BYTES_MAX], fb3[FORMAT_BYTES_MAX],
8580d1f7 165 fb4[FORMAT_BYTES_MAX], fb5[FORMAT_BYTES_MAX], fb6[FORMAT_BYTES_MAX];
282c5c4e
ZJS		 166 format_bytes(fb1, sizeof(fb1), sum);
167 format_bytes(fb2, sizeof(fb2), metrics->max_use);
168 format_bytes(fb3, sizeof(fb3), metrics->keep_free);
169 format_bytes(fb4, sizeof(fb4), ss_avail);
170 format_bytes(fb5, sizeof(fb5), s->cached_space_limit);
171 format_bytes(fb6, sizeof(fb6), s->cached_space_available);
670b110c
ZJS		 172
173 server_driver_message(s, SD_MESSAGE_JOURNAL_USAGE,
282c5c4e
ZJS		 174 LOG_MESSAGE("%s (%s) is %s, max %s, %s free.",
175 name, path, fb1, fb5, fb6),
176 "JOURNAL_NAME=%s", name,
177 "JOURNAL_PATH=%s", path,
178 "CURRENT_USE=%"PRIu64, sum,
179 "CURRENT_USE_PRETTY=%s", fb1,
180 "MAX_USE=%"PRIu64, metrics->max_use,
181 "MAX_USE_PRETTY=%s", fb2,
182 "DISK_KEEP_FREE=%"PRIu64, metrics->keep_free,
183 "DISK_KEEP_FREE_PRETTY=%s", fb3,
184 "DISK_AVAILABLE=%"PRIu64, ss_avail,
185 "DISK_AVAILABLE_PRETTY=%s", fb4,
186 "LIMIT=%"PRIu64, s->cached_space_limit,
187 "LIMIT_PRETTY=%s", fb5,
188 "AVAILABLE=%"PRIu64, s->cached_space_available,
189 "AVAILABLE_PRETTY=%s", fb6,
8a03c9ef 190 NULL);
8580d1f7
LP		 191 }
192
193 if (available)
194 *available = s->cached_space_available;
195 if (limit)
196 *limit = s->cached_space_limit;
197
198 return 1;
199}
200
201static int determine_space(Server *s, bool verbose, bool patch_min_use, uint64_t *available, uint64_t *limit) {
202 JournalMetrics *metrics;
203 const char *path, *name;
204
205 assert(s);
206
207 if (s->system_journal) {
208 path = "/var/log/journal/";
209 metrics = &s->system_metrics;
210 name = "System journal";
211 } else {
212 path = "/run/log/journal/";
213 metrics = &s->runtime_metrics;
214 name = "Runtime journal";
670b110c
ZJS		 215 }
216
8580d1f7 217 return determine_space_for(s, metrics, path, name, verbose, patch_min_use, available, limit);
d025f1e4
ZJS		 218}
219
5c3bde3f 220static void server_add_acls(JournalFile *f, uid_t uid) {
d025f1e4 221#ifdef HAVE_ACL
5c3bde3f 222 int r;
d025f1e4 223#endif
d025f1e4
ZJS		 224 assert(f);
225
d025f1e4 226#ifdef HAVE_ACL
34c10968 227 if (uid <= SYSTEM_UID_MAX)
d025f1e4
ZJS		 228 return;
229
5c3bde3f
ZJS		 230 r = add_acls_for_user(f->fd, uid);
231 if (r < 0)
232 log_warning_errno(r, "Failed to set ACL on %s, ignoring: %m", f->path);
d025f1e4
ZJS		 233#endif
234}
235
236static JournalFile* find_journal(Server *s, uid_t uid) {
ed375beb 237 _cleanup_free_ char *p = NULL;
d025f1e4
ZJS		 238 int r;
239 JournalFile *f;
240 sd_id128_t machine;
241
242 assert(s);
243
244 /* We split up user logs only on /var, not on /run. If the
245 * runtime file is open, we write to it exclusively, in order
246 * to guarantee proper order as soon as we flush /run to
247 * /var and close the runtime file. */
248
249 if (s->runtime_journal)
250 return s->runtime_journal;
251
f7dc3ab9 252 if (uid <= SYSTEM_UID_MAX)
d025f1e4
ZJS		 253 return s->system_journal;
254
255 r = sd_id128_get_machine(&machine);
256 if (r < 0)
257 return s->system_journal;
258
4a0b58c4 259 f = ordered_hashmap_get(s->user_journals, UID_TO_PTR(uid));
d025f1e4
ZJS		 260 if (f)
261 return f;
262
de0671ee
ZJS		 263 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/user-"UID_FMT".journal",
264 SD_ID128_FORMAT_VAL(machine), uid) < 0)
d025f1e4
ZJS		 265 return s->system_journal;
266
43cf8388 267 while (ordered_hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
d025f1e4 268 /* Too many open? Then let's close one */
43cf8388 269 f = ordered_hashmap_steal_first(s->user_journals);
d025f1e4
ZJS		 270 assert(f);
271 journal_file_close(f);
272 }
273
cbd67177 274 r = journal_file_open_reliably(p, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &f);
d025f1e4
ZJS		 275 if (r < 0)
276 return s->system_journal;
277
5c3bde3f 278 server_add_acls(f, uid);
d025f1e4 279
4a0b58c4 280 r = ordered_hashmap_put(s->user_journals, UID_TO_PTR(uid), f);
d025f1e4
ZJS		 281 if (r < 0) {
282 journal_file_close(f);
283 return s->system_journal;
284 }
285
286 return f;
287}
288
ea69bd41
LP		 289static int do_rotate(
290 Server *s,
291 JournalFile **f,
292 const char* name,
293 bool seal,
294 uint32_t uid) {
295
fc55baee
ZJS		 296 int r;
297 assert(s);
298
299 if (!*f)
300 return -EINVAL;
301
302 r = journal_file_rotate(f, s->compress, seal);
303 if (r < 0)
304 if (*f)
ea69bd41 305 log_error_errno(r, "Failed to rotate %s: %m", (*f)->path);
fc55baee 306 else
ea69bd41 307 log_error_errno(r, "Failed to create new %s journal: %m", name);
fc55baee 308 else
5c3bde3f 309 server_add_acls(*f, uid);
2678031a 310
fc55baee
ZJS		 311 return r;
312}
313
d025f1e4
ZJS		 314void server_rotate(Server *s) {
315 JournalFile *f;
316 void *k;
317 Iterator i;
318 int r;
319
320 log_debug("Rotating...");
321
8580d1f7
LP		 322 (void) do_rotate(s, &s->runtime_journal, "runtime", false, 0);
323 (void) do_rotate(s, &s->system_journal, "system", s->seal, 0);
d025f1e4 324
43cf8388 325 ORDERED_HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
4a0b58c4 326 r = do_rotate(s, &f, "user", s->seal, PTR_TO_UID(k));
fc55baee 327 if (r >= 0)
43cf8388 328 ordered_hashmap_replace(s->user_journals, k, f);
fc55baee
ZJS		 329 else if (!f)
330 /* Old file has been closed and deallocated */
43cf8388 331 ordered_hashmap_remove(s->user_journals, k);
d025f1e4
ZJS		 332 }
333}
334
26687bf8
OS		 335void server_sync(Server *s) {
336 JournalFile *f;
26687bf8
OS		 337 Iterator i;
338 int r;
339
26687bf8
OS		 340 if (s->system_journal) {
341 r = journal_file_set_offline(s->system_journal);
342 if (r < 0)
65089b82 343 log_warning_errno(r, "Failed to sync system journal, ignoring: %m");
26687bf8
OS		 344 }
345
65c1d46b 346 ORDERED_HASHMAP_FOREACH(f, s->user_journals, i) {
26687bf8
OS		 347 r = journal_file_set_offline(f);
348 if (r < 0)
65089b82 349 log_warning_errno(r, "Failed to sync user journal, ignoring: %m");
26687bf8
OS		 350 }
351
f9a810be
LP		 352 if (s->sync_event_source) {
353 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_OFF);
354 if (r < 0)
da927ba9 355 log_error_errno(r, "Failed to disable sync timer source: %m");
f9a810be 356 }
26687bf8
OS		 357
358 s->sync_scheduled = false;
359}
360
ea69bd41
LP		 361static void do_vacuum(
362 Server *s,
ea69bd41 363 JournalFile *f,
8580d1f7
LP		 364 JournalMetrics *metrics,
365 const char *path,
366 const char *name,
367 bool verbose,
368 bool patch_min_use) {
ea69bd41
LP		 369
370 const char *p;
8580d1f7 371 uint64_t limit;
63c8666b
ZJS		 372 int r;
373
8580d1f7
LP		 374 assert(s);
375 assert(metrics);
376 assert(path);
377 assert(name);
378
63c8666b
ZJS		 379 if (!f)
380 return;
381
8580d1f7
LP		 382 p = strjoina(path, SERVER_MACHINE_ID(s));
383
384 limit = metrics->max_use;
385 (void) determine_space_for(s, metrics, path, name, verbose, patch_min_use, NULL, &limit);
386
387 r = journal_directory_vacuum(p, limit, metrics->n_max_files, s->max_retention_usec, &s->oldest_file_usec, verbose);
63c8666b 388 if (r < 0 && r != -ENOENT)
8580d1f7 389 log_warning_errno(r, "Failed to vacuum %s, ignoring: %m", p);
63c8666b
ZJS		 390}
391
8580d1f7
LP		 392int server_vacuum(Server *s, bool verbose, bool patch_min_use) {
393 assert(s);
d025f1e4
ZJS		 394
395 log_debug("Vacuuming...");
396
397 s->oldest_file_usec = 0;
398
8580d1f7
LP		 399 do_vacuum(s, s->system_journal, &s->system_metrics, "/var/log/journal/", "System journal", verbose, patch_min_use);
400 do_vacuum(s, s->runtime_journal, &s->runtime_metrics, "/run/log/journal/", "Runtime journal", verbose, patch_min_use);
d025f1e4 401
8580d1f7
LP		 402 s->cached_space_limit = 0;
403 s->cached_space_available = 0;
404 s->cached_space_timestamp = 0;
d025f1e4 405
8580d1f7 406 return 0;
d025f1e4
ZJS		 407}
408
0c24bb23
LP		 409static void server_cache_machine_id(Server *s) {
410 sd_id128_t id;
411 int r;
412
413 assert(s);
414
415 r = sd_id128_get_machine(&id);
416 if (r < 0)
417 return;
418
419 sd_id128_to_string(id, stpcpy(s->machine_id_field, "_MACHINE_ID="));
420}
421
422static void server_cache_boot_id(Server *s) {
423 sd_id128_t id;
424 int r;
425
426 assert(s);
427
428 r = sd_id128_get_boot(&id);
429 if (r < 0)
430 return;
431
432 sd_id128_to_string(id, stpcpy(s->boot_id_field, "_BOOT_ID="));
433}
434
435static void server_cache_hostname(Server *s) {
436 _cleanup_free_ char *t = NULL;
437 char *x;
438
439 assert(s);
440
441 t = gethostname_malloc();
442 if (!t)
443 return;
444
445 x = strappend("_HOSTNAME=", t);
446 if (!x)
447 return;
448
449 free(s->hostname_field);
450 s->hostname_field = x;
451}
452
8531ae70 453static bool shall_try_append_again(JournalFile *f, int r) {
d025f1e4
ZJS		 454
455 /* -E2BIG Hit configured limit
456 -EFBIG Hit fs limit
457 -EDQUOT Quota limit hit
458 -ENOSPC Disk full
fa6ac760 459 -EIO I/O error of some kind (mmap)
d025f1e4
ZJS		 460 -EHOSTDOWN Other machine
461 -EBUSY Unclean shutdown
462 -EPROTONOSUPPORT Unsupported feature
463 -EBADMSG Corrupted
464 -ENODATA Truncated
2678031a
LP		 465 -ESHUTDOWN Already archived
466 -EIDRM Journal file has been deleted */
d025f1e4
ZJS		 467
468 if (r == -E2BIG || r == -EFBIG || r == -EDQUOT || r == -ENOSPC)
469 log_debug("%s: Allocation limit reached, rotating.", f->path);
470 else if (r == -EHOSTDOWN)
471 log_info("%s: Journal file from other machine, rotating.", f->path);
472 else if (r == -EBUSY)
473 log_info("%s: Unclean shutdown, rotating.", f->path);
474 else if (r == -EPROTONOSUPPORT)
475 log_info("%s: Unsupported feature, rotating.", f->path);
476 else if (r == -EBADMSG || r == -ENODATA || r == ESHUTDOWN)
477 log_warning("%s: Journal file corrupted, rotating.", f->path);
fa6ac760
LP		 478 else if (r == -EIO)
479 log_warning("%s: IO error, rotating.", f->path);
2678031a
LP		 480 else if (r == -EIDRM)
481 log_warning("%s: Journal file has been deleted, rotating.", f->path);
d025f1e4
ZJS		 482 else
483 return false;
484
485 return true;
486}
487
d07f7b9e 488static void write_to_journal(Server *s, uid_t uid, struct iovec *iovec, unsigned n, int priority) {
d025f1e4
ZJS		 489 JournalFile *f;
490 bool vacuumed = false;
491 int r;
492
493 assert(s);
494 assert(iovec);
495 assert(n > 0);
496
497 f = find_journal(s, uid);
498 if (!f)
499 return;
500
501 if (journal_file_rotate_suggested(f, s->max_file_usec)) {
502 log_debug("%s: Journal header limits reached or header out-of-date, rotating.", f->path);
503 server_rotate(s);
8580d1f7 504 server_vacuum(s, false, false);
d025f1e4
ZJS		 505 vacuumed = true;
506
507 f = find_journal(s, uid);
508 if (!f)
509 return;
510 }
511
512 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
26687bf8 513 if (r >= 0) {
d07f7b9e 514 server_schedule_sync(s, priority);
d025f1e4 515 return;
26687bf8 516 }
d025f1e4
ZJS		 517
518 if (vacuumed || !shall_try_append_again(f, r)) {
8266e1c0 519 log_error_errno(r, "Failed to write entry (%d items, %zu bytes), ignoring: %m", n, IOVEC_TOTAL_SIZE(iovec, n));
d025f1e4
ZJS		 520 return;
521 }
522
523 server_rotate(s);
8580d1f7 524 server_vacuum(s, false, false);
d025f1e4
ZJS		 525
526 f = find_journal(s, uid);
527 if (!f)
528 return;
529
530 log_debug("Retrying write.");
531 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
8266e1c0
LP		 532 if (r < 0)
533 log_error_errno(r, "Failed to write entry (%d items, %zu bytes) despite vacuuming, ignoring: %m", n, IOVEC_TOTAL_SIZE(iovec, n));
534 else
d07f7b9e 535 server_schedule_sync(s, priority);
d025f1e4
ZJS		 536}
537
538static void dispatch_message_real(
539 Server *s,
540 struct iovec *iovec, unsigned n, unsigned m,
3b3154df
LP		 541 const struct ucred *ucred,
542 const struct timeval *tv,
d025f1e4 543 const char *label, size_t label_len,
968f3196 544 const char *unit_id,
d07f7b9e 545 int priority,
968f3196 546 pid_t object_pid) {
d025f1e4 547
968f3196 548 char pid[sizeof("_PID=") + DECIMAL_STR_MAX(pid_t)],
ae018d9b
LP		 549 uid[sizeof("_UID=") + DECIMAL_STR_MAX(uid_t)],
550 gid[sizeof("_GID=") + DECIMAL_STR_MAX(gid_t)],
551 owner_uid[sizeof("_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)],
d3789917 552 source_time[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)],
968f3196
ZJS		 553 o_uid[sizeof("OBJECT_UID=") + DECIMAL_STR_MAX(uid_t)],
554 o_gid[sizeof("OBJECT_GID=") + DECIMAL_STR_MAX(gid_t)],
555 o_owner_uid[sizeof("OBJECT_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)];
556 uid_t object_uid;
557 gid_t object_gid;
968f3196 558 char *x;
d025f1e4 559 int r;
ae018d9b 560 char *t, *c;
82499507
LP		 561 uid_t realuid = 0, owner = 0, journal_uid;
562 bool owner_valid = false;
ae018d9b 563#ifdef HAVE_AUDIT
968f3196
ZJS		 564 char audit_session[sizeof("_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
565 audit_loginuid[sizeof("_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)],
566 o_audit_session[sizeof("OBJECT_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
567 o_audit_loginuid[sizeof("OBJECT_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)];
ae018d9b
LP		 568
569 uint32_t audit;
570 uid_t loginuid;
571#endif
d025f1e4
ZJS		 572
573 assert(s);
574 assert(iovec);
575 assert(n > 0);
968f3196 576 assert(n + N_IOVEC_META_FIELDS + (object_pid ? N_IOVEC_OBJECT_FIELDS : 0) <= m);
d025f1e4
ZJS		 577
578 if (ucred) {
d025f1e4
ZJS		 579 realuid = ucred->uid;
580
de0671ee 581 sprintf(pid, "_PID="PID_FMT, ucred->pid);
c2457105 582 IOVEC_SET_STRING(iovec[n++], pid);
d025f1e4 583
de0671ee 584 sprintf(uid, "_UID="UID_FMT, ucred->uid);
c2457105 585 IOVEC_SET_STRING(iovec[n++], uid);
d025f1e4 586
de0671ee 587 sprintf(gid, "_GID="GID_FMT, ucred->gid);
c2457105 588 IOVEC_SET_STRING(iovec[n++], gid);
d025f1e4
ZJS		 589
590 r = get_process_comm(ucred->pid, &t);
591 if (r >= 0) {
63c372cb 592 x = strjoina("_COMM=", t);
d025f1e4 593 free(t);
968f3196 594 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4
ZJS		 595 }
596
597 r = get_process_exe(ucred->pid, &t);
598 if (r >= 0) {
63c372cb 599 x = strjoina("_EXE=", t);
d025f1e4 600 free(t);
968f3196 601 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4
ZJS		 602 }
603
9bdbc2e2 604 r = get_process_cmdline(ucred->pid, 0, false, &t);
d025f1e4 605 if (r >= 0) {
63c372cb 606 x = strjoina("_CMDLINE=", t);
d025f1e4 607 free(t);
3a832116
SL		 608 IOVEC_SET_STRING(iovec[n++], x);
609 }
610
611 r = get_process_capeff(ucred->pid, &t);
612 if (r >= 0) {
63c372cb 613 x = strjoina("_CAP_EFFECTIVE=", t);
3a832116 614 free(t);
968f3196 615 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4
ZJS		 616 }
617
0a20e3c1 618#ifdef HAVE_AUDIT
d025f1e4 619 r = audit_session_from_pid(ucred->pid, &audit);
ae018d9b 620 if (r >= 0) {
de0671ee 621 sprintf(audit_session, "_AUDIT_SESSION=%"PRIu32, audit);
ae018d9b
LP		 622 IOVEC_SET_STRING(iovec[n++], audit_session);
623 }
d025f1e4
ZJS		 624
625 r = audit_loginuid_from_pid(ucred->pid, &loginuid);
7027ff61 626 if (r >= 0) {
de0671ee 627 sprintf(audit_loginuid, "_AUDIT_LOGINUID="UID_FMT, loginuid);
ae018d9b 628 IOVEC_SET_STRING(iovec[n++], audit_loginuid);
d025f1e4 629 }
ae018d9b 630#endif
d025f1e4 631
e9174f29 632 r = cg_pid_get_path_shifted(ucred->pid, s->cgroup_root, &c);
7027ff61 633 if (r >= 0) {
968f3196
ZJS		 634 char *session = NULL;
635
63c372cb 636 x = strjoina("_SYSTEMD_CGROUP=", c);
968f3196 637 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4 638
ae018d9b
LP		 639 r = cg_path_get_session(c, &t);
640 if (r >= 0) {
63c372cb 641 session = strjoina("_SYSTEMD_SESSION=", t);
ae018d9b 642 free(t);
d025f1e4 643 IOVEC_SET_STRING(iovec[n++], session);
ae018d9b
LP		 644 }
645
646 if (cg_path_get_owner_uid(c, &owner) >= 0) {
647 owner_valid = true;
d025f1e4 648
de0671ee 649 sprintf(owner_uid, "_SYSTEMD_OWNER_UID="UID_FMT, owner);
d025f1e4 650 IOVEC_SET_STRING(iovec[n++], owner_uid);
ae018d9b 651 }
d025f1e4 652
ae018d9b 653 if (cg_path_get_unit(c, &t) >= 0) {
63c372cb 654 x = strjoina("_SYSTEMD_UNIT=", t);
ae018d9b 655 free(t);
19cace37
LP		 656 IOVEC_SET_STRING(iovec[n++], x);
657 } else if (unit_id && !session) {
63c372cb 658 x = strjoina("_SYSTEMD_UNIT=", unit_id);
19cace37
LP		 659 IOVEC_SET_STRING(iovec[n++], x);
660 }
661
662 if (cg_path_get_user_unit(c, &t) >= 0) {
63c372cb 663 x = strjoina("_SYSTEMD_USER_UNIT=", t);
ae018d9b 664 free(t);
968f3196 665 IOVEC_SET_STRING(iovec[n++], x);
19cace37 666 } else if (unit_id && session) {
63c372cb 667 x = strjoina("_SYSTEMD_USER_UNIT=", unit_id);
19cace37
LP		 668 IOVEC_SET_STRING(iovec[n++], x);
669 }
ae018d9b 670
0a244b8e 671 if (cg_path_get_slice(c, &t) >= 0) {
63c372cb 672 x = strjoina("_SYSTEMD_SLICE=", t);
0a244b8e
LP		 673 free(t);
674 IOVEC_SET_STRING(iovec[n++], x);
675 }
676
ae018d9b 677 free(c);
2d43b190 678 } else if (unit_id) {
63c372cb 679 x = strjoina("_SYSTEMD_UNIT=", unit_id);
2d43b190 680 IOVEC_SET_STRING(iovec[n++], x);
ef1673d1 681 }
d025f1e4 682
d025f1e4 683#ifdef HAVE_SELINUX
6355e756 684 if (mac_selinux_have()) {
d682b3a7 685 if (label) {
f8294e41 686 x = alloca(strlen("_SELINUX_CONTEXT=") + label_len + 1);
ae018d9b 687
d682b3a7
LP		 688 *((char*) mempcpy(stpcpy(x, "_SELINUX_CONTEXT="), label, label_len)) = 0;
689 IOVEC_SET_STRING(iovec[n++], x);
690 } else {
691 security_context_t con;
d025f1e4 692
d682b3a7 693 if (getpidcon(ucred->pid, &con) >= 0) {
63c372cb 694 x = strjoina("_SELINUX_CONTEXT=", con);
e7ff4e7f 695
d682b3a7
LP		 696 freecon(con);
697 IOVEC_SET_STRING(iovec[n++], x);
698 }
d025f1e4
ZJS		 699 }
700 }
701#endif
702 }
968f3196
ZJS		 703 assert(n <= m);
704
705 if (object_pid) {
706 r = get_process_uid(object_pid, &object_uid);
707 if (r >= 0) {
de0671ee 708 sprintf(o_uid, "OBJECT_UID="UID_FMT, object_uid);
968f3196
ZJS		 709 IOVEC_SET_STRING(iovec[n++], o_uid);
710 }
711
712 r = get_process_gid(object_pid, &object_gid);
713 if (r >= 0) {
de0671ee 714 sprintf(o_gid, "OBJECT_GID="GID_FMT, object_gid);
968f3196
ZJS		 715 IOVEC_SET_STRING(iovec[n++], o_gid);
716 }
717
718 r = get_process_comm(object_pid, &t);
719 if (r >= 0) {
63c372cb 720 x = strjoina("OBJECT_COMM=", t);
968f3196
ZJS		 721 free(t);
722 IOVEC_SET_STRING(iovec[n++], x);
723 }
724
725 r = get_process_exe(object_pid, &t);
726 if (r >= 0) {
63c372cb 727 x = strjoina("OBJECT_EXE=", t);
968f3196
ZJS		 728 free(t);
729 IOVEC_SET_STRING(iovec[n++], x);
730 }
731
732 r = get_process_cmdline(object_pid, 0, false, &t);
733 if (r >= 0) {
63c372cb 734 x = strjoina("OBJECT_CMDLINE=", t);
968f3196
ZJS		 735 free(t);
736 IOVEC_SET_STRING(iovec[n++], x);
737 }
738
739#ifdef HAVE_AUDIT
740 r = audit_session_from_pid(object_pid, &audit);
741 if (r >= 0) {
de0671ee 742 sprintf(o_audit_session, "OBJECT_AUDIT_SESSION=%"PRIu32, audit);
968f3196
ZJS		 743 IOVEC_SET_STRING(iovec[n++], o_audit_session);
744 }
745
746 r = audit_loginuid_from_pid(object_pid, &loginuid);
747 if (r >= 0) {
de0671ee 748 sprintf(o_audit_loginuid, "OBJECT_AUDIT_LOGINUID="UID_FMT, loginuid);
968f3196
ZJS		 749 IOVEC_SET_STRING(iovec[n++], o_audit_loginuid);
750 }
751#endif
752
e9174f29 753 r = cg_pid_get_path_shifted(object_pid, s->cgroup_root, &c);
968f3196 754 if (r >= 0) {
63c372cb 755 x = strjoina("OBJECT_SYSTEMD_CGROUP=", c);
968f3196
ZJS		 756 IOVEC_SET_STRING(iovec[n++], x);
757
758 r = cg_path_get_session(c, &t);
759 if (r >= 0) {
63c372cb 760 x = strjoina("OBJECT_SYSTEMD_SESSION=", t);
968f3196
ZJS		 761 free(t);
762 IOVEC_SET_STRING(iovec[n++], x);
763 }
764
765 if (cg_path_get_owner_uid(c, &owner) >= 0) {
de0671ee 766 sprintf(o_owner_uid, "OBJECT_SYSTEMD_OWNER_UID="UID_FMT, owner);
968f3196
ZJS		 767 IOVEC_SET_STRING(iovec[n++], o_owner_uid);
768 }
769
770 if (cg_path_get_unit(c, &t) >= 0) {
63c372cb 771 x = strjoina("OBJECT_SYSTEMD_UNIT=", t);
968f3196 772 free(t);
19cace37
LP		 773 IOVEC_SET_STRING(iovec[n++], x);
774 }
775
776 if (cg_path_get_user_unit(c, &t) >= 0) {
63c372cb 777 x = strjoina("OBJECT_SYSTEMD_USER_UNIT=", t);
968f3196 778 free(t);
968f3196 779 IOVEC_SET_STRING(iovec[n++], x);
19cace37 780 }
968f3196
ZJS		 781
782 free(c);
783 }
784 }
785 assert(n <= m);
d025f1e4
ZJS		 786
787 if (tv) {
ae018d9b 788 sprintf(source_time, "_SOURCE_REALTIME_TIMESTAMP=%llu", (unsigned long long) timeval_load(tv));
a5693989 789 IOVEC_SET_STRING(iovec[n++], source_time);
d025f1e4
ZJS		 790 }
791
792 /* Note that strictly speaking storing the boot id here is
793 * redundant since the entry includes this in-line
794 * anyway. However, we need this indexed, too. */
0c24bb23
LP		 795 if (!isempty(s->boot_id_field))
796 IOVEC_SET_STRING(iovec[n++], s->boot_id_field);
d025f1e4 797
0c24bb23
LP		 798 if (!isempty(s->machine_id_field))
799 IOVEC_SET_STRING(iovec[n++], s->machine_id_field);
d025f1e4 800
0c24bb23
LP		 801 if (!isempty(s->hostname_field))
802 IOVEC_SET_STRING(iovec[n++], s->hostname_field);
d025f1e4
ZJS		 803
804 assert(n <= m);
805
da499392 806 if (s->split_mode == SPLIT_UID && realuid > 0)
40adcda8 807 /* Split up strictly by any UID */
759c945a 808 journal_uid = realuid;
82499507 809 else if (s->split_mode == SPLIT_LOGIN && realuid > 0 && owner_valid && owner > 0)
edc3797f
LP		 810 /* Split up by login UIDs. We do this only if the
811 * realuid is not root, in order not to accidentally
812 * leak privileged information to the user that is
813 * logged by a privileged process that is part of an
7517e174 814 * unprivileged session. */
8a0889df 815 journal_uid = owner;
da499392
KS		 816 else
817 journal_uid = 0;
759c945a 818
d07f7b9e 819 write_to_journal(s, journal_uid, iovec, n, priority);
d025f1e4
ZJS		 820}
821
822void server_driver_message(Server *s, sd_id128_t message_id, const char *format, ...) {
823 char mid[11 + 32 + 1];
8a03c9ef
ZJS		 824 struct iovec iovec[N_IOVEC_META_FIELDS + 5 + N_IOVEC_PAYLOAD_FIELDS];
825 unsigned n = 0, m;
d025f1e4 826 va_list ap;
b92bea5d 827 struct ucred ucred = {};
d025f1e4
ZJS		 828
829 assert(s);
830 assert(format);
831
b6fa2555
EV		 832 IOVEC_SET_STRING(iovec[n++], "SYSLOG_FACILITY=3");
833 IOVEC_SET_STRING(iovec[n++], "SYSLOG_IDENTIFIER=systemd-journald");
834
d025f1e4
ZJS		 835 IOVEC_SET_STRING(iovec[n++], "PRIORITY=6");
836 IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=driver");
837
d025f1e4 838 if (!sd_id128_equal(message_id, SD_ID128_NULL)) {
e2cc6eca 839 snprintf(mid, sizeof(mid), LOG_MESSAGE_ID(message_id));
d025f1e4
ZJS		 840 IOVEC_SET_STRING(iovec[n++], mid);
841 }
842
8a03c9ef
ZJS		 843 m = n;
844
845 va_start(ap, format);
846 assert_se(log_format_iovec(iovec, ELEMENTSOF(iovec), &n, false, 0, format, ap) >= 0);
847 va_end(ap);
848
d025f1e4
ZJS		 849 ucred.pid = getpid();
850 ucred.uid = getuid();
851 ucred.gid = getgid();
852
d07f7b9e 853 dispatch_message_real(s, iovec, n, ELEMENTSOF(iovec), &ucred, NULL, NULL, 0, NULL, LOG_INFO, 0);
8a03c9ef
ZJS		 854
855 while (m < n)
856 free(iovec[m++].iov_base);
d025f1e4
ZJS		 857}
858
859void server_dispatch_message(
860 Server *s,
861 struct iovec *iovec, unsigned n, unsigned m,
3b3154df
LP		 862 const struct ucred *ucred,
863 const struct timeval *tv,
d025f1e4
ZJS		 864 const char *label, size_t label_len,
865 const char *unit_id,
968f3196
ZJS		 866 int priority,
867 pid_t object_pid) {
d025f1e4 868
7027ff61 869 int rl, r;
7fd1b19b 870 _cleanup_free_ char *path = NULL;
8580d1f7 871 uint64_t available = 0;
db91ea32 872 char *c;
d025f1e4
ZJS		 873
874 assert(s);
875 assert(iovec || n == 0);
876
877 if (n == 0)
878 return;
879
880 if (LOG_PRI(priority) > s->max_level_store)
881 return;
882
2f5df74a
HHPF		 883 /* Stop early in case the information will not be stored
884 * in a journal. */
885 if (s->storage == STORAGE_NONE)
886 return;
887
d025f1e4
ZJS		 888 if (!ucred)
889 goto finish;
890
e9174f29 891 r = cg_pid_get_path_shifted(ucred->pid, s->cgroup_root, &path);
7027ff61 892 if (r < 0)
d025f1e4
ZJS		 893 goto finish;
894
895 /* example: /user/lennart/3/foobar
896 * /system/dbus.service/foobar
897 *
898 * So let's cut of everything past the third /, since that is
899 * where user directories start */
900
901 c = strchr(path, '/');
902 if (c) {
903 c = strchr(c+1, '/');
904 if (c) {
905 c = strchr(c+1, '/');
906 if (c)
907 *c = 0;
908 }
909 }
910
8580d1f7
LP		 911 (void) determine_space(s, false, false, &available, NULL);
912 rl = journal_rate_limit_test(s->rate_limit, path, priority & LOG_PRIMASK, available);
db91ea32 913 if (rl == 0)
d025f1e4 914 return;
d025f1e4
ZJS		 915
916 /* Write a suppression message if we suppressed something */
917 if (rl > 1)
db91ea32 918 server_driver_message(s, SD_MESSAGE_JOURNAL_DROPPED,
8a03c9ef
ZJS		 919 LOG_MESSAGE("Suppressed %u messages from %s", rl - 1, path),
920 NULL);
d025f1e4
ZJS		 921
922finish:
d07f7b9e 923 dispatch_message_real(s, iovec, n, m, ucred, tv, label, label_len, unit_id, priority, object_pid);
d025f1e4
ZJS		 924}
925
926
caa2f4c0 927static int system_journal_open(Server *s, bool flush_requested) {
84267e40 928 const char *fn;
09eba4d4 929 int r = 0;
d025f1e4
ZJS		 930
931 if (!s->system_journal &&
932 (s->storage == STORAGE_PERSISTENT || s->storage == STORAGE_AUTO) &&
caa2f4c0
ZJS		 933 (flush_requested
934 || access("/run/systemd/journal/flushed", F_OK) >= 0)) {
d025f1e4
ZJS		 935
936 /* If in auto mode: first try to create the machine
937 * path, but not the prefix.
938 *
939 * If in persistent mode: create /var/log/journal and
940 * the machine path */
941
942 if (s->storage == STORAGE_PERSISTENT)
ac892057 943 (void) mkdir_p("/var/log/journal/", 0755);
d025f1e4 944
8580d1f7 945 fn = strjoina("/var/log/journal/", SERVER_MACHINE_ID(s));
d025f1e4 946 (void) mkdir(fn, 0755);
d025f1e4 947
63c372cb 948 fn = strjoina(fn, "/system.journal");
d025f1e4 949 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &s->system_journal);
8580d1f7 950 if (r >= 0) {
5c3bde3f 951 server_add_acls(s->system_journal, 0);
8580d1f7
LP		 952 (void) determine_space_for(s, &s->system_metrics, "/var/log/journal/", "System journal", true, true, NULL, NULL);
953 } else if (r < 0) {
433dd100 954 if (r != -ENOENT && r != -EROFS)
da927ba9 955 log_warning_errno(r, "Failed to open system journal: %m");
e40ec7ae 956
433dd100
LN		 957 r = 0;
958 }
d025f1e4
ZJS		 959 }
960
961 if (!s->runtime_journal &&
962 (s->storage != STORAGE_NONE)) {
963
8580d1f7 964 fn = strjoina("/run/log/journal/", SERVER_MACHINE_ID(s), "/system.journal");
d025f1e4
ZJS		 965
966 if (s->system_journal) {
967
968 /* Try to open the runtime journal, but only
969 * if it already exists, so that we can flush
970 * it into the system journal */
971
972 r = journal_file_open(fn, O_RDWR, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
d025f1e4
ZJS		 973 if (r < 0) {
974 if (r != -ENOENT)
da927ba9 975 log_warning_errno(r, "Failed to open runtime journal: %m");
d025f1e4
ZJS		 976
977 r = 0;
978 }
979
980 } else {
981
982 /* OK, we really need the runtime journal, so create
983 * it if necessary. */
984
fc1d70af
LP		 985 (void) mkdir("/run/log", 0755);
986 (void) mkdir("/run/log/journal", 0755);
987 (void) mkdir_parents(fn, 0750);
988
d025f1e4 989 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
23bbb0de
MS		 990 if (r < 0)
991 return log_error_errno(r, "Failed to open runtime journal: %m");
d025f1e4
ZJS		 992 }
993
8580d1f7 994 if (s->runtime_journal) {
5c3bde3f 995 server_add_acls(s->runtime_journal, 0);
8580d1f7
LP		 996 (void) determine_space_for(s, &s->runtime_metrics, "/run/log/journal/", "Runtime journal", true, true, NULL, NULL);
997 }
d025f1e4
ZJS		 998 }
999
1000 return r;
1001}
1002
1003int server_flush_to_var(Server *s) {
d025f1e4
ZJS		 1004 sd_id128_t machine;
1005 sd_journal *j = NULL;
fbb63411
LP		 1006 char ts[FORMAT_TIMESPAN_MAX];
1007 usec_t start;
1008 unsigned n = 0;
1009 int r;
d025f1e4
ZJS		 1010
1011 assert(s);
1012
1013 if (s->storage != STORAGE_AUTO &&
1014 s->storage != STORAGE_PERSISTENT)
1015 return 0;
1016
1017 if (!s->runtime_journal)
1018 return 0;
1019
8580d1f7 1020 (void) system_journal_open(s, true);
d025f1e4
ZJS		 1021
1022 if (!s->system_journal)
1023 return 0;
1024
1025 log_debug("Flushing to /var...");
1026
fbb63411
LP		 1027 start = now(CLOCK_MONOTONIC);
1028
d025f1e4 1029 r = sd_id128_get_machine(&machine);
00a16861 1030 if (r < 0)
d025f1e4 1031 return r;
d025f1e4
ZJS		 1032
1033 r = sd_journal_open(&j, SD_JOURNAL_RUNTIME_ONLY);
23bbb0de
MS		 1034 if (r < 0)
1035 return log_error_errno(r, "Failed to read runtime journal: %m");
d025f1e4 1036
93b73b06
LP		 1037 sd_journal_set_data_threshold(j, 0);
1038
d025f1e4
ZJS		 1039 SD_JOURNAL_FOREACH(j) {
1040 Object *o = NULL;
1041 JournalFile *f;
1042
1043 f = j->current_file;
1044 assert(f && f->current_offset > 0);
1045
fbb63411
LP		 1046 n++;
1047
d025f1e4
ZJS		 1048 r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
1049 if (r < 0) {
da927ba9 1050 log_error_errno(r, "Can't read entry: %m");
d025f1e4
ZJS		 1051 goto finish;
1052 }
1053
1054 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
1055 if (r >= 0)
1056 continue;
1057
1058 if (!shall_try_append_again(s->system_journal, r)) {
da927ba9 1059 log_error_errno(r, "Can't write entry: %m");
d025f1e4
ZJS		 1060 goto finish;
1061 }
1062
1063 server_rotate(s);
8580d1f7 1064 server_vacuum(s, false, false);
d025f1e4 1065
253f59df
LP		 1066 if (!s->system_journal) {
1067 log_notice("Didn't flush runtime journal since rotation of system journal wasn't successful.");
1068 r = -EIO;
1069 goto finish;
1070 }
1071
d025f1e4
ZJS		 1072 log_debug("Retrying write.");
1073 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
1074 if (r < 0) {
da927ba9 1075 log_error_errno(r, "Can't write entry: %m");
d025f1e4
ZJS		 1076 goto finish;
1077 }
1078 }
1079
804ae586
LP		 1080 r = 0;
1081
d025f1e4
ZJS		 1082finish:
1083 journal_file_post_change(s->system_journal);
1084
804ae586 1085 s->runtime_journal = journal_file_close(s->runtime_journal);
d025f1e4
ZJS		 1086
1087 if (r >= 0)
c6878637 1088 (void) rm_rf("/run/log/journal", REMOVE_ROOT);
d025f1e4 1089
763c7aa2 1090 sd_journal_close(j);
d025f1e4 1091
8a03c9ef
ZJS		 1092 server_driver_message(s, SD_ID128_NULL,
1093 LOG_MESSAGE("Time spent on flushing to /var is %s for %u entries.",
1094 format_timespan(ts, sizeof(ts), now(CLOCK_MONOTONIC) - start, 0),
1095 n),
1096 NULL);
fbb63411 1097
d025f1e4
ZJS		 1098 return r;
1099}
1100
8531ae70 1101int server_process_datagram(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
f9a810be 1102 Server *s = userdata;
a315ac4e
LP		 1103 struct ucred *ucred = NULL;
1104 struct timeval *tv = NULL;
1105 struct cmsghdr *cmsg;
1106 char *label = NULL;
1107 size_t label_len = 0, m;
1108 struct iovec iovec;
1109 ssize_t n;
1110 int *fds = NULL, v = 0;
1111 unsigned n_fds = 0;
1112
1113 union {
1114 struct cmsghdr cmsghdr;
1115
1116 /* We use NAME_MAX space for the SELinux label
1117 * here. The kernel currently enforces no
1118 * limit, but according to suggestions from
1119 * the SELinux people this will change and it
1120 * will probably be identical to NAME_MAX. For
1121 * now we use that, but this should be updated
1122 * one day when the final limit is known. */
1123 uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
1124 CMSG_SPACE(sizeof(struct timeval)) +
1125 CMSG_SPACE(sizeof(int)) + /* fd */
1126 CMSG_SPACE(NAME_MAX)]; /* selinux label */
1127 } control = {};
1128
1129 union sockaddr_union sa = {};
1130
1131 struct msghdr msghdr = {
1132 .msg_iov = &iovec,
1133 .msg_iovlen = 1,
1134 .msg_control = &control,
1135 .msg_controllen = sizeof(control),
1136 .msg_name = &sa,
1137 .msg_namelen = sizeof(sa),
1138 };
f9a810be 1139
d025f1e4 1140 assert(s);
875c2e22 1141 assert(fd == s->native_fd || fd == s->syslog_fd || fd == s->audit_fd);
f9a810be
LP		 1142
1143 if (revents != EPOLLIN) {
1144 log_error("Got invalid event from epoll for datagram fd: %"PRIx32, revents);
1145 return -EIO;
1146 }
1147
a315ac4e
LP		 1148 /* Try to get the right size, if we can. (Not all
1149 * sockets support SIOCINQ, hence we just try, but
1150 * don't rely on it. */
1151 (void) ioctl(fd, SIOCINQ, &v);
d025f1e4 1152
a315ac4e
LP		 1153 /* Fix it up, if it is too small. We use the same fixed value as auditd here. Awful! */
1154 m = PAGE_ALIGN(MAX3((size_t) v + 1,
1155 (size_t) LINE_MAX,
1156 ALIGN(sizeof(struct nlmsghdr)) + ALIGN((size_t) MAX_AUDIT_MESSAGE_LENGTH)) + 1);
d025f1e4 1157
a315ac4e
LP		 1158 if (!GREEDY_REALLOC(s->buffer, s->buffer_size, m))
1159 return log_oom();
875c2e22 1160
a315ac4e
LP		 1161 iovec.iov_base = s->buffer;
1162 iovec.iov_len = s->buffer_size - 1; /* Leave room for trailing NUL we add later */
d025f1e4 1163
a315ac4e
LP		 1164 n = recvmsg(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
1165 if (n < 0) {
1166 if (errno == EINTR || errno == EAGAIN)
1167 return 0;
875c2e22 1168
a315ac4e
LP		 1169 return log_error_errno(errno, "recvmsg() failed: %m");
1170 }
875c2e22 1171
a315ac4e
LP		 1172 CMSG_FOREACH(cmsg, &msghdr) {
1173
1174 if (cmsg->cmsg_level == SOL_SOCKET &&
1175 cmsg->cmsg_type == SCM_CREDENTIALS &&
1176 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
1177 ucred = (struct ucred*) CMSG_DATA(cmsg);
1178 else if (cmsg->cmsg_level == SOL_SOCKET &&
1179 cmsg->cmsg_type == SCM_SECURITY) {
1180 label = (char*) CMSG_DATA(cmsg);
1181 label_len = cmsg->cmsg_len - CMSG_LEN(0);
1182 } else if (cmsg->cmsg_level == SOL_SOCKET &&
1183 cmsg->cmsg_type == SO_TIMESTAMP &&
1184 cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval)))
1185 tv = (struct timeval*) CMSG_DATA(cmsg);
1186 else if (cmsg->cmsg_level == SOL_SOCKET &&
1187 cmsg->cmsg_type == SCM_RIGHTS) {
1188 fds = (int*) CMSG_DATA(cmsg);
1189 n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
d025f1e4 1190 }
a315ac4e 1191 }
d025f1e4 1192
a315ac4e
LP		 1193 /* And a trailing NUL, just in case */
1194 s->buffer[n] = 0;
1195
1196 if (fd == s->syslog_fd) {
1197 if (n > 0 && n_fds == 0)
1198 server_process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len);
1199 else if (n_fds > 0)
1200 log_warning("Got file descriptors via syslog socket. Ignoring.");
1201
1202 } else if (fd == s->native_fd) {
1203 if (n > 0 && n_fds == 0)
1204 server_process_native_message(s, s->buffer, n, ucred, tv, label, label_len);
1205 else if (n == 0 && n_fds == 1)
1206 server_process_native_file(s, fds[0], ucred, tv, label, label_len);
1207 else if (n_fds > 0)
1208 log_warning("Got too many file descriptors via native socket. Ignoring.");
1209
1210 } else {
1211 assert(fd == s->audit_fd);
1212
1213 if (n > 0 && n_fds == 0)
1214 server_process_audit_message(s, s->buffer, n, ucred, &sa, msghdr.msg_namelen);
1215 else if (n_fds > 0)
1216 log_warning("Got file descriptors via audit socket. Ignoring.");
f9a810be 1217 }
a315ac4e
LP		 1218
1219 close_many(fds, n_fds);
1220 return 0;
f9a810be 1221}
d025f1e4 1222
f9a810be
LP		 1223static int dispatch_sigusr1(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1224 Server *s = userdata;
33d52ab9 1225 int r;
d025f1e4 1226
f9a810be 1227 assert(s);
d025f1e4 1228
94b65516 1229 log_info("Received request to flush runtime journal from PID " PID_FMT, si->ssi_pid);
d025f1e4 1230
f9a810be
LP		 1231 server_flush_to_var(s);
1232 server_sync(s);
8580d1f7 1233 server_vacuum(s, false, false);
d025f1e4 1234
33d52ab9
LP		 1235 r = touch("/run/systemd/journal/flushed");
1236 if (r < 0)
1237 log_warning_errno(r, "Failed to touch /run/systemd/journal/flushed, ignoring: %m");
74055aa7 1238
f9a810be
LP		 1239 return 0;
1240}
d025f1e4 1241
f9a810be
LP		 1242static int dispatch_sigusr2(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1243 Server *s = userdata;
33d52ab9 1244 int r;
d025f1e4 1245
f9a810be 1246 assert(s);
d025f1e4 1247
94b65516 1248 log_info("Received request to rotate journal from PID " PID_FMT, si->ssi_pid);
f9a810be 1249 server_rotate(s);
8580d1f7 1250 server_vacuum(s, true, true);
d025f1e4 1251
dbd6e31c 1252 /* Let clients know when the most recent rotation happened. */
33d52ab9
LP		 1253 r = write_timestamp_file_atomic("/run/systemd/journal/rotated", now(CLOCK_MONOTONIC));
1254 if (r < 0)
1255 log_warning_errno(r, "Failed to write /run/systemd/journal/rotated, ignoring: %m");
dbd6e31c 1256
f9a810be
LP		 1257 return 0;
1258}
d025f1e4 1259
f9a810be
LP		 1260static int dispatch_sigterm(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1261 Server *s = userdata;
d025f1e4 1262
f9a810be 1263 assert(s);
d025f1e4 1264
4daf54a8 1265 log_received_signal(LOG_INFO, si);
d025f1e4 1266
6203e07a 1267 sd_event_exit(s->event, 0);
d025f1e4
ZJS		 1268 return 0;
1269}
1270
94b65516
LP		 1271static int dispatch_sigrtmin1(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1272 Server *s = userdata;
33d52ab9 1273 int r;
94b65516
LP		 1274
1275 assert(s);
1276
1277 log_debug("Received request to sync from PID " PID_FMT, si->ssi_pid);
1278
1279 server_sync(s);
1280
1281 /* Let clients know when the most recent sync happened. */
33d52ab9
LP		 1282 r = write_timestamp_file_atomic("/run/systemd/journal/synced", now(CLOCK_MONOTONIC));
1283 if (r < 0)
1284 log_warning_errno(r, "Failed to write /run/systemd/journal/synced, ignoring: %m");
94b65516
LP		 1285
1286 return 0;
1287}
1288
f9a810be 1289static int setup_signals(Server *s) {
f9a810be 1290 int r;
d025f1e4
ZJS		 1291
1292 assert(s);
1293
94b65516 1294 assert(sigprocmask_many(SIG_SETMASK, NULL, SIGINT, SIGTERM, SIGUSR1, SIGUSR2, SIGRTMIN+1, -1) >= 0);
d025f1e4 1295
151b9b96 1296 r = sd_event_add_signal(s->event, &s->sigusr1_event_source, SIGUSR1, dispatch_sigusr1, s);
f9a810be
LP		 1297 if (r < 0)
1298 return r;
1299
151b9b96 1300 r = sd_event_add_signal(s->event, &s->sigusr2_event_source, SIGUSR2, dispatch_sigusr2, s);
f9a810be
LP		 1301 if (r < 0)
1302 return r;
d025f1e4 1303
151b9b96 1304 r = sd_event_add_signal(s->event, &s->sigterm_event_source, SIGTERM, dispatch_sigterm, s);
f9a810be
LP		 1305 if (r < 0)
1306 return r;
d025f1e4 1307
b374689c
LP		 1308 /* Let's process SIGTERM late, so that we flush all queued
1309 * messages to disk before we exit */
1310 r = sd_event_source_set_priority(s->sigterm_event_source, SD_EVENT_PRIORITY_NORMAL+20);
1311 if (r < 0)
1312 return r;
1313
1314 /* When journald is invoked on the terminal (when debugging),
1315 * it's useful if C-c is handled equivalent to SIGTERM. */
151b9b96 1316 r = sd_event_add_signal(s->event, &s->sigint_event_source, SIGINT, dispatch_sigterm, s);
f9a810be
LP		 1317 if (r < 0)
1318 return r;
d025f1e4 1319
b374689c
LP		 1320 r = sd_event_source_set_priority(s->sigint_event_source, SD_EVENT_PRIORITY_NORMAL+20);
1321 if (r < 0)
1322 return r;
1323
94b65516
LP		 1324 /* SIGRTMIN+1 causes an immediate sync. We process this very
1325 * late, so that everything else queued at this point is
1326 * really written to disk. Clients can watch
1327 * /run/systemd/journal/synced with inotify until its mtime
1328 * changes to see when a sync happened. */
1329 r = sd_event_add_signal(s->event, &s->sigrtmin1_event_source, SIGRTMIN+1, dispatch_sigrtmin1, s);
1330 if (r < 0)
1331 return r;
1332
1333 r = sd_event_source_set_priority(s->sigrtmin1_event_source, SD_EVENT_PRIORITY_NORMAL+15);
1334 if (r < 0)
1335 return r;
1336
d025f1e4
ZJS		 1337 return 0;
1338}
1339
1340static int server_parse_proc_cmdline(Server *s) {
7fd1b19b 1341 _cleanup_free_ char *line = NULL;
d581d9d9 1342 const char *p;
74df0fca 1343 int r;
d025f1e4 1344
74df0fca 1345 r = proc_cmdline(&line);
b5884878 1346 if (r < 0) {
da927ba9 1347 log_warning_errno(r, "Failed to read /proc/cmdline, ignoring: %m");
d025f1e4 1348 return 0;
b5884878 1349 }
d025f1e4 1350
d581d9d9
SS		 1351 p = line;
1352 for(;;) {
ff82c36c 1353 _cleanup_free_ char *word = NULL;
d025f1e4 1354
d581d9d9
SS		 1355 r = extract_first_word(&p, &word, NULL, 0);
1356 if (r < 0)
1357 return log_error_errno(r, "Failed to parse journald syntax \"%s\": %m", line);
1358
1359 if (r == 0)
1360 break;
d025f1e4
ZJS		 1361
1362 if (startswith(word, "systemd.journald.forward_to_syslog=")) {
1363 r = parse_boolean(word + 35);
1364 if (r < 0)
1365 log_warning("Failed to parse forward to syslog switch %s. Ignoring.", word + 35);
1366 else
1367 s->forward_to_syslog = r;
1368 } else if (startswith(word, "systemd.journald.forward_to_kmsg=")) {
1369 r = parse_boolean(word + 33);
1370 if (r < 0)
1371 log_warning("Failed to parse forward to kmsg switch %s. Ignoring.", word + 33);
1372 else
1373 s->forward_to_kmsg = r;
1374 } else if (startswith(word, "systemd.journald.forward_to_console=")) {
1375 r = parse_boolean(word + 36);
1376 if (r < 0)
1377 log_warning("Failed to parse forward to console switch %s. Ignoring.", word + 36);
1378 else
1379 s->forward_to_console = r;
40b71e89
ST		 1380 } else if (startswith(word, "systemd.journald.forward_to_wall=")) {
1381 r = parse_boolean(word + 33);
1382 if (r < 0)
1383 log_warning("Failed to parse forward to wall switch %s. Ignoring.", word + 33);
1384 else
1385 s->forward_to_wall = r;
d025f1e4
ZJS		 1386 } else if (startswith(word, "systemd.journald"))
1387 log_warning("Invalid systemd.journald parameter. Ignoring.");
d025f1e4
ZJS		 1388 }
1389
804ae586 1390 /* do not warn about state here, since probably systemd already did */
db91ea32 1391 return 0;
d025f1e4
ZJS		 1392}
1393
1394static int server_parse_config_file(Server *s) {
d025f1e4
ZJS		 1395 assert(s);
1396
75eb6154
LP		 1397 return config_parse_many(PKGSYSCONFDIR "/journald.conf",
1398 CONF_PATHS_NULSTR("systemd/journald.conf.d"),
a9edaeff
JT		 1399 "Journal\0",
1400 config_item_perf_lookup, journald_gperf_lookup,
1401 false, s);
d025f1e4
ZJS		 1402}
1403
f9a810be
LP		 1404static int server_dispatch_sync(sd_event_source *es, usec_t t, void *userdata) {
1405 Server *s = userdata;
26687bf8
OS		 1406
1407 assert(s);
1408
f9a810be 1409 server_sync(s);
26687bf8
OS		 1410 return 0;
1411}
1412
d07f7b9e 1413int server_schedule_sync(Server *s, int priority) {
26687bf8
OS		 1414 int r;
1415
26687bf8
OS		 1416 assert(s);
1417
d07f7b9e
LP		 1418 if (priority <= LOG_CRIT) {
1419 /* Immediately sync to disk when this is of priority CRIT, ALERT, EMERG */
1420 server_sync(s);
1421 return 0;
1422 }
1423
26687bf8
OS		 1424 if (s->sync_scheduled)
1425 return 0;
1426
f9a810be
LP		 1427 if (s->sync_interval_usec > 0) {
1428 usec_t when;
ca267016 1429
6a0f1f6d 1430 r = sd_event_now(s->event, CLOCK_MONOTONIC, &when);
f9a810be
LP		 1431 if (r < 0)
1432 return r;
26687bf8 1433
f9a810be
LP		 1434 when += s->sync_interval_usec;
1435
1436 if (!s->sync_event_source) {
6a0f1f6d
LP		 1437 r = sd_event_add_time(
1438 s->event,
1439 &s->sync_event_source,
1440 CLOCK_MONOTONIC,
1441 when, 0,
1442 server_dispatch_sync, s);
f9a810be
LP		 1443 if (r < 0)
1444 return r;
1445
1446 r = sd_event_source_set_priority(s->sync_event_source, SD_EVENT_PRIORITY_IMPORTANT);
1447 } else {
1448 r = sd_event_source_set_time(s->sync_event_source, when);
1449 if (r < 0)
1450 return r;
1451
1452 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_ONESHOT);
1453 }
26687bf8 1454 if (r < 0)
f9a810be 1455 return r;
26687bf8 1456
f9a810be
LP		 1457 s->sync_scheduled = true;
1458 }
26687bf8
OS		 1459
1460 return 0;
1461}
1462
0c24bb23
LP		 1463static int dispatch_hostname_change(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
1464 Server *s = userdata;
1465
1466 assert(s);
1467
1468 server_cache_hostname(s);
1469 return 0;
1470}
1471
1472static int server_open_hostname(Server *s) {
1473 int r;
1474
1475 assert(s);
1476
1477 s->hostname_fd = open("/proc/sys/kernel/hostname", O_RDONLY|O_CLOEXEC|O_NDELAY|O_NOCTTY);
4a62c710
MS		 1478 if (s->hostname_fd < 0)
1479 return log_error_errno(errno, "Failed to open /proc/sys/kernel/hostname: %m");
0c24bb23 1480
151b9b96 1481 r = sd_event_add_io(s->event, &s->hostname_event_source, s->hostname_fd, 0, dispatch_hostname_change, s);
0c24bb23 1482 if (r < 0) {
28def94c
DR		 1483 /* kernels prior to 3.2 don't support polling this file. Ignore
1484 * the failure. */
1485 if (r == -EPERM) {
e53fc357 1486 log_warning_errno(r, "Failed to register hostname fd in event loop, ignoring: %m");
03e334a1 1487 s->hostname_fd = safe_close(s->hostname_fd);
28def94c
DR		 1488 return 0;
1489 }
1490
23bbb0de 1491 return log_error_errno(r, "Failed to register hostname fd in event loop: %m");
0c24bb23
LP		 1492 }
1493
1494 r = sd_event_source_set_priority(s->hostname_event_source, SD_EVENT_PRIORITY_IMPORTANT-10);
23bbb0de
MS		 1495 if (r < 0)
1496 return log_error_errno(r, "Failed to adjust priority of host name event source: %m");
0c24bb23
LP		 1497
1498 return 0;
1499}
1500
e22aa3d3
LP		 1501static int dispatch_notify_event(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
1502 Server *s = userdata;
1503 int r;
1504
1505 assert(s);
1506 assert(s->notify_event_source == es);
1507 assert(s->notify_fd == fd);
1508
e22aa3d3 1509 /* The $NOTIFY_SOCKET is writable again, now send exactly one
119e9655
LP		 1510 * message on it. Either it's the wtachdog event, the initial
1511 * READY=1 event or an stdout stream event. If there's nothing
1512 * to write anymore, turn our event source off. The next time
1513 * there's something to send it will be turned on again. */
e22aa3d3
LP		 1514
1515 if (!s->sent_notify_ready) {
1516 static const char p[] =
1517 "READY=1\n"
1518 "STATUS=Processing requests...";
1519 ssize_t l;
1520
1521 l = send(s->notify_fd, p, strlen(p), MSG_DONTWAIT);
1522 if (l < 0) {
1523 if (errno == EAGAIN)
1524 return 0;
1525
1526 return log_error_errno(errno, "Failed to send READY=1 notification message: %m");
1527 }
1528
1529 s->sent_notify_ready = true;
1530 log_debug("Sent READY=1 notification.");
1531
119e9655
LP		 1532 } else if (s->send_watchdog) {
1533
1534 static const char p[] =
1535 "WATCHDOG=1";
1536
1537 ssize_t l;
1538
1539 l = send(s->notify_fd, p, strlen(p), MSG_DONTWAIT);
1540 if (l < 0) {
1541 if (errno == EAGAIN)
1542 return 0;
1543
1544 return log_error_errno(errno, "Failed to send WATCHDOG=1 notification message: %m");
1545 }
1546
1547 s->send_watchdog = false;
1548 log_debug("Sent WATCHDOG=1 notification.");
1549
e22aa3d3
LP		 1550 } else if (s->stdout_streams_notify_queue)
1551 /* Dispatch one stream notification event */
1552 stdout_stream_send_notify(s->stdout_streams_notify_queue);
1553
1554 /* Leave us enabled if there's still more to to do. */
119e9655 1555 if (s->send_watchdog || s->stdout_streams_notify_queue)
e22aa3d3
LP		 1556 return 0;
1557
1558 /* There was nothing to do anymore, let's turn ourselves off. */
1559 r = sd_event_source_set_enabled(es, SD_EVENT_OFF);
1560 if (r < 0)
1561 return log_error_errno(r, "Failed to turn off notify event source: %m");
1562
1563 return 0;
1564}
1565
119e9655
LP		 1566static int dispatch_watchdog(sd_event_source *es, uint64_t usec, void *userdata) {
1567 Server *s = userdata;
1568 int r;
1569
1570 assert(s);
1571
1572 s->send_watchdog = true;
1573
1574 r = sd_event_source_set_enabled(s->notify_event_source, SD_EVENT_ON);
1575 if (r < 0)
1576 log_warning_errno(r, "Failed to turn on notify event source: %m");
1577
1578 r = sd_event_source_set_time(s->watchdog_event_source, usec + s->watchdog_usec / 2);
1579 if (r < 0)
1580 return log_error_errno(r, "Failed to restart watchdog event source: %m");
1581
1582 r = sd_event_source_set_enabled(s->watchdog_event_source, SD_EVENT_ON);
1583 if (r < 0)
1584 return log_error_errno(r, "Failed to enable watchdog event source: %m");
1585
1586 return 0;
1587}
1588
e22aa3d3
LP		 1589static int server_connect_notify(Server *s) {
1590 union sockaddr_union sa = {
1591 .un.sun_family = AF_UNIX,
1592 };
1593 const char *e;
1594 int r;
1595
1596 assert(s);
1597 assert(s->notify_fd < 0);
1598 assert(!s->notify_event_source);
1599
1600 /*
1601 So here's the problem: we'd like to send notification
1602 messages to PID 1, but we cannot do that via sd_notify(),
1603 since that's synchronous, and we might end up blocking on
1604 it. Specifically: given that PID 1 might block on
1605 dbus-daemon during IPC, and dbus-daemon is logging to us,
1606 and might hence block on us, we might end up in a deadlock
1607 if we block on sending PID 1 notification messages -- by
1608 generating a full blocking circle. To avoid this, let's
1609 create a non-blocking socket, and connect it to the
1610 notification socket, and then wait for POLLOUT before we
1611 send anything. This should efficiently avoid any deadlocks,
1612 as we'll never block on PID 1, hence PID 1 can safely block
1613 on dbus-daemon which can safely block on us again.
1614
1615 Don't think that this issue is real? It is, see:
1616 https://github.com/systemd/systemd/issues/1505
1617 */
1618
1619 e = getenv("NOTIFY_SOCKET");
1620 if (!e)
1621 return 0;
1622
1623 if ((e[0] != '@' && e[0] != '/') || e[1] == 0) {
1624 log_error("NOTIFY_SOCKET set to an invalid value: %s", e);
1625 return -EINVAL;
1626 }
1627
1628 if (strlen(e) > sizeof(sa.un.sun_path)) {
1629 log_error("NOTIFY_SOCKET path too long: %s", e);
1630 return -EINVAL;
1631 }
1632
1633 s->notify_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
1634 if (s->notify_fd < 0)
1635 return log_error_errno(errno, "Failed to create notify socket: %m");
1636
1637 (void) fd_inc_sndbuf(s->notify_fd, NOTIFY_SNDBUF_SIZE);
1638
1639 strncpy(sa.un.sun_path, e, sizeof(sa.un.sun_path));
1640 if (sa.un.sun_path[0] == '@')
1641 sa.un.sun_path[0] = 0;
1642
1643 r = connect(s->notify_fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(e));
1644 if (r < 0)
1645 return log_error_errno(errno, "Failed to connect to notify socket: %m");
1646
1647 r = sd_event_add_io(s->event, &s->notify_event_source, s->notify_fd, EPOLLOUT, dispatch_notify_event, s);
1648 if (r < 0)
1649 return log_error_errno(r, "Failed to watch notification socket: %m");
1650
119e9655
LP		 1651 if (sd_watchdog_enabled(false, &s->watchdog_usec) > 0) {
1652 s->send_watchdog = true;
1653
4de2402b 1654 r = sd_event_add_time(s->event, &s->watchdog_event_source, CLOCK_MONOTONIC, now(CLOCK_MONOTONIC) + s->watchdog_usec/2, s->watchdog_usec/4, dispatch_watchdog, s);
119e9655
LP		 1655 if (r < 0)
1656 return log_error_errno(r, "Failed to add watchdog time event: %m");
1657 }
1658
e22aa3d3
LP		 1659 /* This should fire pretty soon, which we'll use to send the
1660 * READY=1 event. */
1661
1662 return 0;
1663}
1664
d025f1e4 1665int server_init(Server *s) {
13790add 1666 _cleanup_fdset_free_ FDSet *fds = NULL;
d025f1e4 1667 int n, r, fd;
7d18d348 1668 bool no_sockets;
d025f1e4
ZJS		 1669
1670 assert(s);
1671
1672 zero(*s);
e22aa3d3 1673 s->syslog_fd = s->native_fd = s->stdout_fd = s->dev_kmsg_fd = s->audit_fd = s->hostname_fd = s->notify_fd = -1;
d025f1e4
ZJS		 1674 s->compress = true;
1675 s->seal = true;
1676
119e9655
LP		 1677 s->watchdog_usec = USEC_INFINITY;
1678
26687bf8
OS		 1679 s->sync_interval_usec = DEFAULT_SYNC_INTERVAL_USEC;
1680 s->sync_scheduled = false;
1681
d025f1e4
ZJS		 1682 s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL;
1683 s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST;
1684
40b71e89 1685 s->forward_to_wall = true;
d025f1e4 1686
e150e820
MB		 1687 s->max_file_usec = DEFAULT_MAX_FILE_USEC;
1688
d025f1e4
ZJS		 1689 s->max_level_store = LOG_DEBUG;
1690 s->max_level_syslog = LOG_DEBUG;
1691 s->max_level_kmsg = LOG_NOTICE;
1692 s->max_level_console = LOG_INFO;
40b71e89 1693 s->max_level_wall = LOG_EMERG;
d025f1e4 1694
8580d1f7
LP		 1695 journal_reset_metrics(&s->system_metrics);
1696 journal_reset_metrics(&s->runtime_metrics);
d025f1e4
ZJS		 1697
1698 server_parse_config_file(s);
1699 server_parse_proc_cmdline(s);
8580d1f7 1700
d288f79f 1701 if (!!s->rate_limit_interval ^ !!s->rate_limit_burst) {
b1389b0d
ZJS		 1702 log_debug("Setting both rate limit interval and burst from "USEC_FMT",%u to 0,0",
1703 s->rate_limit_interval, s->rate_limit_burst);
d288f79f
ZJS		 1704 s->rate_limit_interval = s->rate_limit_burst = 0;
1705 }
d025f1e4 1706
8580d1f7 1707 (void) mkdir_p("/run/systemd/journal", 0755);
d025f1e4 1708
43cf8388 1709 s->user_journals = ordered_hashmap_new(NULL);
d025f1e4
ZJS		 1710 if (!s->user_journals)
1711 return log_oom();
1712
1713 s->mmap = mmap_cache_new();
1714 if (!s->mmap)
1715 return log_oom();
1716
f9a810be 1717 r = sd_event_default(&s->event);
23bbb0de
MS		 1718 if (r < 0)
1719 return log_error_errno(r, "Failed to create event loop: %m");
d025f1e4
ZJS		 1720
1721 n = sd_listen_fds(true);
23bbb0de
MS		 1722 if (n < 0)
1723 return log_error_errno(n, "Failed to read listening file descriptors from environment: %m");
d025f1e4
ZJS		 1724
1725 for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
1726
1727 if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/socket", 0) > 0) {
1728
1729 if (s->native_fd >= 0) {
1730 log_error("Too many native sockets passed.");
1731 return -EINVAL;
1732 }
1733
1734 s->native_fd = fd;
1735
1736 } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, "/run/systemd/journal/stdout", 0) > 0) {
1737
1738 if (s->stdout_fd >= 0) {
1739 log_error("Too many stdout sockets passed.");
1740 return -EINVAL;
1741 }
1742
1743 s->stdout_fd = fd;
1744
03ee5c38
LP		 1745 } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0 ||
1746 sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/dev-log", 0) > 0) {
d025f1e4
ZJS		 1747
1748 if (s->syslog_fd >= 0) {
1749 log_error("Too many /dev/log sockets passed.");
1750 return -EINVAL;
1751 }
1752
1753 s->syslog_fd = fd;
1754
875c2e22
LP		 1755 } else if (sd_is_socket(fd, AF_NETLINK, SOCK_RAW, -1) > 0) {
1756
1757 if (s->audit_fd >= 0) {
1758 log_error("Too many audit sockets passed.");
1759 return -EINVAL;
1760 }
1761
1762 s->audit_fd = fd;
1763
4ec3cd73 1764 } else {
4ec3cd73 1765
13790add
LP		 1766 if (!fds) {
1767 fds = fdset_new();
1768 if (!fds)
1769 return log_oom();
1770 }
4ec3cd73 1771
13790add
LP		 1772 r = fdset_put(fds, fd);
1773 if (r < 0)
1774 return log_oom();
4ec3cd73 1775 }
d025f1e4
ZJS		 1776 }
1777
15d91bff
ZJS		 1778 /* Try to restore streams, but don't bother if this fails */
1779 (void) server_restore_streams(s, fds);
d025f1e4 1780
13790add
LP		 1781 if (fdset_size(fds) > 0) {
1782 log_warning("%u unknown file descriptors passed, closing.", fdset_size(fds));
1783 fds = fdset_free(fds);
1784 }
1785
7d18d348
ZJS		 1786 no_sockets = s->native_fd < 0 && s->stdout_fd < 0 && s->syslog_fd < 0 && s->audit_fd < 0;
1787
1788 /* always open stdout, syslog, native, and kmsg sockets */
37b7affe
ZJS		 1789
1790 /* systemd-journald.socket: /run/systemd/journal/stdout */
15d91bff
ZJS		 1791 r = server_open_stdout_socket(s);
1792 if (r < 0)
1793 return r;
1794
37b7affe 1795 /* systemd-journald-dev-log.socket: /run/systemd/journal/dev-log */
13790add 1796 r = server_open_syslog_socket(s);
d025f1e4
ZJS		 1797 if (r < 0)
1798 return r;
1799
37b7affe 1800 /* systemd-journald.socket: /run/systemd/journal/socket */
13790add 1801 r = server_open_native_socket(s);
d025f1e4
ZJS		 1802 if (r < 0)
1803 return r;
1804
37b7affe 1805 /* /dev/ksmg */
d025f1e4
ZJS		 1806 r = server_open_dev_kmsg(s);
1807 if (r < 0)
1808 return r;
1809
7d18d348
ZJS		 1810 /* Unless we got *some* sockets and not audit, open audit socket */
1811 if (s->audit_fd >= 0 || no_sockets) {
1812 r = server_open_audit(s);
1813 if (r < 0)
1814 return r;
1815 }
875c2e22 1816
d025f1e4
ZJS		 1817 r = server_open_kernel_seqnum(s);
1818 if (r < 0)
1819 return r;
1820
0c24bb23
LP		 1821 r = server_open_hostname(s);
1822 if (r < 0)
1823 return r;
1824
f9a810be 1825 r = setup_signals(s);
d025f1e4
ZJS		 1826 if (r < 0)
1827 return r;
1828
1829 s->udev = udev_new();
1830 if (!s->udev)
1831 return -ENOMEM;
1832
f9a810be 1833 s->rate_limit = journal_rate_limit_new(s->rate_limit_interval, s->rate_limit_burst);
d025f1e4
ZJS		 1834 if (!s->rate_limit)
1835 return -ENOMEM;
1836
e9174f29
LP		 1837 r = cg_get_root_path(&s->cgroup_root);
1838 if (r < 0)
1839 return r;
1840
0c24bb23
LP		 1841 server_cache_hostname(s);
1842 server_cache_boot_id(s);
1843 server_cache_machine_id(s);
1844
e22aa3d3
LP		 1845 (void) server_connect_notify(s);
1846
804ae586 1847 return system_journal_open(s, false);
d025f1e4
ZJS		 1848}
1849
1850void server_maybe_append_tags(Server *s) {
1851#ifdef HAVE_GCRYPT
1852 JournalFile *f;
1853 Iterator i;
1854 usec_t n;
1855
1856 n = now(CLOCK_REALTIME);
1857
1858 if (s->system_journal)
1859 journal_file_maybe_append_tag(s->system_journal, n);
1860
43cf8388 1861 ORDERED_HASHMAP_FOREACH(f, s->user_journals, i)
d025f1e4
ZJS		 1862 journal_file_maybe_append_tag(f, n);
1863#endif
1864}
1865
1866void server_done(Server *s) {
1867 JournalFile *f;
1868 assert(s);
1869
1870 while (s->stdout_streams)
1871 stdout_stream_free(s->stdout_streams);
1872
1873 if (s->system_journal)
1874 journal_file_close(s->system_journal);
1875
1876 if (s->runtime_journal)
1877 journal_file_close(s->runtime_journal);
1878
43cf8388 1879 while ((f = ordered_hashmap_steal_first(s->user_journals)))
d025f1e4
ZJS		 1880 journal_file_close(f);
1881
43cf8388 1882 ordered_hashmap_free(s->user_journals);
d025f1e4 1883
f9a810be
LP		 1884 sd_event_source_unref(s->syslog_event_source);
1885 sd_event_source_unref(s->native_event_source);
1886 sd_event_source_unref(s->stdout_event_source);
1887 sd_event_source_unref(s->dev_kmsg_event_source);
875c2e22 1888 sd_event_source_unref(s->audit_event_source);
f9a810be
LP		 1889 sd_event_source_unref(s->sync_event_source);
1890 sd_event_source_unref(s->sigusr1_event_source);
1891 sd_event_source_unref(s->sigusr2_event_source);
1892 sd_event_source_unref(s->sigterm_event_source);
1893 sd_event_source_unref(s->sigint_event_source);
94b65516 1894 sd_event_source_unref(s->sigrtmin1_event_source);
0c24bb23 1895 sd_event_source_unref(s->hostname_event_source);
e22aa3d3 1896 sd_event_source_unref(s->notify_event_source);
119e9655 1897 sd_event_source_unref(s->watchdog_event_source);
f9a810be 1898 sd_event_unref(s->event);
d025f1e4 1899
03e334a1
LP		 1900 safe_close(s->syslog_fd);
1901 safe_close(s->native_fd);
1902 safe_close(s->stdout_fd);
1903 safe_close(s->dev_kmsg_fd);
875c2e22 1904 safe_close(s->audit_fd);
03e334a1 1905 safe_close(s->hostname_fd);
e22aa3d3 1906 safe_close(s->notify_fd);
0c24bb23 1907
d025f1e4
ZJS		 1908 if (s->rate_limit)
1909 journal_rate_limit_free(s->rate_limit);
1910
1911 if (s->kernel_seqnum)
1912 munmap(s->kernel_seqnum, sizeof(uint64_t));
1913
1914 free(s->buffer);
1915 free(s->tty_path);
e9174f29 1916 free(s->cgroup_root);
99d0966e 1917 free(s->hostname_field);
d025f1e4
ZJS		 1918
1919 if (s->mmap)
1920 mmap_cache_unref(s->mmap);
1921
3e044c49 1922 udev_unref(s->udev);
d025f1e4 1923}
8580d1f7
LP		 1924
1925static const char* const storage_table[_STORAGE_MAX] = {
1926 [STORAGE_AUTO] = "auto",
1927 [STORAGE_VOLATILE] = "volatile",
1928 [STORAGE_PERSISTENT] = "persistent",
1929 [STORAGE_NONE] = "none"
1930};
1931
1932DEFINE_STRING_TABLE_LOOKUP(storage, Storage);
1933DEFINE_CONFIG_PARSE_ENUM(config_parse_storage, storage, Storage, "Failed to parse storage setting");
1934
1935static const char* const split_mode_table[_SPLIT_MAX] = {
1936 [SPLIT_LOGIN] = "login",
1937 [SPLIT_UID] = "uid",
1938 [SPLIT_NONE] = "none",
1939};
1940
1941DEFINE_STRING_TABLE_LOOKUP(split_mode, SplitMode);
1942DEFINE_CONFIG_PARSE_ENUM(config_parse_split_mode, split_mode, SplitMode, "Failed to parse split mode setting");
Unnamed repository; edit this file 'description' to name the repository.