]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/journal/journald-server.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
journald: fix LOG_AUTH facility in audit code
[thirdparty/systemd.git] / src / journal / journald-server.c
CommitLineData
d025f1e4
ZJS		 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3/***
4 This file is part of systemd.
5
6 Copyright 2011 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
24882e06
LP		 22#ifdef HAVE_SELINUX
23#include <selinux/selinux.h>
24#endif
8580d1f7
LP		 25#include <sys/ioctl.h>
26#include <sys/mman.h>
27#include <sys/signalfd.h>
28#include <sys/statvfs.h>
07630cea 29#include <linux/sockios.h>
24882e06 30
b4bbcaa9 31#include "libudev.h"
8580d1f7 32#include "sd-daemon.h"
74df0fca
LP		 33#include "sd-journal.h"
34#include "sd-messages.h"
8580d1f7
LP		 35
36#include "acl-util.h"
b5efdb8a 37#include "alloc-util.h"
430f0182 38#include "audit-util.h"
d025f1e4 39#include "cgroup-util.h"
d025f1e4 40#include "conf-parser.h"
a0956174 41#include "dirent-util.h"
0dec689b 42#include "extract-word.h"
3ffd4af2 43#include "fd-util.h"
33d52ab9 44#include "fileio.h"
958b66ea 45#include "formats-util.h"
f4f15635 46#include "fs-util.h"
8580d1f7 47#include "hashmap.h"
958b66ea 48#include "hostname-util.h"
afc5dbf3 49#include "io-util.h"
8580d1f7
LP		 50#include "journal-authenticate.h"
51#include "journal-file.h"
d025f1e4
ZJS		 52#include "journal-internal.h"
53#include "journal-vacuum.h"
8580d1f7 54#include "journald-audit.h"
d025f1e4 55#include "journald-kmsg.h"
d025f1e4 56#include "journald-native.h"
8580d1f7 57#include "journald-rate-limit.h"
3ffd4af2 58#include "journald-server.h"
8580d1f7
LP		 59#include "journald-stream.h"
60#include "journald-syslog.h"
07630cea
LP		 61#include "missing.h"
62#include "mkdir.h"
6bedfcbb 63#include "parse-util.h"
4e731273 64#include "proc-cmdline.h"
07630cea
LP		 65#include "process-util.h"
66#include "rm-rf.h"
67#include "selinux-util.h"
68#include "signal-util.h"
69#include "socket-util.h"
32917e33 70#include "stdio-util.h"
8b43440b 71#include "string-table.h"
07630cea 72#include "string-util.h"
4a0b58c4 73#include "user-util.h"
8a03c9ef 74#include "log.h"
d025f1e4 75
d025f1e4
ZJS		 76#define USER_JOURNALS_MAX 1024
77
26687bf8 78#define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
7f1ad696
LP		 79#define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC)
80#define DEFAULT_RATE_LIMIT_BURST 1000
e150e820 81#define DEFAULT_MAX_FILE_USEC USEC_PER_MONTH
d025f1e4 82
8580d1f7 83#define RECHECK_SPACE_USEC (30*USEC_PER_SEC)
d025f1e4 84
e22aa3d3
LP		 85#define NOTIFY_SNDBUF_SIZE (8*1024*1024)
86
7a24f3bf
VC		 87/* The period to insert between posting changes for coalescing */
88#define POST_CHANGE_TIMER_INTERVAL_USEC (250*USEC_PER_MSEC)
89
8580d1f7
LP		 90static int determine_space_for(
91 Server *s,
92 JournalMetrics *metrics,
93 const char *path,
94 const char *name,
95 bool verbose,
96 bool patch_min_use,
97 uint64_t *available,
98 uint64_t *limit) {
99
100 uint64_t sum = 0, ss_avail, avail;
7fd1b19b 101 _cleanup_closedir_ DIR *d = NULL;
8580d1f7
LP		 102 struct dirent *de;
103 struct statvfs ss;
104 const char *p;
d025f1e4 105 usec_t ts;
d025f1e4 106
8580d1f7
LP		 107 assert(s);
108 assert(metrics);
109 assert(path);
110 assert(name);
d025f1e4 111
8580d1f7 112 ts = now(CLOCK_MONOTONIC);
d025f1e4 113
8580d1f7 114 if (!verbose && s->cached_space_timestamp + RECHECK_SPACE_USEC > ts) {
d025f1e4 115
8580d1f7
LP		 116 if (available)
117 *available = s->cached_space_available;
118 if (limit)
119 *limit = s->cached_space_limit;
d025f1e4 120
d025f1e4 121 return 0;
8580d1f7 122 }
d025f1e4 123
8580d1f7 124 p = strjoina(path, SERVER_MACHINE_ID(s));
d025f1e4 125 d = opendir(p);
d025f1e4 126 if (!d)
8580d1f7 127 return log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, errno, "Failed to open %s: %m", p);
d025f1e4
ZJS		 128
129 if (fstatvfs(dirfd(d), &ss) < 0)
8580d1f7 130 return log_error_errno(errno, "Failed to fstatvfs(%s): %m", p);
d025f1e4 131
8580d1f7 132 FOREACH_DIRENT_ALL(de, d, break) {
d025f1e4 133 struct stat st;
d025f1e4
ZJS		 134
135 if (!endswith(de->d_name, ".journal") &&
136 !endswith(de->d_name, ".journal~"))
137 continue;
138
8580d1f7
LP		 139 if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
140 log_debug_errno(errno, "Failed to stat %s/%s, ignoring: %m", p, de->d_name);
d025f1e4 141 continue;
8580d1f7 142 }
d025f1e4
ZJS		 143
144 if (!S_ISREG(st.st_mode))
145 continue;
146
147 sum += (uint64_t) st.st_blocks * 512UL;
148 }
149
8a03c9ef 150 /* If requested, then let's bump the min_use limit to the
8580d1f7
LP		 151 * current usage on disk. We do this when starting up and
152 * first opening the journal files. This way sudden spikes in
153 * disk usage will not cause journald to vacuum files without
154 * bounds. Note that this means that only a restart of
155 * journald will make it reset this value. */
d025f1e4 156
8580d1f7
LP		 157 if (patch_min_use)
158 metrics->min_use = MAX(metrics->min_use, sum);
348ced90 159
8580d1f7
LP		 160 ss_avail = ss.f_bsize * ss.f_bavail;
161 avail = LESS_BY(ss_avail, metrics->keep_free);
348ced90 162
8580d1f7
LP		 163 s->cached_space_limit = MIN(MAX(sum + avail, metrics->min_use), metrics->max_use);
164 s->cached_space_available = LESS_BY(s->cached_space_limit, sum);
165 s->cached_space_timestamp = ts;
d025f1e4 166
670b110c
ZJS		 167 if (verbose) {
168 char fb1[FORMAT_BYTES_MAX], fb2[FORMAT_BYTES_MAX], fb3[FORMAT_BYTES_MAX],
8580d1f7 169 fb4[FORMAT_BYTES_MAX], fb5[FORMAT_BYTES_MAX], fb6[FORMAT_BYTES_MAX];
282c5c4e
ZJS		 170 format_bytes(fb1, sizeof(fb1), sum);
171 format_bytes(fb2, sizeof(fb2), metrics->max_use);
172 format_bytes(fb3, sizeof(fb3), metrics->keep_free);
173 format_bytes(fb4, sizeof(fb4), ss_avail);
174 format_bytes(fb5, sizeof(fb5), s->cached_space_limit);
175 format_bytes(fb6, sizeof(fb6), s->cached_space_available);
670b110c
ZJS		 176
177 server_driver_message(s, SD_MESSAGE_JOURNAL_USAGE,
282c5c4e
ZJS		 178 LOG_MESSAGE("%s (%s) is %s, max %s, %s free.",
179 name, path, fb1, fb5, fb6),
180 "JOURNAL_NAME=%s", name,
181 "JOURNAL_PATH=%s", path,
182 "CURRENT_USE=%"PRIu64, sum,
183 "CURRENT_USE_PRETTY=%s", fb1,
184 "MAX_USE=%"PRIu64, metrics->max_use,
185 "MAX_USE_PRETTY=%s", fb2,
186 "DISK_KEEP_FREE=%"PRIu64, metrics->keep_free,
187 "DISK_KEEP_FREE_PRETTY=%s", fb3,
188 "DISK_AVAILABLE=%"PRIu64, ss_avail,
189 "DISK_AVAILABLE_PRETTY=%s", fb4,
190 "LIMIT=%"PRIu64, s->cached_space_limit,
191 "LIMIT_PRETTY=%s", fb5,
192 "AVAILABLE=%"PRIu64, s->cached_space_available,
193 "AVAILABLE_PRETTY=%s", fb6,
8a03c9ef 194 NULL);
8580d1f7
LP		 195 }
196
197 if (available)
198 *available = s->cached_space_available;
199 if (limit)
200 *limit = s->cached_space_limit;
201
202 return 1;
203}
204
205static int determine_space(Server *s, bool verbose, bool patch_min_use, uint64_t *available, uint64_t *limit) {
206 JournalMetrics *metrics;
207 const char *path, *name;
208
209 assert(s);
210
211 if (s->system_journal) {
212 path = "/var/log/journal/";
213 metrics = &s->system_metrics;
214 name = "System journal";
215 } else {
216 path = "/run/log/journal/";
217 metrics = &s->runtime_metrics;
218 name = "Runtime journal";
670b110c
ZJS		 219 }
220
8580d1f7 221 return determine_space_for(s, metrics, path, name, verbose, patch_min_use, available, limit);
d025f1e4
ZJS		 222}
223
5c3bde3f 224static void server_add_acls(JournalFile *f, uid_t uid) {
d025f1e4 225#ifdef HAVE_ACL
5c3bde3f 226 int r;
d025f1e4 227#endif
d025f1e4
ZJS		 228 assert(f);
229
d025f1e4 230#ifdef HAVE_ACL
34c10968 231 if (uid <= SYSTEM_UID_MAX)
d025f1e4
ZJS		 232 return;
233
5c3bde3f
ZJS		 234 r = add_acls_for_user(f->fd, uid);
235 if (r < 0)
236 log_warning_errno(r, "Failed to set ACL on %s, ignoring: %m", f->path);
d025f1e4
ZJS		 237#endif
238}
239
7a24f3bf
VC		 240static int open_journal(
241 Server *s,
242 bool reliably,
243 const char *fname,
244 int flags,
245 bool seal,
246 JournalMetrics *metrics,
247 JournalFile *template,
248 JournalFile **ret) {
249 int r;
250
251 assert(s);
252 assert(fname);
253 assert(ret);
254
255 if (reliably)
256 r = journal_file_open_reliably(fname, flags, 0640, s->compress, seal, metrics, s->mmap, template, ret);
257 else
258 r = journal_file_open(fname, flags, 0640, s->compress, seal, metrics, s->mmap, template, ret);
259
260 if (r < 0)
261 return r;
262
263 r = journal_file_enable_post_change_timer(*ret, s->event, POST_CHANGE_TIMER_INTERVAL_USEC);
264 if (r < 0) {
265 *ret = journal_file_close(*ret);
266 return r;
267 }
268
269 return r;
270}
271
d025f1e4 272static JournalFile* find_journal(Server *s, uid_t uid) {
ed375beb 273 _cleanup_free_ char *p = NULL;
d025f1e4
ZJS		 274 int r;
275 JournalFile *f;
276 sd_id128_t machine;
277
278 assert(s);
279
280 /* We split up user logs only on /var, not on /run. If the
281 * runtime file is open, we write to it exclusively, in order
282 * to guarantee proper order as soon as we flush /run to
283 * /var and close the runtime file. */
284
285 if (s->runtime_journal)
286 return s->runtime_journal;
287
f7dc3ab9 288 if (uid <= SYSTEM_UID_MAX)
d025f1e4
ZJS		 289 return s->system_journal;
290
291 r = sd_id128_get_machine(&machine);
292 if (r < 0)
293 return s->system_journal;
294
4a0b58c4 295 f = ordered_hashmap_get(s->user_journals, UID_TO_PTR(uid));
d025f1e4
ZJS		 296 if (f)
297 return f;
298
de0671ee
ZJS		 299 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/user-"UID_FMT".journal",
300 SD_ID128_FORMAT_VAL(machine), uid) < 0)
d025f1e4
ZJS		 301 return s->system_journal;
302
43cf8388 303 while (ordered_hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
d025f1e4 304 /* Too many open? Then let's close one */
43cf8388 305 f = ordered_hashmap_steal_first(s->user_journals);
d025f1e4
ZJS		 306 assert(f);
307 journal_file_close(f);
308 }
309
7a24f3bf 310 r = open_journal(s, true, p, O_RDWR|O_CREAT, s->seal, &s->system_metrics, NULL, &f);
d025f1e4
ZJS		 311 if (r < 0)
312 return s->system_journal;
313
5c3bde3f 314 server_add_acls(f, uid);
d025f1e4 315
4a0b58c4 316 r = ordered_hashmap_put(s->user_journals, UID_TO_PTR(uid), f);
d025f1e4
ZJS		 317 if (r < 0) {
318 journal_file_close(f);
319 return s->system_journal;
320 }
321
322 return f;
323}
324
ea69bd41
LP		 325static int do_rotate(
326 Server *s,
327 JournalFile **f,
328 const char* name,
329 bool seal,
330 uint32_t uid) {
331
fc55baee
ZJS		 332 int r;
333 assert(s);
334
335 if (!*f)
336 return -EINVAL;
337
338 r = journal_file_rotate(f, s->compress, seal);
339 if (r < 0)
340 if (*f)
ea69bd41 341 log_error_errno(r, "Failed to rotate %s: %m", (*f)->path);
fc55baee 342 else
ea69bd41 343 log_error_errno(r, "Failed to create new %s journal: %m", name);
fc55baee 344 else
5c3bde3f 345 server_add_acls(*f, uid);
2678031a 346
fc55baee
ZJS		 347 return r;
348}
349
d025f1e4
ZJS		 350void server_rotate(Server *s) {
351 JournalFile *f;
352 void *k;
353 Iterator i;
354 int r;
355
356 log_debug("Rotating...");
357
8580d1f7
LP		 358 (void) do_rotate(s, &s->runtime_journal, "runtime", false, 0);
359 (void) do_rotate(s, &s->system_journal, "system", s->seal, 0);
d025f1e4 360
43cf8388 361 ORDERED_HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
4a0b58c4 362 r = do_rotate(s, &f, "user", s->seal, PTR_TO_UID(k));
fc55baee 363 if (r >= 0)
43cf8388 364 ordered_hashmap_replace(s->user_journals, k, f);
fc55baee
ZJS		 365 else if (!f)
366 /* Old file has been closed and deallocated */
43cf8388 367 ordered_hashmap_remove(s->user_journals, k);
d025f1e4
ZJS		 368 }
369}
370
26687bf8
OS		 371void server_sync(Server *s) {
372 JournalFile *f;
26687bf8
OS		 373 Iterator i;
374 int r;
375
26687bf8
OS		 376 if (s->system_journal) {
377 r = journal_file_set_offline(s->system_journal);
378 if (r < 0)
65089b82 379 log_warning_errno(r, "Failed to sync system journal, ignoring: %m");
26687bf8
OS		 380 }
381
65c1d46b 382 ORDERED_HASHMAP_FOREACH(f, s->user_journals, i) {
26687bf8
OS		 383 r = journal_file_set_offline(f);
384 if (r < 0)
65089b82 385 log_warning_errno(r, "Failed to sync user journal, ignoring: %m");
26687bf8
OS		 386 }
387
f9a810be
LP		 388 if (s->sync_event_source) {
389 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_OFF);
390 if (r < 0)
da927ba9 391 log_error_errno(r, "Failed to disable sync timer source: %m");
f9a810be 392 }
26687bf8
OS		 393
394 s->sync_scheduled = false;
395}
396
ea69bd41
LP		 397static void do_vacuum(
398 Server *s,
ea69bd41 399 JournalFile *f,
8580d1f7
LP		 400 JournalMetrics *metrics,
401 const char *path,
402 const char *name,
403 bool verbose,
404 bool patch_min_use) {
ea69bd41
LP		 405
406 const char *p;
8580d1f7 407 uint64_t limit;
63c8666b
ZJS		 408 int r;
409
8580d1f7
LP		 410 assert(s);
411 assert(metrics);
412 assert(path);
413 assert(name);
414
63c8666b
ZJS		 415 if (!f)
416 return;
417
8580d1f7
LP		 418 p = strjoina(path, SERVER_MACHINE_ID(s));
419
420 limit = metrics->max_use;
421 (void) determine_space_for(s, metrics, path, name, verbose, patch_min_use, NULL, &limit);
422
423 r = journal_directory_vacuum(p, limit, metrics->n_max_files, s->max_retention_usec, &s->oldest_file_usec, verbose);
63c8666b 424 if (r < 0 && r != -ENOENT)
8580d1f7 425 log_warning_errno(r, "Failed to vacuum %s, ignoring: %m", p);
63c8666b
ZJS		 426}
427
8580d1f7
LP		 428int server_vacuum(Server *s, bool verbose, bool patch_min_use) {
429 assert(s);
d025f1e4
ZJS		 430
431 log_debug("Vacuuming...");
432
433 s->oldest_file_usec = 0;
434
8580d1f7
LP		 435 do_vacuum(s, s->system_journal, &s->system_metrics, "/var/log/journal/", "System journal", verbose, patch_min_use);
436 do_vacuum(s, s->runtime_journal, &s->runtime_metrics, "/run/log/journal/", "Runtime journal", verbose, patch_min_use);
d025f1e4 437
8580d1f7
LP		 438 s->cached_space_limit = 0;
439 s->cached_space_available = 0;
440 s->cached_space_timestamp = 0;
d025f1e4 441
8580d1f7 442 return 0;
d025f1e4
ZJS		 443}
444
0c24bb23
LP		 445static void server_cache_machine_id(Server *s) {
446 sd_id128_t id;
447 int r;
448
449 assert(s);
450
451 r = sd_id128_get_machine(&id);
452 if (r < 0)
453 return;
454
455 sd_id128_to_string(id, stpcpy(s->machine_id_field, "_MACHINE_ID="));
456}
457
458static void server_cache_boot_id(Server *s) {
459 sd_id128_t id;
460 int r;
461
462 assert(s);
463
464 r = sd_id128_get_boot(&id);
465 if (r < 0)
466 return;
467
468 sd_id128_to_string(id, stpcpy(s->boot_id_field, "_BOOT_ID="));
469}
470
471static void server_cache_hostname(Server *s) {
472 _cleanup_free_ char *t = NULL;
473 char *x;
474
475 assert(s);
476
477 t = gethostname_malloc();
478 if (!t)
479 return;
480
481 x = strappend("_HOSTNAME=", t);
482 if (!x)
483 return;
484
485 free(s->hostname_field);
486 s->hostname_field = x;
487}
488
8531ae70 489static bool shall_try_append_again(JournalFile *f, int r) {
d025f1e4
ZJS		 490
491 /* -E2BIG Hit configured limit
492 -EFBIG Hit fs limit
493 -EDQUOT Quota limit hit
494 -ENOSPC Disk full
fa6ac760 495 -EIO I/O error of some kind (mmap)
d025f1e4
ZJS		 496 -EHOSTDOWN Other machine
497 -EBUSY Unclean shutdown
498 -EPROTONOSUPPORT Unsupported feature
499 -EBADMSG Corrupted
500 -ENODATA Truncated
2678031a
LP		 501 -ESHUTDOWN Already archived
502 -EIDRM Journal file has been deleted */
d025f1e4
ZJS		 503
504 if (r == -E2BIG || r == -EFBIG || r == -EDQUOT || r == -ENOSPC)
505 log_debug("%s: Allocation limit reached, rotating.", f->path);
506 else if (r == -EHOSTDOWN)
507 log_info("%s: Journal file from other machine, rotating.", f->path);
508 else if (r == -EBUSY)
509 log_info("%s: Unclean shutdown, rotating.", f->path);
510 else if (r == -EPROTONOSUPPORT)
511 log_info("%s: Unsupported feature, rotating.", f->path);
512 else if (r == -EBADMSG || r == -ENODATA || r == ESHUTDOWN)
513 log_warning("%s: Journal file corrupted, rotating.", f->path);
fa6ac760
LP		 514 else if (r == -EIO)
515 log_warning("%s: IO error, rotating.", f->path);
2678031a
LP		 516 else if (r == -EIDRM)
517 log_warning("%s: Journal file has been deleted, rotating.", f->path);
d025f1e4
ZJS		 518 else
519 return false;
520
521 return true;
522}
523
d07f7b9e 524static void write_to_journal(Server *s, uid_t uid, struct iovec *iovec, unsigned n, int priority) {
d025f1e4
ZJS		 525 JournalFile *f;
526 bool vacuumed = false;
527 int r;
528
529 assert(s);
530 assert(iovec);
531 assert(n > 0);
532
533 f = find_journal(s, uid);
534 if (!f)
535 return;
536
537 if (journal_file_rotate_suggested(f, s->max_file_usec)) {
538 log_debug("%s: Journal header limits reached or header out-of-date, rotating.", f->path);
539 server_rotate(s);
8580d1f7 540 server_vacuum(s, false, false);
d025f1e4
ZJS		 541 vacuumed = true;
542
543 f = find_journal(s, uid);
544 if (!f)
545 return;
546 }
547
548 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
26687bf8 549 if (r >= 0) {
d07f7b9e 550 server_schedule_sync(s, priority);
d025f1e4 551 return;
26687bf8 552 }
d025f1e4
ZJS		 553
554 if (vacuumed || !shall_try_append_again(f, r)) {
8266e1c0 555 log_error_errno(r, "Failed to write entry (%d items, %zu bytes), ignoring: %m", n, IOVEC_TOTAL_SIZE(iovec, n));
d025f1e4
ZJS		 556 return;
557 }
558
559 server_rotate(s);
8580d1f7 560 server_vacuum(s, false, false);
d025f1e4
ZJS		 561
562 f = find_journal(s, uid);
563 if (!f)
564 return;
565
566 log_debug("Retrying write.");
567 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
8266e1c0
LP		 568 if (r < 0)
569 log_error_errno(r, "Failed to write entry (%d items, %zu bytes) despite vacuuming, ignoring: %m", n, IOVEC_TOTAL_SIZE(iovec, n));
570 else
d07f7b9e 571 server_schedule_sync(s, priority);
d025f1e4
ZJS		 572}
573
574static void dispatch_message_real(
575 Server *s,
576 struct iovec *iovec, unsigned n, unsigned m,
3b3154df
LP		 577 const struct ucred *ucred,
578 const struct timeval *tv,
d025f1e4 579 const char *label, size_t label_len,
968f3196 580 const char *unit_id,
d07f7b9e 581 int priority,
968f3196 582 pid_t object_pid) {
d025f1e4 583
968f3196 584 char pid[sizeof("_PID=") + DECIMAL_STR_MAX(pid_t)],
ae018d9b
LP		 585 uid[sizeof("_UID=") + DECIMAL_STR_MAX(uid_t)],
586 gid[sizeof("_GID=") + DECIMAL_STR_MAX(gid_t)],
587 owner_uid[sizeof("_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)],
d3789917 588 source_time[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)],
968f3196
ZJS		 589 o_uid[sizeof("OBJECT_UID=") + DECIMAL_STR_MAX(uid_t)],
590 o_gid[sizeof("OBJECT_GID=") + DECIMAL_STR_MAX(gid_t)],
591 o_owner_uid[sizeof("OBJECT_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)];
592 uid_t object_uid;
593 gid_t object_gid;
968f3196 594 char *x;
d025f1e4 595 int r;
ae018d9b 596 char *t, *c;
82499507
LP		 597 uid_t realuid = 0, owner = 0, journal_uid;
598 bool owner_valid = false;
ae018d9b 599#ifdef HAVE_AUDIT
968f3196
ZJS		 600 char audit_session[sizeof("_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
601 audit_loginuid[sizeof("_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)],
602 o_audit_session[sizeof("OBJECT_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
603 o_audit_loginuid[sizeof("OBJECT_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)];
ae018d9b
LP		 604
605 uint32_t audit;
606 uid_t loginuid;
607#endif
d025f1e4
ZJS		 608
609 assert(s);
610 assert(iovec);
611 assert(n > 0);
968f3196 612 assert(n + N_IOVEC_META_FIELDS + (object_pid ? N_IOVEC_OBJECT_FIELDS : 0) <= m);
d025f1e4
ZJS		 613
614 if (ucred) {
d025f1e4
ZJS		 615 realuid = ucred->uid;
616
de0671ee 617 sprintf(pid, "_PID="PID_FMT, ucred->pid);
c2457105 618 IOVEC_SET_STRING(iovec[n++], pid);
d025f1e4 619
de0671ee 620 sprintf(uid, "_UID="UID_FMT, ucred->uid);
c2457105 621 IOVEC_SET_STRING(iovec[n++], uid);
d025f1e4 622
de0671ee 623 sprintf(gid, "_GID="GID_FMT, ucred->gid);
c2457105 624 IOVEC_SET_STRING(iovec[n++], gid);
d025f1e4
ZJS		 625
626 r = get_process_comm(ucred->pid, &t);
627 if (r >= 0) {
63c372cb 628 x = strjoina("_COMM=", t);
d025f1e4 629 free(t);
968f3196 630 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4
ZJS		 631 }
632
633 r = get_process_exe(ucred->pid, &t);
634 if (r >= 0) {
63c372cb 635 x = strjoina("_EXE=", t);
d025f1e4 636 free(t);
968f3196 637 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4
ZJS		 638 }
639
9bdbc2e2 640 r = get_process_cmdline(ucred->pid, 0, false, &t);
d025f1e4 641 if (r >= 0) {
63c372cb 642 x = strjoina("_CMDLINE=", t);
d025f1e4 643 free(t);
3a832116
SL		 644 IOVEC_SET_STRING(iovec[n++], x);
645 }
646
647 r = get_process_capeff(ucred->pid, &t);
648 if (r >= 0) {
63c372cb 649 x = strjoina("_CAP_EFFECTIVE=", t);
3a832116 650 free(t);
968f3196 651 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4
ZJS		 652 }
653
0a20e3c1 654#ifdef HAVE_AUDIT
d025f1e4 655 r = audit_session_from_pid(ucred->pid, &audit);
ae018d9b 656 if (r >= 0) {
de0671ee 657 sprintf(audit_session, "_AUDIT_SESSION=%"PRIu32, audit);
ae018d9b
LP		 658 IOVEC_SET_STRING(iovec[n++], audit_session);
659 }
d025f1e4
ZJS		 660
661 r = audit_loginuid_from_pid(ucred->pid, &loginuid);
7027ff61 662 if (r >= 0) {
de0671ee 663 sprintf(audit_loginuid, "_AUDIT_LOGINUID="UID_FMT, loginuid);
ae018d9b 664 IOVEC_SET_STRING(iovec[n++], audit_loginuid);
d025f1e4 665 }
ae018d9b 666#endif
d025f1e4 667
e9174f29 668 r = cg_pid_get_path_shifted(ucred->pid, s->cgroup_root, &c);
7027ff61 669 if (r >= 0) {
968f3196
ZJS		 670 char *session = NULL;
671
63c372cb 672 x = strjoina("_SYSTEMD_CGROUP=", c);
968f3196 673 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4 674
ae018d9b
LP		 675 r = cg_path_get_session(c, &t);
676 if (r >= 0) {
63c372cb 677 session = strjoina("_SYSTEMD_SESSION=", t);
ae018d9b 678 free(t);
d025f1e4 679 IOVEC_SET_STRING(iovec[n++], session);
ae018d9b
LP		 680 }
681
682 if (cg_path_get_owner_uid(c, &owner) >= 0) {
683 owner_valid = true;
d025f1e4 684
de0671ee 685 sprintf(owner_uid, "_SYSTEMD_OWNER_UID="UID_FMT, owner);
d025f1e4 686 IOVEC_SET_STRING(iovec[n++], owner_uid);
ae018d9b 687 }
d025f1e4 688
ae018d9b 689 if (cg_path_get_unit(c, &t) >= 0) {
63c372cb 690 x = strjoina("_SYSTEMD_UNIT=", t);
ae018d9b 691 free(t);
19cace37
LP		 692 IOVEC_SET_STRING(iovec[n++], x);
693 } else if (unit_id && !session) {
63c372cb 694 x = strjoina("_SYSTEMD_UNIT=", unit_id);
19cace37
LP		 695 IOVEC_SET_STRING(iovec[n++], x);
696 }
697
698 if (cg_path_get_user_unit(c, &t) >= 0) {
63c372cb 699 x = strjoina("_SYSTEMD_USER_UNIT=", t);
ae018d9b 700 free(t);
968f3196 701 IOVEC_SET_STRING(iovec[n++], x);
19cace37 702 } else if (unit_id && session) {
63c372cb 703 x = strjoina("_SYSTEMD_USER_UNIT=", unit_id);
19cace37
LP		 704 IOVEC_SET_STRING(iovec[n++], x);
705 }
ae018d9b 706
0a244b8e 707 if (cg_path_get_slice(c, &t) >= 0) {
63c372cb 708 x = strjoina("_SYSTEMD_SLICE=", t);
0a244b8e
LP		 709 free(t);
710 IOVEC_SET_STRING(iovec[n++], x);
711 }
712
ae018d9b 713 free(c);
2d43b190 714 } else if (unit_id) {
63c372cb 715 x = strjoina("_SYSTEMD_UNIT=", unit_id);
2d43b190 716 IOVEC_SET_STRING(iovec[n++], x);
ef1673d1 717 }
d025f1e4 718
d025f1e4 719#ifdef HAVE_SELINUX
6355e756 720 if (mac_selinux_have()) {
d682b3a7 721 if (label) {
f8294e41 722 x = alloca(strlen("_SELINUX_CONTEXT=") + label_len + 1);
ae018d9b 723
d682b3a7
LP		 724 *((char*) mempcpy(stpcpy(x, "_SELINUX_CONTEXT="), label, label_len)) = 0;
725 IOVEC_SET_STRING(iovec[n++], x);
726 } else {
727 security_context_t con;
d025f1e4 728
d682b3a7 729 if (getpidcon(ucred->pid, &con) >= 0) {
63c372cb 730 x = strjoina("_SELINUX_CONTEXT=", con);
e7ff4e7f 731
d682b3a7
LP		 732 freecon(con);
733 IOVEC_SET_STRING(iovec[n++], x);
734 }
d025f1e4
ZJS		 735 }
736 }
737#endif
738 }
968f3196
ZJS		 739 assert(n <= m);
740
741 if (object_pid) {
742 r = get_process_uid(object_pid, &object_uid);
743 if (r >= 0) {
de0671ee 744 sprintf(o_uid, "OBJECT_UID="UID_FMT, object_uid);
968f3196
ZJS		 745 IOVEC_SET_STRING(iovec[n++], o_uid);
746 }
747
748 r = get_process_gid(object_pid, &object_gid);
749 if (r >= 0) {
de0671ee 750 sprintf(o_gid, "OBJECT_GID="GID_FMT, object_gid);
968f3196
ZJS		 751 IOVEC_SET_STRING(iovec[n++], o_gid);
752 }
753
754 r = get_process_comm(object_pid, &t);
755 if (r >= 0) {
63c372cb 756 x = strjoina("OBJECT_COMM=", t);
968f3196
ZJS		 757 free(t);
758 IOVEC_SET_STRING(iovec[n++], x);
759 }
760
761 r = get_process_exe(object_pid, &t);
762 if (r >= 0) {
63c372cb 763 x = strjoina("OBJECT_EXE=", t);
968f3196
ZJS		 764 free(t);
765 IOVEC_SET_STRING(iovec[n++], x);
766 }
767
768 r = get_process_cmdline(object_pid, 0, false, &t);
769 if (r >= 0) {
63c372cb 770 x = strjoina("OBJECT_CMDLINE=", t);
968f3196
ZJS		 771 free(t);
772 IOVEC_SET_STRING(iovec[n++], x);
773 }
774
775#ifdef HAVE_AUDIT
776 r = audit_session_from_pid(object_pid, &audit);
777 if (r >= 0) {
de0671ee 778 sprintf(o_audit_session, "OBJECT_AUDIT_SESSION=%"PRIu32, audit);
968f3196
ZJS		 779 IOVEC_SET_STRING(iovec[n++], o_audit_session);
780 }
781
782 r = audit_loginuid_from_pid(object_pid, &loginuid);
783 if (r >= 0) {
de0671ee 784 sprintf(o_audit_loginuid, "OBJECT_AUDIT_LOGINUID="UID_FMT, loginuid);
968f3196
ZJS		 785 IOVEC_SET_STRING(iovec[n++], o_audit_loginuid);
786 }
787#endif
788
e9174f29 789 r = cg_pid_get_path_shifted(object_pid, s->cgroup_root, &c);
968f3196 790 if (r >= 0) {
63c372cb 791 x = strjoina("OBJECT_SYSTEMD_CGROUP=", c);
968f3196
ZJS		 792 IOVEC_SET_STRING(iovec[n++], x);
793
794 r = cg_path_get_session(c, &t);
795 if (r >= 0) {
63c372cb 796 x = strjoina("OBJECT_SYSTEMD_SESSION=", t);
968f3196
ZJS		 797 free(t);
798 IOVEC_SET_STRING(iovec[n++], x);
799 }
800
801 if (cg_path_get_owner_uid(c, &owner) >= 0) {
de0671ee 802 sprintf(o_owner_uid, "OBJECT_SYSTEMD_OWNER_UID="UID_FMT, owner);
968f3196
ZJS		 803 IOVEC_SET_STRING(iovec[n++], o_owner_uid);
804 }
805
806 if (cg_path_get_unit(c, &t) >= 0) {
63c372cb 807 x = strjoina("OBJECT_SYSTEMD_UNIT=", t);
968f3196 808 free(t);
19cace37
LP		 809 IOVEC_SET_STRING(iovec[n++], x);
810 }
811
812 if (cg_path_get_user_unit(c, &t) >= 0) {
63c372cb 813 x = strjoina("OBJECT_SYSTEMD_USER_UNIT=", t);
968f3196 814 free(t);
968f3196 815 IOVEC_SET_STRING(iovec[n++], x);
19cace37 816 }
968f3196
ZJS		 817
818 free(c);
819 }
820 }
821 assert(n <= m);
d025f1e4
ZJS		 822
823 if (tv) {
ae018d9b 824 sprintf(source_time, "_SOURCE_REALTIME_TIMESTAMP=%llu", (unsigned long long) timeval_load(tv));
a5693989 825 IOVEC_SET_STRING(iovec[n++], source_time);
d025f1e4
ZJS		 826 }
827
828 /* Note that strictly speaking storing the boot id here is
829 * redundant since the entry includes this in-line
830 * anyway. However, we need this indexed, too. */
0c24bb23
LP		 831 if (!isempty(s->boot_id_field))
832 IOVEC_SET_STRING(iovec[n++], s->boot_id_field);
d025f1e4 833
0c24bb23
LP		 834 if (!isempty(s->machine_id_field))
835 IOVEC_SET_STRING(iovec[n++], s->machine_id_field);
d025f1e4 836
0c24bb23
LP		 837 if (!isempty(s->hostname_field))
838 IOVEC_SET_STRING(iovec[n++], s->hostname_field);
d025f1e4
ZJS		 839
840 assert(n <= m);
841
da499392 842 if (s->split_mode == SPLIT_UID && realuid > 0)
40adcda8 843 /* Split up strictly by any UID */
759c945a 844 journal_uid = realuid;
82499507 845 else if (s->split_mode == SPLIT_LOGIN && realuid > 0 && owner_valid && owner > 0)
edc3797f
LP		 846 /* Split up by login UIDs. We do this only if the
847 * realuid is not root, in order not to accidentally
848 * leak privileged information to the user that is
849 * logged by a privileged process that is part of an
7517e174 850 * unprivileged session. */
8a0889df 851 journal_uid = owner;
da499392
KS		 852 else
853 journal_uid = 0;
759c945a 854
d07f7b9e 855 write_to_journal(s, journal_uid, iovec, n, priority);
d025f1e4
ZJS		 856}
857
858void server_driver_message(Server *s, sd_id128_t message_id, const char *format, ...) {
859 char mid[11 + 32 + 1];
8a03c9ef
ZJS		 860 struct iovec iovec[N_IOVEC_META_FIELDS + 5 + N_IOVEC_PAYLOAD_FIELDS];
861 unsigned n = 0, m;
32917e33 862 int r;
d025f1e4 863 va_list ap;
b92bea5d 864 struct ucred ucred = {};
d025f1e4
ZJS		 865
866 assert(s);
867 assert(format);
868
b6fa2555
EV		 869 IOVEC_SET_STRING(iovec[n++], "SYSLOG_FACILITY=3");
870 IOVEC_SET_STRING(iovec[n++], "SYSLOG_IDENTIFIER=systemd-journald");
871
d025f1e4 872 IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=driver");
32917e33 873 IOVEC_SET_STRING(iovec[n++], "PRIORITY=6");
d025f1e4
ZJS		 874
875 if (!sd_id128_equal(message_id, SD_ID128_NULL)) {
e2cc6eca 876 snprintf(mid, sizeof(mid), LOG_MESSAGE_ID(message_id));
d025f1e4
ZJS		 877 IOVEC_SET_STRING(iovec[n++], mid);
878 }
879
8a03c9ef
ZJS		 880 m = n;
881
882 va_start(ap, format);
32917e33
ZJS		 883 r = log_format_iovec(iovec, ELEMENTSOF(iovec), &n, false, 0, format, ap);
884 /* Error handling below */
8a03c9ef
ZJS		 885 va_end(ap);
886
d025f1e4
ZJS		 887 ucred.pid = getpid();
888 ucred.uid = getuid();
889 ucred.gid = getgid();
890
32917e33
ZJS		 891 if (r >= 0)
892 dispatch_message_real(s, iovec, n, ELEMENTSOF(iovec), &ucred, NULL, NULL, 0, NULL, LOG_INFO, 0);
8a03c9ef
ZJS		 893
894 while (m < n)
895 free(iovec[m++].iov_base);
32917e33
ZJS		 896
897 if (r < 0) {
898 /* We failed to format the message. Emit a warning instead. */
899 char buf[LINE_MAX];
900
901 xsprintf(buf, "MESSAGE=Entry printing failed: %s", strerror(-r));
902
903 n = 3;
904 IOVEC_SET_STRING(iovec[n++], "PRIORITY=4");
905 IOVEC_SET_STRING(iovec[n++], buf);
906 dispatch_message_real(s, iovec, n, ELEMENTSOF(iovec), &ucred, NULL, NULL, 0, NULL, LOG_INFO, 0);
907 }
d025f1e4
ZJS		 908}
909
910void server_dispatch_message(
911 Server *s,
912 struct iovec *iovec, unsigned n, unsigned m,
3b3154df
LP		 913 const struct ucred *ucred,
914 const struct timeval *tv,
d025f1e4
ZJS		 915 const char *label, size_t label_len,
916 const char *unit_id,
968f3196
ZJS		 917 int priority,
918 pid_t object_pid) {
d025f1e4 919
7027ff61 920 int rl, r;
7fd1b19b 921 _cleanup_free_ char *path = NULL;
8580d1f7 922 uint64_t available = 0;
db91ea32 923 char *c;
d025f1e4
ZJS		 924
925 assert(s);
926 assert(iovec || n == 0);
927
928 if (n == 0)
929 return;
930
931 if (LOG_PRI(priority) > s->max_level_store)
932 return;
933
2f5df74a
HHPF		 934 /* Stop early in case the information will not be stored
935 * in a journal. */
936 if (s->storage == STORAGE_NONE)
937 return;
938
d025f1e4
ZJS		 939 if (!ucred)
940 goto finish;
941
e9174f29 942 r = cg_pid_get_path_shifted(ucred->pid, s->cgroup_root, &path);
7027ff61 943 if (r < 0)
d025f1e4
ZJS		 944 goto finish;
945
946 /* example: /user/lennart/3/foobar
947 * /system/dbus.service/foobar
948 *
949 * So let's cut of everything past the third /, since that is
950 * where user directories start */
951
952 c = strchr(path, '/');
953 if (c) {
954 c = strchr(c+1, '/');
955 if (c) {
956 c = strchr(c+1, '/');
957 if (c)
958 *c = 0;
959 }
960 }
961
8580d1f7
LP		 962 (void) determine_space(s, false, false, &available, NULL);
963 rl = journal_rate_limit_test(s->rate_limit, path, priority & LOG_PRIMASK, available);
db91ea32 964 if (rl == 0)
d025f1e4 965 return;
d025f1e4
ZJS		 966
967 /* Write a suppression message if we suppressed something */
968 if (rl > 1)
db91ea32 969 server_driver_message(s, SD_MESSAGE_JOURNAL_DROPPED,
8a03c9ef
ZJS		 970 LOG_MESSAGE("Suppressed %u messages from %s", rl - 1, path),
971 NULL);
d025f1e4
ZJS		 972
973finish:
d07f7b9e 974 dispatch_message_real(s, iovec, n, m, ucred, tv, label, label_len, unit_id, priority, object_pid);
d025f1e4
ZJS		 975}
976
977
caa2f4c0 978static int system_journal_open(Server *s, bool flush_requested) {
84267e40 979 const char *fn;
09eba4d4 980 int r = 0;
d025f1e4
ZJS		 981
982 if (!s->system_journal &&
983 (s->storage == STORAGE_PERSISTENT || s->storage == STORAGE_AUTO) &&
caa2f4c0
ZJS		 984 (flush_requested
985 || access("/run/systemd/journal/flushed", F_OK) >= 0)) {
d025f1e4
ZJS		 986
987 /* If in auto mode: first try to create the machine
988 * path, but not the prefix.
989 *
990 * If in persistent mode: create /var/log/journal and
991 * the machine path */
992
993 if (s->storage == STORAGE_PERSISTENT)
ac892057 994 (void) mkdir_p("/var/log/journal/", 0755);
d025f1e4 995
8580d1f7 996 fn = strjoina("/var/log/journal/", SERVER_MACHINE_ID(s));
d025f1e4 997 (void) mkdir(fn, 0755);
d025f1e4 998
63c372cb 999 fn = strjoina(fn, "/system.journal");
7a24f3bf 1000 r = open_journal(s, true, fn, O_RDWR|O_CREAT, s->seal, &s->system_metrics, NULL, &s->system_journal);
8580d1f7 1001 if (r >= 0) {
5c3bde3f 1002 server_add_acls(s->system_journal, 0);
8580d1f7
LP		 1003 (void) determine_space_for(s, &s->system_metrics, "/var/log/journal/", "System journal", true, true, NULL, NULL);
1004 } else if (r < 0) {
433dd100 1005 if (r != -ENOENT && r != -EROFS)
da927ba9 1006 log_warning_errno(r, "Failed to open system journal: %m");
e40ec7ae 1007
433dd100
LN		 1008 r = 0;
1009 }
d025f1e4
ZJS		 1010 }
1011
1012 if (!s->runtime_journal &&
1013 (s->storage != STORAGE_NONE)) {
1014
8580d1f7 1015 fn = strjoina("/run/log/journal/", SERVER_MACHINE_ID(s), "/system.journal");
d025f1e4
ZJS		 1016
1017 if (s->system_journal) {
1018
1019 /* Try to open the runtime journal, but only
1020 * if it already exists, so that we can flush
1021 * it into the system journal */
1022
7a24f3bf 1023 r = open_journal(s, false, fn, O_RDWR, false, &s->runtime_metrics, NULL, &s->runtime_journal);
d025f1e4
ZJS		 1024 if (r < 0) {
1025 if (r != -ENOENT)
da927ba9 1026 log_warning_errno(r, "Failed to open runtime journal: %m");
d025f1e4
ZJS		 1027
1028 r = 0;
1029 }
1030
1031 } else {
1032
1033 /* OK, we really need the runtime journal, so create
1034 * it if necessary. */
1035
fc1d70af
LP		 1036 (void) mkdir("/run/log", 0755);
1037 (void) mkdir("/run/log/journal", 0755);
1038 (void) mkdir_parents(fn, 0750);
1039
7a24f3bf 1040 r = open_journal(s, true, fn, O_RDWR|O_CREAT, false, &s->runtime_metrics, NULL, &s->runtime_journal);
23bbb0de
MS		 1041 if (r < 0)
1042 return log_error_errno(r, "Failed to open runtime journal: %m");
d025f1e4
ZJS		 1043 }
1044
8580d1f7 1045 if (s->runtime_journal) {
5c3bde3f 1046 server_add_acls(s->runtime_journal, 0);
8580d1f7
LP		 1047 (void) determine_space_for(s, &s->runtime_metrics, "/run/log/journal/", "Runtime journal", true, true, NULL, NULL);
1048 }
d025f1e4
ZJS		 1049 }
1050
1051 return r;
1052}
1053
1054int server_flush_to_var(Server *s) {
d025f1e4
ZJS		 1055 sd_id128_t machine;
1056 sd_journal *j = NULL;
fbb63411
LP		 1057 char ts[FORMAT_TIMESPAN_MAX];
1058 usec_t start;
1059 unsigned n = 0;
1060 int r;
d025f1e4
ZJS		 1061
1062 assert(s);
1063
1064 if (s->storage != STORAGE_AUTO &&
1065 s->storage != STORAGE_PERSISTENT)
1066 return 0;
1067
1068 if (!s->runtime_journal)
1069 return 0;
1070
8580d1f7 1071 (void) system_journal_open(s, true);
d025f1e4
ZJS		 1072
1073 if (!s->system_journal)
1074 return 0;
1075
1076 log_debug("Flushing to /var...");
1077
fbb63411
LP		 1078 start = now(CLOCK_MONOTONIC);
1079
d025f1e4 1080 r = sd_id128_get_machine(&machine);
00a16861 1081 if (r < 0)
d025f1e4 1082 return r;
d025f1e4
ZJS		 1083
1084 r = sd_journal_open(&j, SD_JOURNAL_RUNTIME_ONLY);
23bbb0de
MS		 1085 if (r < 0)
1086 return log_error_errno(r, "Failed to read runtime journal: %m");
d025f1e4 1087
93b73b06
LP		 1088 sd_journal_set_data_threshold(j, 0);
1089
d025f1e4
ZJS		 1090 SD_JOURNAL_FOREACH(j) {
1091 Object *o = NULL;
1092 JournalFile *f;
1093
1094 f = j->current_file;
1095 assert(f && f->current_offset > 0);
1096
fbb63411
LP		 1097 n++;
1098
d025f1e4
ZJS		 1099 r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
1100 if (r < 0) {
da927ba9 1101 log_error_errno(r, "Can't read entry: %m");
d025f1e4
ZJS		 1102 goto finish;
1103 }
1104
1105 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
1106 if (r >= 0)
1107 continue;
1108
1109 if (!shall_try_append_again(s->system_journal, r)) {
da927ba9 1110 log_error_errno(r, "Can't write entry: %m");
d025f1e4
ZJS		 1111 goto finish;
1112 }
1113
1114 server_rotate(s);
8580d1f7 1115 server_vacuum(s, false, false);
d025f1e4 1116
253f59df
LP		 1117 if (!s->system_journal) {
1118 log_notice("Didn't flush runtime journal since rotation of system journal wasn't successful.");
1119 r = -EIO;
1120 goto finish;
1121 }
1122
d025f1e4
ZJS		 1123 log_debug("Retrying write.");
1124 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
1125 if (r < 0) {
da927ba9 1126 log_error_errno(r, "Can't write entry: %m");
d025f1e4
ZJS		 1127 goto finish;
1128 }
1129 }
1130
804ae586
LP		 1131 r = 0;
1132
d025f1e4
ZJS		 1133finish:
1134 journal_file_post_change(s->system_journal);
1135
804ae586 1136 s->runtime_journal = journal_file_close(s->runtime_journal);
d025f1e4
ZJS		 1137
1138 if (r >= 0)
c6878637 1139 (void) rm_rf("/run/log/journal", REMOVE_ROOT);
d025f1e4 1140
763c7aa2 1141 sd_journal_close(j);
d025f1e4 1142
8a03c9ef
ZJS		 1143 server_driver_message(s, SD_ID128_NULL,
1144 LOG_MESSAGE("Time spent on flushing to /var is %s for %u entries.",
1145 format_timespan(ts, sizeof(ts), now(CLOCK_MONOTONIC) - start, 0),
1146 n),
1147 NULL);
fbb63411 1148
d025f1e4
ZJS		 1149 return r;
1150}
1151
8531ae70 1152int server_process_datagram(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
f9a810be 1153 Server *s = userdata;
a315ac4e
LP		 1154 struct ucred *ucred = NULL;
1155 struct timeval *tv = NULL;
1156 struct cmsghdr *cmsg;
1157 char *label = NULL;
1158 size_t label_len = 0, m;
1159 struct iovec iovec;
1160 ssize_t n;
1161 int *fds = NULL, v = 0;
1162 unsigned n_fds = 0;
1163
1164 union {
1165 struct cmsghdr cmsghdr;
1166
1167 /* We use NAME_MAX space for the SELinux label
1168 * here. The kernel currently enforces no
1169 * limit, but according to suggestions from
1170 * the SELinux people this will change and it
1171 * will probably be identical to NAME_MAX. For
1172 * now we use that, but this should be updated
1173 * one day when the final limit is known. */
1174 uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
1175 CMSG_SPACE(sizeof(struct timeval)) +
1176 CMSG_SPACE(sizeof(int)) + /* fd */
1177 CMSG_SPACE(NAME_MAX)]; /* selinux label */
1178 } control = {};
1179
1180 union sockaddr_union sa = {};
1181
1182 struct msghdr msghdr = {
1183 .msg_iov = &iovec,
1184 .msg_iovlen = 1,
1185 .msg_control = &control,
1186 .msg_controllen = sizeof(control),
1187 .msg_name = &sa,
1188 .msg_namelen = sizeof(sa),
1189 };
f9a810be 1190
d025f1e4 1191 assert(s);
875c2e22 1192 assert(fd == s->native_fd || fd == s->syslog_fd || fd == s->audit_fd);
f9a810be
LP		 1193
1194 if (revents != EPOLLIN) {
1195 log_error("Got invalid event from epoll for datagram fd: %"PRIx32, revents);
1196 return -EIO;
1197 }
1198
a315ac4e
LP		 1199 /* Try to get the right size, if we can. (Not all
1200 * sockets support SIOCINQ, hence we just try, but
1201 * don't rely on it. */
1202 (void) ioctl(fd, SIOCINQ, &v);
d025f1e4 1203
a315ac4e
LP		 1204 /* Fix it up, if it is too small. We use the same fixed value as auditd here. Awful! */
1205 m = PAGE_ALIGN(MAX3((size_t) v + 1,
1206 (size_t) LINE_MAX,
1207 ALIGN(sizeof(struct nlmsghdr)) + ALIGN((size_t) MAX_AUDIT_MESSAGE_LENGTH)) + 1);
d025f1e4 1208
a315ac4e
LP		 1209 if (!GREEDY_REALLOC(s->buffer, s->buffer_size, m))
1210 return log_oom();
875c2e22 1211
a315ac4e
LP		 1212 iovec.iov_base = s->buffer;
1213 iovec.iov_len = s->buffer_size - 1; /* Leave room for trailing NUL we add later */
d025f1e4 1214
a315ac4e
LP		 1215 n = recvmsg(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
1216 if (n < 0) {
1217 if (errno == EINTR || errno == EAGAIN)
1218 return 0;
875c2e22 1219
a315ac4e
LP		 1220 return log_error_errno(errno, "recvmsg() failed: %m");
1221 }
875c2e22 1222
a315ac4e
LP		 1223 CMSG_FOREACH(cmsg, &msghdr) {
1224
1225 if (cmsg->cmsg_level == SOL_SOCKET &&
1226 cmsg->cmsg_type == SCM_CREDENTIALS &&
1227 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
1228 ucred = (struct ucred*) CMSG_DATA(cmsg);
1229 else if (cmsg->cmsg_level == SOL_SOCKET &&
1230 cmsg->cmsg_type == SCM_SECURITY) {
1231 label = (char*) CMSG_DATA(cmsg);
1232 label_len = cmsg->cmsg_len - CMSG_LEN(0);
1233 } else if (cmsg->cmsg_level == SOL_SOCKET &&
1234 cmsg->cmsg_type == SO_TIMESTAMP &&
1235 cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval)))
1236 tv = (struct timeval*) CMSG_DATA(cmsg);
1237 else if (cmsg->cmsg_level == SOL_SOCKET &&
1238 cmsg->cmsg_type == SCM_RIGHTS) {
1239 fds = (int*) CMSG_DATA(cmsg);
1240 n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
d025f1e4 1241 }
a315ac4e 1242 }
d025f1e4 1243
a315ac4e
LP		 1244 /* And a trailing NUL, just in case */
1245 s->buffer[n] = 0;
1246
1247 if (fd == s->syslog_fd) {
1248 if (n > 0 && n_fds == 0)
1249 server_process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len);
1250 else if (n_fds > 0)
1251 log_warning("Got file descriptors via syslog socket. Ignoring.");
1252
1253 } else if (fd == s->native_fd) {
1254 if (n > 0 && n_fds == 0)
1255 server_process_native_message(s, s->buffer, n, ucred, tv, label, label_len);
1256 else if (n == 0 && n_fds == 1)
1257 server_process_native_file(s, fds[0], ucred, tv, label, label_len);
1258 else if (n_fds > 0)
1259 log_warning("Got too many file descriptors via native socket. Ignoring.");
1260
1261 } else {
1262 assert(fd == s->audit_fd);
1263
1264 if (n > 0 && n_fds == 0)
1265 server_process_audit_message(s, s->buffer, n, ucred, &sa, msghdr.msg_namelen);
1266 else if (n_fds > 0)
1267 log_warning("Got file descriptors via audit socket. Ignoring.");
f9a810be 1268 }
a315ac4e
LP		 1269
1270 close_many(fds, n_fds);
1271 return 0;
f9a810be 1272}
d025f1e4 1273
f9a810be
LP		 1274static int dispatch_sigusr1(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1275 Server *s = userdata;
33d52ab9 1276 int r;
d025f1e4 1277
f9a810be 1278 assert(s);
d025f1e4 1279
94b65516 1280 log_info("Received request to flush runtime journal from PID " PID_FMT, si->ssi_pid);
d025f1e4 1281
f9a810be
LP		 1282 server_flush_to_var(s);
1283 server_sync(s);
8580d1f7 1284 server_vacuum(s, false, false);
d025f1e4 1285
33d52ab9
LP		 1286 r = touch("/run/systemd/journal/flushed");
1287 if (r < 0)
1288 log_warning_errno(r, "Failed to touch /run/systemd/journal/flushed, ignoring: %m");
74055aa7 1289
f9a810be
LP		 1290 return 0;
1291}
d025f1e4 1292
f9a810be
LP		 1293static int dispatch_sigusr2(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1294 Server *s = userdata;
33d52ab9 1295 int r;
d025f1e4 1296
f9a810be 1297 assert(s);
d025f1e4 1298
94b65516 1299 log_info("Received request to rotate journal from PID " PID_FMT, si->ssi_pid);
f9a810be 1300 server_rotate(s);
8580d1f7 1301 server_vacuum(s, true, true);
d025f1e4 1302
dbd6e31c 1303 /* Let clients know when the most recent rotation happened. */
33d52ab9
LP		 1304 r = write_timestamp_file_atomic("/run/systemd/journal/rotated", now(CLOCK_MONOTONIC));
1305 if (r < 0)
1306 log_warning_errno(r, "Failed to write /run/systemd/journal/rotated, ignoring: %m");
dbd6e31c 1307
f9a810be
LP		 1308 return 0;
1309}
d025f1e4 1310
f9a810be
LP		 1311static int dispatch_sigterm(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1312 Server *s = userdata;
d025f1e4 1313
f9a810be 1314 assert(s);
d025f1e4 1315
4daf54a8 1316 log_received_signal(LOG_INFO, si);
d025f1e4 1317
6203e07a 1318 sd_event_exit(s->event, 0);
d025f1e4
ZJS		 1319 return 0;
1320}
1321
94b65516
LP		 1322static int dispatch_sigrtmin1(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1323 Server *s = userdata;
33d52ab9 1324 int r;
94b65516
LP		 1325
1326 assert(s);
1327
1328 log_debug("Received request to sync from PID " PID_FMT, si->ssi_pid);
1329
1330 server_sync(s);
1331
1332 /* Let clients know when the most recent sync happened. */
33d52ab9
LP		 1333 r = write_timestamp_file_atomic("/run/systemd/journal/synced", now(CLOCK_MONOTONIC));
1334 if (r < 0)
1335 log_warning_errno(r, "Failed to write /run/systemd/journal/synced, ignoring: %m");
94b65516
LP		 1336
1337 return 0;
1338}
1339
f9a810be 1340static int setup_signals(Server *s) {
f9a810be 1341 int r;
d025f1e4
ZJS		 1342
1343 assert(s);
1344
94b65516 1345 assert(sigprocmask_many(SIG_SETMASK, NULL, SIGINT, SIGTERM, SIGUSR1, SIGUSR2, SIGRTMIN+1, -1) >= 0);
d025f1e4 1346
151b9b96 1347 r = sd_event_add_signal(s->event, &s->sigusr1_event_source, SIGUSR1, dispatch_sigusr1, s);
f9a810be
LP		 1348 if (r < 0)
1349 return r;
1350
151b9b96 1351 r = sd_event_add_signal(s->event, &s->sigusr2_event_source, SIGUSR2, dispatch_sigusr2, s);
f9a810be
LP		 1352 if (r < 0)
1353 return r;
d025f1e4 1354
151b9b96 1355 r = sd_event_add_signal(s->event, &s->sigterm_event_source, SIGTERM, dispatch_sigterm, s);
f9a810be
LP		 1356 if (r < 0)
1357 return r;
d025f1e4 1358
b374689c
LP		 1359 /* Let's process SIGTERM late, so that we flush all queued
1360 * messages to disk before we exit */
1361 r = sd_event_source_set_priority(s->sigterm_event_source, SD_EVENT_PRIORITY_NORMAL+20);
1362 if (r < 0)
1363 return r;
1364
1365 /* When journald is invoked on the terminal (when debugging),
1366 * it's useful if C-c is handled equivalent to SIGTERM. */
151b9b96 1367 r = sd_event_add_signal(s->event, &s->sigint_event_source, SIGINT, dispatch_sigterm, s);
f9a810be
LP		 1368 if (r < 0)
1369 return r;
d025f1e4 1370
b374689c
LP		 1371 r = sd_event_source_set_priority(s->sigint_event_source, SD_EVENT_PRIORITY_NORMAL+20);
1372 if (r < 0)
1373 return r;
1374
94b65516
LP		 1375 /* SIGRTMIN+1 causes an immediate sync. We process this very
1376 * late, so that everything else queued at this point is
1377 * really written to disk. Clients can watch
1378 * /run/systemd/journal/synced with inotify until its mtime
1379 * changes to see when a sync happened. */
1380 r = sd_event_add_signal(s->event, &s->sigrtmin1_event_source, SIGRTMIN+1, dispatch_sigrtmin1, s);
1381 if (r < 0)
1382 return r;
1383
1384 r = sd_event_source_set_priority(s->sigrtmin1_event_source, SD_EVENT_PRIORITY_NORMAL+15);
1385 if (r < 0)
1386 return r;
1387
d025f1e4
ZJS		 1388 return 0;
1389}
1390
1391static int server_parse_proc_cmdline(Server *s) {
7fd1b19b 1392 _cleanup_free_ char *line = NULL;
d581d9d9 1393 const char *p;
74df0fca 1394 int r;
d025f1e4 1395
74df0fca 1396 r = proc_cmdline(&line);
b5884878 1397 if (r < 0) {
da927ba9 1398 log_warning_errno(r, "Failed to read /proc/cmdline, ignoring: %m");
d025f1e4 1399 return 0;
b5884878 1400 }
d025f1e4 1401
d581d9d9
SS		 1402 p = line;
1403 for(;;) {
ff82c36c 1404 _cleanup_free_ char *word = NULL;
d025f1e4 1405
d581d9d9
SS		 1406 r = extract_first_word(&p, &word, NULL, 0);
1407 if (r < 0)
1408 return log_error_errno(r, "Failed to parse journald syntax \"%s\": %m", line);
1409
1410 if (r == 0)
1411 break;
d025f1e4
ZJS		 1412
1413 if (startswith(word, "systemd.journald.forward_to_syslog=")) {
1414 r = parse_boolean(word + 35);
1415 if (r < 0)
1416 log_warning("Failed to parse forward to syslog switch %s. Ignoring.", word + 35);
1417 else
1418 s->forward_to_syslog = r;
1419 } else if (startswith(word, "systemd.journald.forward_to_kmsg=")) {
1420 r = parse_boolean(word + 33);
1421 if (r < 0)
1422 log_warning("Failed to parse forward to kmsg switch %s. Ignoring.", word + 33);
1423 else
1424 s->forward_to_kmsg = r;
1425 } else if (startswith(word, "systemd.journald.forward_to_console=")) {
1426 r = parse_boolean(word + 36);
1427 if (r < 0)
1428 log_warning("Failed to parse forward to console switch %s. Ignoring.", word + 36);
1429 else
1430 s->forward_to_console = r;
40b71e89
ST		 1431 } else if (startswith(word, "systemd.journald.forward_to_wall=")) {
1432 r = parse_boolean(word + 33);
1433 if (r < 0)
1434 log_warning("Failed to parse forward to wall switch %s. Ignoring.", word + 33);
1435 else
1436 s->forward_to_wall = r;
d025f1e4
ZJS		 1437 } else if (startswith(word, "systemd.journald"))
1438 log_warning("Invalid systemd.journald parameter. Ignoring.");
d025f1e4
ZJS		 1439 }
1440
804ae586 1441 /* do not warn about state here, since probably systemd already did */
db91ea32 1442 return 0;
d025f1e4
ZJS		 1443}
1444
1445static int server_parse_config_file(Server *s) {
d025f1e4
ZJS		 1446 assert(s);
1447
75eb6154
LP		 1448 return config_parse_many(PKGSYSCONFDIR "/journald.conf",
1449 CONF_PATHS_NULSTR("systemd/journald.conf.d"),
a9edaeff
JT		 1450 "Journal\0",
1451 config_item_perf_lookup, journald_gperf_lookup,
1452 false, s);
d025f1e4
ZJS		 1453}
1454
f9a810be
LP		 1455static int server_dispatch_sync(sd_event_source *es, usec_t t, void *userdata) {
1456 Server *s = userdata;
26687bf8
OS		 1457
1458 assert(s);
1459
f9a810be 1460 server_sync(s);
26687bf8
OS		 1461 return 0;
1462}
1463
d07f7b9e 1464int server_schedule_sync(Server *s, int priority) {
26687bf8
OS		 1465 int r;
1466
26687bf8
OS		 1467 assert(s);
1468
d07f7b9e
LP		 1469 if (priority <= LOG_CRIT) {
1470 /* Immediately sync to disk when this is of priority CRIT, ALERT, EMERG */
1471 server_sync(s);
1472 return 0;
1473 }
1474
26687bf8
OS		 1475 if (s->sync_scheduled)
1476 return 0;
1477
f9a810be
LP		 1478 if (s->sync_interval_usec > 0) {
1479 usec_t when;
ca267016 1480
6a0f1f6d 1481 r = sd_event_now(s->event, CLOCK_MONOTONIC, &when);
f9a810be
LP		 1482 if (r < 0)
1483 return r;
26687bf8 1484
f9a810be
LP		 1485 when += s->sync_interval_usec;
1486
1487 if (!s->sync_event_source) {
6a0f1f6d
LP		 1488 r = sd_event_add_time(
1489 s->event,
1490 &s->sync_event_source,
1491 CLOCK_MONOTONIC,
1492 when, 0,
1493 server_dispatch_sync, s);
f9a810be
LP		 1494 if (r < 0)
1495 return r;
1496
1497 r = sd_event_source_set_priority(s->sync_event_source, SD_EVENT_PRIORITY_IMPORTANT);
1498 } else {
1499 r = sd_event_source_set_time(s->sync_event_source, when);
1500 if (r < 0)
1501 return r;
1502
1503 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_ONESHOT);
1504 }
26687bf8 1505 if (r < 0)
f9a810be 1506 return r;
26687bf8 1507
f9a810be
LP		 1508 s->sync_scheduled = true;
1509 }
26687bf8
OS		 1510
1511 return 0;
1512}
1513
0c24bb23
LP		 1514static int dispatch_hostname_change(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
1515 Server *s = userdata;
1516
1517 assert(s);
1518
1519 server_cache_hostname(s);
1520 return 0;
1521}
1522
1523static int server_open_hostname(Server *s) {
1524 int r;
1525
1526 assert(s);
1527
1528 s->hostname_fd = open("/proc/sys/kernel/hostname", O_RDONLY|O_CLOEXEC|O_NDELAY|O_NOCTTY);
4a62c710
MS		 1529 if (s->hostname_fd < 0)
1530 return log_error_errno(errno, "Failed to open /proc/sys/kernel/hostname: %m");
0c24bb23 1531
151b9b96 1532 r = sd_event_add_io(s->event, &s->hostname_event_source, s->hostname_fd, 0, dispatch_hostname_change, s);
0c24bb23 1533 if (r < 0) {
28def94c
DR		 1534 /* kernels prior to 3.2 don't support polling this file. Ignore
1535 * the failure. */
1536 if (r == -EPERM) {
e53fc357 1537 log_warning_errno(r, "Failed to register hostname fd in event loop, ignoring: %m");
03e334a1 1538 s->hostname_fd = safe_close(s->hostname_fd);
28def94c
DR		 1539 return 0;
1540 }
1541
23bbb0de 1542 return log_error_errno(r, "Failed to register hostname fd in event loop: %m");
0c24bb23
LP		 1543 }
1544
1545 r = sd_event_source_set_priority(s->hostname_event_source, SD_EVENT_PRIORITY_IMPORTANT-10);
23bbb0de
MS		 1546 if (r < 0)
1547 return log_error_errno(r, "Failed to adjust priority of host name event source: %m");
0c24bb23
LP		 1548
1549 return 0;
1550}
1551
e22aa3d3
LP		 1552static int dispatch_notify_event(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
1553 Server *s = userdata;
1554 int r;
1555
1556 assert(s);
1557 assert(s->notify_event_source == es);
1558 assert(s->notify_fd == fd);
1559
e22aa3d3 1560 /* The $NOTIFY_SOCKET is writable again, now send exactly one
119e9655
LP		 1561 * message on it. Either it's the wtachdog event, the initial
1562 * READY=1 event or an stdout stream event. If there's nothing
1563 * to write anymore, turn our event source off. The next time
1564 * there's something to send it will be turned on again. */
e22aa3d3
LP		 1565
1566 if (!s->sent_notify_ready) {
1567 static const char p[] =
1568 "READY=1\n"
1569 "STATUS=Processing requests...";
1570 ssize_t l;
1571
1572 l = send(s->notify_fd, p, strlen(p), MSG_DONTWAIT);
1573 if (l < 0) {
1574 if (errno == EAGAIN)
1575 return 0;
1576
1577 return log_error_errno(errno, "Failed to send READY=1 notification message: %m");
1578 }
1579
1580 s->sent_notify_ready = true;
1581 log_debug("Sent READY=1 notification.");
1582
119e9655
LP		 1583 } else if (s->send_watchdog) {
1584
1585 static const char p[] =
1586 "WATCHDOG=1";
1587
1588 ssize_t l;
1589
1590 l = send(s->notify_fd, p, strlen(p), MSG_DONTWAIT);
1591 if (l < 0) {
1592 if (errno == EAGAIN)
1593 return 0;
1594
1595 return log_error_errno(errno, "Failed to send WATCHDOG=1 notification message: %m");
1596 }
1597
1598 s->send_watchdog = false;
1599 log_debug("Sent WATCHDOG=1 notification.");
1600
e22aa3d3
LP		 1601 } else if (s->stdout_streams_notify_queue)
1602 /* Dispatch one stream notification event */
1603 stdout_stream_send_notify(s->stdout_streams_notify_queue);
1604
1605 /* Leave us enabled if there's still more to to do. */
119e9655 1606 if (s->send_watchdog || s->stdout_streams_notify_queue)
e22aa3d3
LP		 1607 return 0;
1608
1609 /* There was nothing to do anymore, let's turn ourselves off. */
1610 r = sd_event_source_set_enabled(es, SD_EVENT_OFF);
1611 if (r < 0)
1612 return log_error_errno(r, "Failed to turn off notify event source: %m");
1613
1614 return 0;
1615}
1616
119e9655
LP		 1617static int dispatch_watchdog(sd_event_source *es, uint64_t usec, void *userdata) {
1618 Server *s = userdata;
1619 int r;
1620
1621 assert(s);
1622
1623 s->send_watchdog = true;
1624
1625 r = sd_event_source_set_enabled(s->notify_event_source, SD_EVENT_ON);
1626 if (r < 0)
1627 log_warning_errno(r, "Failed to turn on notify event source: %m");
1628
1629 r = sd_event_source_set_time(s->watchdog_event_source, usec + s->watchdog_usec / 2);
1630 if (r < 0)
1631 return log_error_errno(r, "Failed to restart watchdog event source: %m");
1632
1633 r = sd_event_source_set_enabled(s->watchdog_event_source, SD_EVENT_ON);
1634 if (r < 0)
1635 return log_error_errno(r, "Failed to enable watchdog event source: %m");
1636
1637 return 0;
1638}
1639
e22aa3d3
LP		 1640static int server_connect_notify(Server *s) {
1641 union sockaddr_union sa = {
1642 .un.sun_family = AF_UNIX,
1643 };
1644 const char *e;
1645 int r;
1646
1647 assert(s);
1648 assert(s->notify_fd < 0);
1649 assert(!s->notify_event_source);
1650
1651 /*
1652 So here's the problem: we'd like to send notification
1653 messages to PID 1, but we cannot do that via sd_notify(),
1654 since that's synchronous, and we might end up blocking on
1655 it. Specifically: given that PID 1 might block on
1656 dbus-daemon during IPC, and dbus-daemon is logging to us,
1657 and might hence block on us, we might end up in a deadlock
1658 if we block on sending PID 1 notification messages -- by
1659 generating a full blocking circle. To avoid this, let's
1660 create a non-blocking socket, and connect it to the
1661 notification socket, and then wait for POLLOUT before we
1662 send anything. This should efficiently avoid any deadlocks,
1663 as we'll never block on PID 1, hence PID 1 can safely block
1664 on dbus-daemon which can safely block on us again.
1665
1666 Don't think that this issue is real? It is, see:
1667 https://github.com/systemd/systemd/issues/1505
1668 */
1669
1670 e = getenv("NOTIFY_SOCKET");
1671 if (!e)
1672 return 0;
1673
1674 if ((e[0] != '@' && e[0] != '/') || e[1] == 0) {
1675 log_error("NOTIFY_SOCKET set to an invalid value: %s", e);
1676 return -EINVAL;
1677 }
1678
1679 if (strlen(e) > sizeof(sa.un.sun_path)) {
1680 log_error("NOTIFY_SOCKET path too long: %s", e);
1681 return -EINVAL;
1682 }
1683
1684 s->notify_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
1685 if (s->notify_fd < 0)
1686 return log_error_errno(errno, "Failed to create notify socket: %m");
1687
1688 (void) fd_inc_sndbuf(s->notify_fd, NOTIFY_SNDBUF_SIZE);
1689
1690 strncpy(sa.un.sun_path, e, sizeof(sa.un.sun_path));
1691 if (sa.un.sun_path[0] == '@')
1692 sa.un.sun_path[0] = 0;
1693
1694 r = connect(s->notify_fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(e));
1695 if (r < 0)
1696 return log_error_errno(errno, "Failed to connect to notify socket: %m");
1697
1698 r = sd_event_add_io(s->event, &s->notify_event_source, s->notify_fd, EPOLLOUT, dispatch_notify_event, s);
1699 if (r < 0)
1700 return log_error_errno(r, "Failed to watch notification socket: %m");
1701
119e9655
LP		 1702 if (sd_watchdog_enabled(false, &s->watchdog_usec) > 0) {
1703 s->send_watchdog = true;
1704
4de2402b 1705 r = sd_event_add_time(s->event, &s->watchdog_event_source, CLOCK_MONOTONIC, now(CLOCK_MONOTONIC) + s->watchdog_usec/2, s->watchdog_usec/4, dispatch_watchdog, s);
119e9655
LP		 1706 if (r < 0)
1707 return log_error_errno(r, "Failed to add watchdog time event: %m");
1708 }
1709
e22aa3d3
LP		 1710 /* This should fire pretty soon, which we'll use to send the
1711 * READY=1 event. */
1712
1713 return 0;
1714}
1715
d025f1e4 1716int server_init(Server *s) {
13790add 1717 _cleanup_fdset_free_ FDSet *fds = NULL;
d025f1e4 1718 int n, r, fd;
7d18d348 1719 bool no_sockets;
d025f1e4
ZJS		 1720
1721 assert(s);
1722
1723 zero(*s);
e22aa3d3 1724 s->syslog_fd = s->native_fd = s->stdout_fd = s->dev_kmsg_fd = s->audit_fd = s->hostname_fd = s->notify_fd = -1;
d025f1e4
ZJS		 1725 s->compress = true;
1726 s->seal = true;
1727
119e9655
LP		 1728 s->watchdog_usec = USEC_INFINITY;
1729
26687bf8
OS		 1730 s->sync_interval_usec = DEFAULT_SYNC_INTERVAL_USEC;
1731 s->sync_scheduled = false;
1732
d025f1e4
ZJS		 1733 s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL;
1734 s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST;
1735
40b71e89 1736 s->forward_to_wall = true;
d025f1e4 1737
e150e820
MB		 1738 s->max_file_usec = DEFAULT_MAX_FILE_USEC;
1739
d025f1e4
ZJS		 1740 s->max_level_store = LOG_DEBUG;
1741 s->max_level_syslog = LOG_DEBUG;
1742 s->max_level_kmsg = LOG_NOTICE;
1743 s->max_level_console = LOG_INFO;
40b71e89 1744 s->max_level_wall = LOG_EMERG;
d025f1e4 1745
8580d1f7
LP		 1746 journal_reset_metrics(&s->system_metrics);
1747 journal_reset_metrics(&s->runtime_metrics);
d025f1e4
ZJS		 1748
1749 server_parse_config_file(s);
1750 server_parse_proc_cmdline(s);
8580d1f7 1751
d288f79f 1752 if (!!s->rate_limit_interval ^ !!s->rate_limit_burst) {
b1389b0d
ZJS		 1753 log_debug("Setting both rate limit interval and burst from "USEC_FMT",%u to 0,0",
1754 s->rate_limit_interval, s->rate_limit_burst);
d288f79f
ZJS		 1755 s->rate_limit_interval = s->rate_limit_burst = 0;
1756 }
d025f1e4 1757
8580d1f7 1758 (void) mkdir_p("/run/systemd/journal", 0755);
d025f1e4 1759
43cf8388 1760 s->user_journals = ordered_hashmap_new(NULL);
d025f1e4
ZJS		 1761 if (!s->user_journals)
1762 return log_oom();
1763
1764 s->mmap = mmap_cache_new();
1765 if (!s->mmap)
1766 return log_oom();
1767
f9a810be 1768 r = sd_event_default(&s->event);
23bbb0de
MS		 1769 if (r < 0)
1770 return log_error_errno(r, "Failed to create event loop: %m");
d025f1e4
ZJS		 1771
1772 n = sd_listen_fds(true);
23bbb0de
MS		 1773 if (n < 0)
1774 return log_error_errno(n, "Failed to read listening file descriptors from environment: %m");
d025f1e4
ZJS		 1775
1776 for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
1777
1778 if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/socket", 0) > 0) {
1779
1780 if (s->native_fd >= 0) {
1781 log_error("Too many native sockets passed.");
1782 return -EINVAL;
1783 }
1784
1785 s->native_fd = fd;
1786
1787 } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, "/run/systemd/journal/stdout", 0) > 0) {
1788
1789 if (s->stdout_fd >= 0) {
1790 log_error("Too many stdout sockets passed.");
1791 return -EINVAL;
1792 }
1793
1794 s->stdout_fd = fd;
1795
03ee5c38
LP		 1796 } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0 ||
1797 sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/dev-log", 0) > 0) {
d025f1e4
ZJS		 1798
1799 if (s->syslog_fd >= 0) {
1800 log_error("Too many /dev/log sockets passed.");
1801 return -EINVAL;
1802 }
1803
1804 s->syslog_fd = fd;
1805
875c2e22
LP		 1806 } else if (sd_is_socket(fd, AF_NETLINK, SOCK_RAW, -1) > 0) {
1807
1808 if (s->audit_fd >= 0) {
1809 log_error("Too many audit sockets passed.");
1810 return -EINVAL;
1811 }
1812
1813 s->audit_fd = fd;
1814
4ec3cd73 1815 } else {
4ec3cd73 1816
13790add
LP		 1817 if (!fds) {
1818 fds = fdset_new();
1819 if (!fds)
1820 return log_oom();
1821 }
4ec3cd73 1822
13790add
LP		 1823 r = fdset_put(fds, fd);
1824 if (r < 0)
1825 return log_oom();
4ec3cd73 1826 }
d025f1e4
ZJS		 1827 }
1828
15d91bff
ZJS		 1829 /* Try to restore streams, but don't bother if this fails */
1830 (void) server_restore_streams(s, fds);
d025f1e4 1831
13790add
LP		 1832 if (fdset_size(fds) > 0) {
1833 log_warning("%u unknown file descriptors passed, closing.", fdset_size(fds));
1834 fds = fdset_free(fds);
1835 }
1836
7d18d348
ZJS		 1837 no_sockets = s->native_fd < 0 && s->stdout_fd < 0 && s->syslog_fd < 0 && s->audit_fd < 0;
1838
1839 /* always open stdout, syslog, native, and kmsg sockets */
37b7affe
ZJS		 1840
1841 /* systemd-journald.socket: /run/systemd/journal/stdout */
15d91bff
ZJS		 1842 r = server_open_stdout_socket(s);
1843 if (r < 0)
1844 return r;
1845
37b7affe 1846 /* systemd-journald-dev-log.socket: /run/systemd/journal/dev-log */
13790add 1847 r = server_open_syslog_socket(s);
d025f1e4
ZJS		 1848 if (r < 0)
1849 return r;
1850
37b7affe 1851 /* systemd-journald.socket: /run/systemd/journal/socket */
13790add 1852 r = server_open_native_socket(s);
d025f1e4
ZJS		 1853 if (r < 0)
1854 return r;
1855
37b7affe 1856 /* /dev/ksmg */
d025f1e4
ZJS		 1857 r = server_open_dev_kmsg(s);
1858 if (r < 0)
1859 return r;
1860
7d18d348
ZJS		 1861 /* Unless we got *some* sockets and not audit, open audit socket */
1862 if (s->audit_fd >= 0 || no_sockets) {
1863 r = server_open_audit(s);
1864 if (r < 0)
1865 return r;
1866 }
875c2e22 1867
d025f1e4
ZJS		 1868 r = server_open_kernel_seqnum(s);
1869 if (r < 0)
1870 return r;
1871
0c24bb23
LP		 1872 r = server_open_hostname(s);
1873 if (r < 0)
1874 return r;
1875
f9a810be 1876 r = setup_signals(s);
d025f1e4
ZJS		 1877 if (r < 0)
1878 return r;
1879
1880 s->udev = udev_new();
1881 if (!s->udev)
1882 return -ENOMEM;
1883
f9a810be 1884 s->rate_limit = journal_rate_limit_new(s->rate_limit_interval, s->rate_limit_burst);
d025f1e4
ZJS		 1885 if (!s->rate_limit)
1886 return -ENOMEM;
1887
e9174f29
LP		 1888 r = cg_get_root_path(&s->cgroup_root);
1889 if (r < 0)
1890 return r;
1891
0c24bb23
LP		 1892 server_cache_hostname(s);
1893 server_cache_boot_id(s);
1894 server_cache_machine_id(s);
1895
e22aa3d3
LP		 1896 (void) server_connect_notify(s);
1897
804ae586 1898 return system_journal_open(s, false);
d025f1e4
ZJS		 1899}
1900
1901void server_maybe_append_tags(Server *s) {
1902#ifdef HAVE_GCRYPT
1903 JournalFile *f;
1904 Iterator i;
1905 usec_t n;
1906
1907 n = now(CLOCK_REALTIME);
1908
1909 if (s->system_journal)
1910 journal_file_maybe_append_tag(s->system_journal, n);
1911
43cf8388 1912 ORDERED_HASHMAP_FOREACH(f, s->user_journals, i)
d025f1e4
ZJS		 1913 journal_file_maybe_append_tag(f, n);
1914#endif
1915}
1916
1917void server_done(Server *s) {
1918 JournalFile *f;
1919 assert(s);
1920
1921 while (s->stdout_streams)
1922 stdout_stream_free(s->stdout_streams);
1923
1924 if (s->system_journal)
1925 journal_file_close(s->system_journal);
1926
1927 if (s->runtime_journal)
1928 journal_file_close(s->runtime_journal);
1929
43cf8388 1930 while ((f = ordered_hashmap_steal_first(s->user_journals)))
d025f1e4
ZJS		 1931 journal_file_close(f);
1932
43cf8388 1933 ordered_hashmap_free(s->user_journals);
d025f1e4 1934
f9a810be
LP		 1935 sd_event_source_unref(s->syslog_event_source);
1936 sd_event_source_unref(s->native_event_source);
1937 sd_event_source_unref(s->stdout_event_source);
1938 sd_event_source_unref(s->dev_kmsg_event_source);
875c2e22 1939 sd_event_source_unref(s->audit_event_source);
f9a810be
LP		 1940 sd_event_source_unref(s->sync_event_source);
1941 sd_event_source_unref(s->sigusr1_event_source);
1942 sd_event_source_unref(s->sigusr2_event_source);
1943 sd_event_source_unref(s->sigterm_event_source);
1944 sd_event_source_unref(s->sigint_event_source);
94b65516 1945 sd_event_source_unref(s->sigrtmin1_event_source);
0c24bb23 1946 sd_event_source_unref(s->hostname_event_source);
e22aa3d3 1947 sd_event_source_unref(s->notify_event_source);
119e9655 1948 sd_event_source_unref(s->watchdog_event_source);
f9a810be 1949 sd_event_unref(s->event);
d025f1e4 1950
03e334a1
LP		 1951 safe_close(s->syslog_fd);
1952 safe_close(s->native_fd);
1953 safe_close(s->stdout_fd);
1954 safe_close(s->dev_kmsg_fd);
875c2e22 1955 safe_close(s->audit_fd);
03e334a1 1956 safe_close(s->hostname_fd);
e22aa3d3 1957 safe_close(s->notify_fd);
0c24bb23 1958
d025f1e4
ZJS		 1959 if (s->rate_limit)
1960 journal_rate_limit_free(s->rate_limit);
1961
1962 if (s->kernel_seqnum)
1963 munmap(s->kernel_seqnum, sizeof(uint64_t));
1964
1965 free(s->buffer);
1966 free(s->tty_path);
e9174f29 1967 free(s->cgroup_root);
99d0966e 1968 free(s->hostname_field);
d025f1e4
ZJS		 1969
1970 if (s->mmap)
1971 mmap_cache_unref(s->mmap);
1972
3e044c49 1973 udev_unref(s->udev);
d025f1e4 1974}
8580d1f7
LP		 1975
1976static const char* const storage_table[_STORAGE_MAX] = {
1977 [STORAGE_AUTO] = "auto",
1978 [STORAGE_VOLATILE] = "volatile",
1979 [STORAGE_PERSISTENT] = "persistent",
1980 [STORAGE_NONE] = "none"
1981};
1982
1983DEFINE_STRING_TABLE_LOOKUP(storage, Storage);
1984DEFINE_CONFIG_PARSE_ENUM(config_parse_storage, storage, Storage, "Failed to parse storage setting");
1985
1986static const char* const split_mode_table[_SPLIT_MAX] = {
1987 [SPLIT_LOGIN] = "login",
1988 [SPLIT_UID] = "uid",
1989 [SPLIT_NONE] = "none",
1990};
1991
1992DEFINE_STRING_TABLE_LOOKUP(split_mode, SplitMode);
1993DEFINE_CONFIG_PARSE_ENUM(config_parse_split_mode, split_mode, SplitMode, "Failed to parse split mode setting");
Unnamed repository; edit this file 'description' to name the repository.