]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/journal/journald-server.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #1783 from vcaputo/still_make_progress_when_throttling
[thirdparty/systemd.git] / src / journal / journald-server.c
CommitLineData
d025f1e4
ZJS		 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3/***
4 This file is part of systemd.
5
6 Copyright 2011 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
24882e06
LP		 22#ifdef HAVE_SELINUX
23#include <selinux/selinux.h>
24#endif
8580d1f7
LP		 25#include <sys/ioctl.h>
26#include <sys/mman.h>
27#include <sys/signalfd.h>
28#include <sys/statvfs.h>
07630cea 29#include <linux/sockios.h>
24882e06 30
8580d1f7
LP		 31#include "libudev.h"
32#include "sd-daemon.h"
74df0fca
LP		 33#include "sd-journal.h"
34#include "sd-messages.h"
8580d1f7
LP		 35
36#include "acl-util.h"
b5efdb8a 37#include "alloc-util.h"
430f0182 38#include "audit-util.h"
d025f1e4 39#include "cgroup-util.h"
d025f1e4 40#include "conf-parser.h"
a0956174 41#include "dirent-util.h"
0dec689b 42#include "extract-word.h"
3ffd4af2 43#include "fd-util.h"
958b66ea 44#include "formats-util.h"
f4f15635 45#include "fs-util.h"
8580d1f7 46#include "hashmap.h"
958b66ea 47#include "hostname-util.h"
afc5dbf3 48#include "io-util.h"
8580d1f7
LP		 49#include "journal-authenticate.h"
50#include "journal-file.h"
d025f1e4
ZJS		 51#include "journal-internal.h"
52#include "journal-vacuum.h"
8580d1f7 53#include "journald-audit.h"
d025f1e4 54#include "journald-kmsg.h"
d025f1e4 55#include "journald-native.h"
8580d1f7 56#include "journald-rate-limit.h"
3ffd4af2 57#include "journald-server.h"
8580d1f7
LP		 58#include "journald-stream.h"
59#include "journald-syslog.h"
07630cea
LP		 60#include "missing.h"
61#include "mkdir.h"
6bedfcbb 62#include "parse-util.h"
4e731273 63#include "proc-cmdline.h"
07630cea
LP		 64#include "process-util.h"
65#include "rm-rf.h"
66#include "selinux-util.h"
67#include "signal-util.h"
68#include "socket-util.h"
8b43440b 69#include "string-table.h"
07630cea 70#include "string-util.h"
d025f1e4 71
d025f1e4
ZJS		 72#define USER_JOURNALS_MAX 1024
73
26687bf8 74#define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
7f1ad696
LP		 75#define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC)
76#define DEFAULT_RATE_LIMIT_BURST 1000
e150e820 77#define DEFAULT_MAX_FILE_USEC USEC_PER_MONTH
d025f1e4 78
8580d1f7 79#define RECHECK_SPACE_USEC (30*USEC_PER_SEC)
d025f1e4 80
e22aa3d3
LP		 81#define NOTIFY_SNDBUF_SIZE (8*1024*1024)
82
8580d1f7
LP		 83static int determine_space_for(
84 Server *s,
85 JournalMetrics *metrics,
86 const char *path,
87 const char *name,
88 bool verbose,
89 bool patch_min_use,
90 uint64_t *available,
91 uint64_t *limit) {
92
93 uint64_t sum = 0, ss_avail, avail;
7fd1b19b 94 _cleanup_closedir_ DIR *d = NULL;
8580d1f7
LP		 95 struct dirent *de;
96 struct statvfs ss;
97 const char *p;
d025f1e4 98 usec_t ts;
d025f1e4 99
8580d1f7
LP		 100 assert(s);
101 assert(metrics);
102 assert(path);
103 assert(name);
d025f1e4 104
8580d1f7 105 ts = now(CLOCK_MONOTONIC);
d025f1e4 106
8580d1f7 107 if (!verbose && s->cached_space_timestamp + RECHECK_SPACE_USEC > ts) {
d025f1e4 108
8580d1f7
LP		 109 if (available)
110 *available = s->cached_space_available;
111 if (limit)
112 *limit = s->cached_space_limit;
d025f1e4 113
d025f1e4 114 return 0;
8580d1f7 115 }
d025f1e4 116
8580d1f7 117 p = strjoina(path, SERVER_MACHINE_ID(s));
d025f1e4 118 d = opendir(p);
d025f1e4 119 if (!d)
8580d1f7 120 return log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, errno, "Failed to open %s: %m", p);
d025f1e4
ZJS		 121
122 if (fstatvfs(dirfd(d), &ss) < 0)
8580d1f7 123 return log_error_errno(errno, "Failed to fstatvfs(%s): %m", p);
d025f1e4 124
8580d1f7 125 FOREACH_DIRENT_ALL(de, d, break) {
d025f1e4 126 struct stat st;
d025f1e4
ZJS		 127
128 if (!endswith(de->d_name, ".journal") &&
129 !endswith(de->d_name, ".journal~"))
130 continue;
131
8580d1f7
LP		 132 if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
133 log_debug_errno(errno, "Failed to stat %s/%s, ignoring: %m", p, de->d_name);
d025f1e4 134 continue;
8580d1f7 135 }
d025f1e4
ZJS		 136
137 if (!S_ISREG(st.st_mode))
138 continue;
139
140 sum += (uint64_t) st.st_blocks * 512UL;
141 }
142
8580d1f7
LP		 143 /* If request, then let's bump the min_use limit to the
144 * current usage on disk. We do this when starting up and
145 * first opening the journal files. This way sudden spikes in
146 * disk usage will not cause journald to vacuum files without
147 * bounds. Note that this means that only a restart of
148 * journald will make it reset this value. */
d025f1e4 149
8580d1f7
LP		 150 if (patch_min_use)
151 metrics->min_use = MAX(metrics->min_use, sum);
348ced90 152
8580d1f7
LP		 153 ss_avail = ss.f_bsize * ss.f_bavail;
154 avail = LESS_BY(ss_avail, metrics->keep_free);
348ced90 155
8580d1f7
LP		 156 s->cached_space_limit = MIN(MAX(sum + avail, metrics->min_use), metrics->max_use);
157 s->cached_space_available = LESS_BY(s->cached_space_limit, sum);
158 s->cached_space_timestamp = ts;
d025f1e4 159
670b110c
ZJS		 160 if (verbose) {
161 char fb1[FORMAT_BYTES_MAX], fb2[FORMAT_BYTES_MAX], fb3[FORMAT_BYTES_MAX],
8580d1f7 162 fb4[FORMAT_BYTES_MAX], fb5[FORMAT_BYTES_MAX], fb6[FORMAT_BYTES_MAX];
670b110c
ZJS		 163
164 server_driver_message(s, SD_MESSAGE_JOURNAL_USAGE,
8580d1f7 165 "%s (%s) is currently using %s.\n"
da2e288b
LP		 166 "Maximum allowed usage is set to %s.\n"
167 "Leaving at least %s free (of currently available %s of space).\n"
8580d1f7
LP		 168 "Enforced usage limit is thus %s, of which %s are still available.",
169 name, path,
670b110c 170 format_bytes(fb1, sizeof(fb1), sum),
8580d1f7
LP		 171 format_bytes(fb2, sizeof(fb2), metrics->max_use),
172 format_bytes(fb3, sizeof(fb3), metrics->keep_free),
670b110c 173 format_bytes(fb4, sizeof(fb4), ss_avail),
8580d1f7
LP		 174 format_bytes(fb5, sizeof(fb5), s->cached_space_limit),
175 format_bytes(fb6, sizeof(fb6), s->cached_space_available));
176 }
177
178 if (available)
179 *available = s->cached_space_available;
180 if (limit)
181 *limit = s->cached_space_limit;
182
183 return 1;
184}
185
186static int determine_space(Server *s, bool verbose, bool patch_min_use, uint64_t *available, uint64_t *limit) {
187 JournalMetrics *metrics;
188 const char *path, *name;
189
190 assert(s);
191
192 if (s->system_journal) {
193 path = "/var/log/journal/";
194 metrics = &s->system_metrics;
195 name = "System journal";
196 } else {
197 path = "/run/log/journal/";
198 metrics = &s->runtime_metrics;
199 name = "Runtime journal";
670b110c
ZJS		 200 }
201
8580d1f7 202 return determine_space_for(s, metrics, path, name, verbose, patch_min_use, available, limit);
d025f1e4
ZJS		 203}
204
d025f1e4
ZJS		 205void server_fix_perms(Server *s, JournalFile *f, uid_t uid) {
206 int r;
207#ifdef HAVE_ACL
0fb39831 208 _cleanup_(acl_freep) acl_t acl = NULL;
d025f1e4
ZJS		 209 acl_entry_t entry;
210 acl_permset_t permset;
211#endif
212
213 assert(f);
214
4608af43 215 r = fchmod(f->fd, 0640);
d025f1e4 216 if (r < 0)
65089b82 217 log_warning_errno(errno, "Failed to fix access mode on %s, ignoring: %m", f->path);
d025f1e4
ZJS		 218
219#ifdef HAVE_ACL
34c10968 220 if (uid <= SYSTEM_UID_MAX)
d025f1e4
ZJS		 221 return;
222
223 acl = acl_get_fd(f->fd);
224 if (!acl) {
56f64d95 225 log_warning_errno(errno, "Failed to read ACL on %s, ignoring: %m", f->path);
d025f1e4
ZJS		 226 return;
227 }
228
229 r = acl_find_uid(acl, uid, &entry);
230 if (r <= 0) {
231
232 if (acl_create_entry(&acl, &entry) < 0 ||
233 acl_set_tag_type(entry, ACL_USER) < 0 ||
234 acl_set_qualifier(entry, &uid) < 0) {
56f64d95 235 log_warning_errno(errno, "Failed to patch ACL on %s, ignoring: %m", f->path);
0fb39831 236 return;
d025f1e4
ZJS		 237 }
238 }
239
23ad4dd8
JAS		 240 /* We do not recalculate the mask unconditionally here,
241 * so that the fchmod() mask above stays intact. */
d025f1e4 242 if (acl_get_permset(entry, &permset) < 0 ||
709f6e46 243 acl_add_perm(permset, ACL_READ) < 0) {
56f64d95 244 log_warning_errno(errno, "Failed to patch ACL on %s, ignoring: %m", f->path);
0fb39831 245 return;
d025f1e4
ZJS		 246 }
247
709f6e46
MS		 248 r = calc_acl_mask_if_needed(&acl);
249 if (r < 0) {
250 log_warning_errno(r, "Failed to patch ACL on %s, ignoring: %m", f->path);
251 return;
252 }
253
d025f1e4 254 if (acl_set_fd(f->fd, acl) < 0)
56f64d95 255 log_warning_errno(errno, "Failed to set ACL on %s, ignoring: %m", f->path);
d025f1e4 256
d025f1e4
ZJS		 257#endif
258}
259
260static JournalFile* find_journal(Server *s, uid_t uid) {
ed375beb 261 _cleanup_free_ char *p = NULL;
d025f1e4
ZJS		 262 int r;
263 JournalFile *f;
264 sd_id128_t machine;
265
266 assert(s);
267
268 /* We split up user logs only on /var, not on /run. If the
269 * runtime file is open, we write to it exclusively, in order
270 * to guarantee proper order as soon as we flush /run to
271 * /var and close the runtime file. */
272
273 if (s->runtime_journal)
274 return s->runtime_journal;
275
f7dc3ab9 276 if (uid <= SYSTEM_UID_MAX)
d025f1e4
ZJS		 277 return s->system_journal;
278
279 r = sd_id128_get_machine(&machine);
280 if (r < 0)
281 return s->system_journal;
282
43cf8388 283 f = ordered_hashmap_get(s->user_journals, UINT32_TO_PTR(uid));
d025f1e4
ZJS		 284 if (f)
285 return f;
286
de0671ee
ZJS		 287 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/user-"UID_FMT".journal",
288 SD_ID128_FORMAT_VAL(machine), uid) < 0)
d025f1e4
ZJS		 289 return s->system_journal;
290
43cf8388 291 while (ordered_hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
d025f1e4 292 /* Too many open? Then let's close one */
43cf8388 293 f = ordered_hashmap_steal_first(s->user_journals);
d025f1e4
ZJS		 294 assert(f);
295 journal_file_close(f);
296 }
297
cbd67177 298 r = journal_file_open_reliably(p, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &f);
d025f1e4
ZJS		 299 if (r < 0)
300 return s->system_journal;
301
302 server_fix_perms(s, f, uid);
303
43cf8388 304 r = ordered_hashmap_put(s->user_journals, UINT32_TO_PTR(uid), f);
d025f1e4
ZJS		 305 if (r < 0) {
306 journal_file_close(f);
307 return s->system_journal;
308 }
309
310 return f;
311}
312
ea69bd41
LP		 313static int do_rotate(
314 Server *s,
315 JournalFile **f,
316 const char* name,
317 bool seal,
318 uint32_t uid) {
319
fc55baee
ZJS		 320 int r;
321 assert(s);
322
323 if (!*f)
324 return -EINVAL;
325
326 r = journal_file_rotate(f, s->compress, seal);
327 if (r < 0)
328 if (*f)
ea69bd41 329 log_error_errno(r, "Failed to rotate %s: %m", (*f)->path);
fc55baee 330 else
ea69bd41 331 log_error_errno(r, "Failed to create new %s journal: %m", name);
fc55baee
ZJS		 332 else
333 server_fix_perms(s, *f, uid);
2678031a 334
fc55baee
ZJS		 335 return r;
336}
337
d025f1e4
ZJS		 338void server_rotate(Server *s) {
339 JournalFile *f;
340 void *k;
341 Iterator i;
342 int r;
343
344 log_debug("Rotating...");
345
8580d1f7
LP		 346 (void) do_rotate(s, &s->runtime_journal, "runtime", false, 0);
347 (void) do_rotate(s, &s->system_journal, "system", s->seal, 0);
d025f1e4 348
43cf8388 349 ORDERED_HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
fc55baee
ZJS		 350 r = do_rotate(s, &f, "user", s->seal, PTR_TO_UINT32(k));
351 if (r >= 0)
43cf8388 352 ordered_hashmap_replace(s->user_journals, k, f);
fc55baee
ZJS		 353 else if (!f)
354 /* Old file has been closed and deallocated */
43cf8388 355 ordered_hashmap_remove(s->user_journals, k);
d025f1e4
ZJS		 356 }
357}
358
26687bf8
OS		 359void server_sync(Server *s) {
360 JournalFile *f;
361 void *k;
362 Iterator i;
363 int r;
364
26687bf8
OS		 365 if (s->system_journal) {
366 r = journal_file_set_offline(s->system_journal);
367 if (r < 0)
65089b82 368 log_warning_errno(r, "Failed to sync system journal, ignoring: %m");
26687bf8
OS		 369 }
370
43cf8388 371 ORDERED_HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
26687bf8
OS		 372 r = journal_file_set_offline(f);
373 if (r < 0)
65089b82 374 log_warning_errno(r, "Failed to sync user journal, ignoring: %m");
26687bf8
OS		 375 }
376
f9a810be
LP		 377 if (s->sync_event_source) {
378 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_OFF);
379 if (r < 0)
da927ba9 380 log_error_errno(r, "Failed to disable sync timer source: %m");
f9a810be 381 }
26687bf8
OS		 382
383 s->sync_scheduled = false;
384}
385
ea69bd41
LP		 386static void do_vacuum(
387 Server *s,
ea69bd41 388 JournalFile *f,
8580d1f7
LP		 389 JournalMetrics *metrics,
390 const char *path,
391 const char *name,
392 bool verbose,
393 bool patch_min_use) {
ea69bd41
LP		 394
395 const char *p;
8580d1f7 396 uint64_t limit;
63c8666b
ZJS		 397 int r;
398
8580d1f7
LP		 399 assert(s);
400 assert(metrics);
401 assert(path);
402 assert(name);
403
63c8666b
ZJS		 404 if (!f)
405 return;
406
8580d1f7
LP		 407 p = strjoina(path, SERVER_MACHINE_ID(s));
408
409 limit = metrics->max_use;
410 (void) determine_space_for(s, metrics, path, name, verbose, patch_min_use, NULL, &limit);
411
412 r = journal_directory_vacuum(p, limit, metrics->n_max_files, s->max_retention_usec, &s->oldest_file_usec, verbose);
63c8666b 413 if (r < 0 && r != -ENOENT)
8580d1f7 414 log_warning_errno(r, "Failed to vacuum %s, ignoring: %m", p);
63c8666b
ZJS		 415}
416
8580d1f7
LP		 417int server_vacuum(Server *s, bool verbose, bool patch_min_use) {
418 assert(s);
d025f1e4
ZJS		 419
420 log_debug("Vacuuming...");
421
422 s->oldest_file_usec = 0;
423
8580d1f7
LP		 424 do_vacuum(s, s->system_journal, &s->system_metrics, "/var/log/journal/", "System journal", verbose, patch_min_use);
425 do_vacuum(s, s->runtime_journal, &s->runtime_metrics, "/run/log/journal/", "Runtime journal", verbose, patch_min_use);
d025f1e4 426
8580d1f7
LP		 427 s->cached_space_limit = 0;
428 s->cached_space_available = 0;
429 s->cached_space_timestamp = 0;
d025f1e4 430
8580d1f7 431 return 0;
d025f1e4
ZJS		 432}
433
0c24bb23
LP		 434static void server_cache_machine_id(Server *s) {
435 sd_id128_t id;
436 int r;
437
438 assert(s);
439
440 r = sd_id128_get_machine(&id);
441 if (r < 0)
442 return;
443
444 sd_id128_to_string(id, stpcpy(s->machine_id_field, "_MACHINE_ID="));
445}
446
447static void server_cache_boot_id(Server *s) {
448 sd_id128_t id;
449 int r;
450
451 assert(s);
452
453 r = sd_id128_get_boot(&id);
454 if (r < 0)
455 return;
456
457 sd_id128_to_string(id, stpcpy(s->boot_id_field, "_BOOT_ID="));
458}
459
460static void server_cache_hostname(Server *s) {
461 _cleanup_free_ char *t = NULL;
462 char *x;
463
464 assert(s);
465
466 t = gethostname_malloc();
467 if (!t)
468 return;
469
470 x = strappend("_HOSTNAME=", t);
471 if (!x)
472 return;
473
474 free(s->hostname_field);
475 s->hostname_field = x;
476}
477
8531ae70 478static bool shall_try_append_again(JournalFile *f, int r) {
d025f1e4
ZJS		 479
480 /* -E2BIG Hit configured limit
481 -EFBIG Hit fs limit
482 -EDQUOT Quota limit hit
483 -ENOSPC Disk full
fa6ac760 484 -EIO I/O error of some kind (mmap)
d025f1e4
ZJS		 485 -EHOSTDOWN Other machine
486 -EBUSY Unclean shutdown
487 -EPROTONOSUPPORT Unsupported feature
488 -EBADMSG Corrupted
489 -ENODATA Truncated
2678031a
LP		 490 -ESHUTDOWN Already archived
491 -EIDRM Journal file has been deleted */
d025f1e4
ZJS		 492
493 if (r == -E2BIG || r == -EFBIG || r == -EDQUOT || r == -ENOSPC)
494 log_debug("%s: Allocation limit reached, rotating.", f->path);
495 else if (r == -EHOSTDOWN)
496 log_info("%s: Journal file from other machine, rotating.", f->path);
497 else if (r == -EBUSY)
498 log_info("%s: Unclean shutdown, rotating.", f->path);
499 else if (r == -EPROTONOSUPPORT)
500 log_info("%s: Unsupported feature, rotating.", f->path);
501 else if (r == -EBADMSG || r == -ENODATA || r == ESHUTDOWN)
502 log_warning("%s: Journal file corrupted, rotating.", f->path);
fa6ac760
LP		 503 else if (r == -EIO)
504 log_warning("%s: IO error, rotating.", f->path);
2678031a
LP		 505 else if (r == -EIDRM)
506 log_warning("%s: Journal file has been deleted, rotating.", f->path);
d025f1e4
ZJS		 507 else
508 return false;
509
510 return true;
511}
512
d07f7b9e 513static void write_to_journal(Server *s, uid_t uid, struct iovec *iovec, unsigned n, int priority) {
d025f1e4
ZJS		 514 JournalFile *f;
515 bool vacuumed = false;
516 int r;
517
518 assert(s);
519 assert(iovec);
520 assert(n > 0);
521
522 f = find_journal(s, uid);
523 if (!f)
524 return;
525
526 if (journal_file_rotate_suggested(f, s->max_file_usec)) {
527 log_debug("%s: Journal header limits reached or header out-of-date, rotating.", f->path);
528 server_rotate(s);
8580d1f7 529 server_vacuum(s, false, false);
d025f1e4
ZJS		 530 vacuumed = true;
531
532 f = find_journal(s, uid);
533 if (!f)
534 return;
535 }
536
537 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
26687bf8 538 if (r >= 0) {
d07f7b9e 539 server_schedule_sync(s, priority);
d025f1e4 540 return;
26687bf8 541 }
d025f1e4
ZJS		 542
543 if (vacuumed || !shall_try_append_again(f, r)) {
8266e1c0 544 log_error_errno(r, "Failed to write entry (%d items, %zu bytes), ignoring: %m", n, IOVEC_TOTAL_SIZE(iovec, n));
d025f1e4
ZJS		 545 return;
546 }
547
548 server_rotate(s);
8580d1f7 549 server_vacuum(s, false, false);
d025f1e4
ZJS		 550
551 f = find_journal(s, uid);
552 if (!f)
553 return;
554
555 log_debug("Retrying write.");
556 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
8266e1c0
LP		 557 if (r < 0)
558 log_error_errno(r, "Failed to write entry (%d items, %zu bytes) despite vacuuming, ignoring: %m", n, IOVEC_TOTAL_SIZE(iovec, n));
559 else
d07f7b9e 560 server_schedule_sync(s, priority);
d025f1e4
ZJS		 561}
562
563static void dispatch_message_real(
564 Server *s,
565 struct iovec *iovec, unsigned n, unsigned m,
3b3154df
LP		 566 const struct ucred *ucred,
567 const struct timeval *tv,
d025f1e4 568 const char *label, size_t label_len,
968f3196 569 const char *unit_id,
d07f7b9e 570 int priority,
968f3196 571 pid_t object_pid) {
d025f1e4 572
968f3196 573 char pid[sizeof("_PID=") + DECIMAL_STR_MAX(pid_t)],
ae018d9b
LP		 574 uid[sizeof("_UID=") + DECIMAL_STR_MAX(uid_t)],
575 gid[sizeof("_GID=") + DECIMAL_STR_MAX(gid_t)],
576 owner_uid[sizeof("_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)],
d3789917 577 source_time[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)],
968f3196
ZJS		 578 o_uid[sizeof("OBJECT_UID=") + DECIMAL_STR_MAX(uid_t)],
579 o_gid[sizeof("OBJECT_GID=") + DECIMAL_STR_MAX(gid_t)],
580 o_owner_uid[sizeof("OBJECT_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)];
581 uid_t object_uid;
582 gid_t object_gid;
968f3196 583 char *x;
d025f1e4 584 int r;
ae018d9b 585 char *t, *c;
82499507
LP		 586 uid_t realuid = 0, owner = 0, journal_uid;
587 bool owner_valid = false;
ae018d9b 588#ifdef HAVE_AUDIT
968f3196
ZJS		 589 char audit_session[sizeof("_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
590 audit_loginuid[sizeof("_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)],
591 o_audit_session[sizeof("OBJECT_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
592 o_audit_loginuid[sizeof("OBJECT_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)];
ae018d9b
LP		 593
594 uint32_t audit;
595 uid_t loginuid;
596#endif
d025f1e4
ZJS		 597
598 assert(s);
599 assert(iovec);
600 assert(n > 0);
968f3196 601 assert(n + N_IOVEC_META_FIELDS + (object_pid ? N_IOVEC_OBJECT_FIELDS : 0) <= m);
d025f1e4
ZJS		 602
603 if (ucred) {
d025f1e4
ZJS		 604 realuid = ucred->uid;
605
de0671ee 606 sprintf(pid, "_PID="PID_FMT, ucred->pid);
c2457105 607 IOVEC_SET_STRING(iovec[n++], pid);
d025f1e4 608
de0671ee 609 sprintf(uid, "_UID="UID_FMT, ucred->uid);
c2457105 610 IOVEC_SET_STRING(iovec[n++], uid);
d025f1e4 611
de0671ee 612 sprintf(gid, "_GID="GID_FMT, ucred->gid);
c2457105 613 IOVEC_SET_STRING(iovec[n++], gid);
d025f1e4
ZJS		 614
615 r = get_process_comm(ucred->pid, &t);
616 if (r >= 0) {
63c372cb 617 x = strjoina("_COMM=", t);
d025f1e4 618 free(t);
968f3196 619 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4
ZJS		 620 }
621
622 r = get_process_exe(ucred->pid, &t);
623 if (r >= 0) {
63c372cb 624 x = strjoina("_EXE=", t);
d025f1e4 625 free(t);
968f3196 626 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4
ZJS		 627 }
628
9bdbc2e2 629 r = get_process_cmdline(ucred->pid, 0, false, &t);
d025f1e4 630 if (r >= 0) {
63c372cb 631 x = strjoina("_CMDLINE=", t);
d025f1e4 632 free(t);
3a832116
SL		 633 IOVEC_SET_STRING(iovec[n++], x);
634 }
635
636 r = get_process_capeff(ucred->pid, &t);
637 if (r >= 0) {
63c372cb 638 x = strjoina("_CAP_EFFECTIVE=", t);
3a832116 639 free(t);
968f3196 640 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4
ZJS		 641 }
642
0a20e3c1 643#ifdef HAVE_AUDIT
d025f1e4 644 r = audit_session_from_pid(ucred->pid, &audit);
ae018d9b 645 if (r >= 0) {
de0671ee 646 sprintf(audit_session, "_AUDIT_SESSION=%"PRIu32, audit);
ae018d9b
LP		 647 IOVEC_SET_STRING(iovec[n++], audit_session);
648 }
d025f1e4
ZJS		 649
650 r = audit_loginuid_from_pid(ucred->pid, &loginuid);
7027ff61 651 if (r >= 0) {
de0671ee 652 sprintf(audit_loginuid, "_AUDIT_LOGINUID="UID_FMT, loginuid);
ae018d9b 653 IOVEC_SET_STRING(iovec[n++], audit_loginuid);
d025f1e4 654 }
ae018d9b 655#endif
d025f1e4 656
e9174f29 657 r = cg_pid_get_path_shifted(ucred->pid, s->cgroup_root, &c);
7027ff61 658 if (r >= 0) {
968f3196
ZJS		 659 char *session = NULL;
660
63c372cb 661 x = strjoina("_SYSTEMD_CGROUP=", c);
968f3196 662 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4 663
ae018d9b
LP		 664 r = cg_path_get_session(c, &t);
665 if (r >= 0) {
63c372cb 666 session = strjoina("_SYSTEMD_SESSION=", t);
ae018d9b 667 free(t);
d025f1e4 668 IOVEC_SET_STRING(iovec[n++], session);
ae018d9b
LP		 669 }
670
671 if (cg_path_get_owner_uid(c, &owner) >= 0) {
672 owner_valid = true;
d025f1e4 673
de0671ee 674 sprintf(owner_uid, "_SYSTEMD_OWNER_UID="UID_FMT, owner);
d025f1e4 675 IOVEC_SET_STRING(iovec[n++], owner_uid);
ae018d9b 676 }
d025f1e4 677
ae018d9b 678 if (cg_path_get_unit(c, &t) >= 0) {
63c372cb 679 x = strjoina("_SYSTEMD_UNIT=", t);
ae018d9b 680 free(t);
19cace37
LP		 681 IOVEC_SET_STRING(iovec[n++], x);
682 } else if (unit_id && !session) {
63c372cb 683 x = strjoina("_SYSTEMD_UNIT=", unit_id);
19cace37
LP		 684 IOVEC_SET_STRING(iovec[n++], x);
685 }
686
687 if (cg_path_get_user_unit(c, &t) >= 0) {
63c372cb 688 x = strjoina("_SYSTEMD_USER_UNIT=", t);
ae018d9b 689 free(t);
968f3196 690 IOVEC_SET_STRING(iovec[n++], x);
19cace37 691 } else if (unit_id && session) {
63c372cb 692 x = strjoina("_SYSTEMD_USER_UNIT=", unit_id);
19cace37
LP		 693 IOVEC_SET_STRING(iovec[n++], x);
694 }
ae018d9b 695
0a244b8e 696 if (cg_path_get_slice(c, &t) >= 0) {
63c372cb 697 x = strjoina("_SYSTEMD_SLICE=", t);
0a244b8e
LP		 698 free(t);
699 IOVEC_SET_STRING(iovec[n++], x);
700 }
701
ae018d9b 702 free(c);
2d43b190 703 } else if (unit_id) {
63c372cb 704 x = strjoina("_SYSTEMD_UNIT=", unit_id);
2d43b190 705 IOVEC_SET_STRING(iovec[n++], x);
ef1673d1 706 }
d025f1e4 707
d025f1e4 708#ifdef HAVE_SELINUX
6baa7db0 709 if (mac_selinux_use()) {
d682b3a7 710 if (label) {
f8294e41 711 x = alloca(strlen("_SELINUX_CONTEXT=") + label_len + 1);
ae018d9b 712
d682b3a7
LP		 713 *((char*) mempcpy(stpcpy(x, "_SELINUX_CONTEXT="), label, label_len)) = 0;
714 IOVEC_SET_STRING(iovec[n++], x);
715 } else {
716 security_context_t con;
d025f1e4 717
d682b3a7 718 if (getpidcon(ucred->pid, &con) >= 0) {
63c372cb 719 x = strjoina("_SELINUX_CONTEXT=", con);
e7ff4e7f 720
d682b3a7
LP		 721 freecon(con);
722 IOVEC_SET_STRING(iovec[n++], x);
723 }
d025f1e4
ZJS		 724 }
725 }
726#endif
727 }
968f3196
ZJS		 728 assert(n <= m);
729
730 if (object_pid) {
731 r = get_process_uid(object_pid, &object_uid);
732 if (r >= 0) {
de0671ee 733 sprintf(o_uid, "OBJECT_UID="UID_FMT, object_uid);
968f3196
ZJS		 734 IOVEC_SET_STRING(iovec[n++], o_uid);
735 }
736
737 r = get_process_gid(object_pid, &object_gid);
738 if (r >= 0) {
de0671ee 739 sprintf(o_gid, "OBJECT_GID="GID_FMT, object_gid);
968f3196
ZJS		 740 IOVEC_SET_STRING(iovec[n++], o_gid);
741 }
742
743 r = get_process_comm(object_pid, &t);
744 if (r >= 0) {
63c372cb 745 x = strjoina("OBJECT_COMM=", t);
968f3196
ZJS		 746 free(t);
747 IOVEC_SET_STRING(iovec[n++], x);
748 }
749
750 r = get_process_exe(object_pid, &t);
751 if (r >= 0) {
63c372cb 752 x = strjoina("OBJECT_EXE=", t);
968f3196
ZJS		 753 free(t);
754 IOVEC_SET_STRING(iovec[n++], x);
755 }
756
757 r = get_process_cmdline(object_pid, 0, false, &t);
758 if (r >= 0) {
63c372cb 759 x = strjoina("OBJECT_CMDLINE=", t);
968f3196
ZJS		 760 free(t);
761 IOVEC_SET_STRING(iovec[n++], x);
762 }
763
764#ifdef HAVE_AUDIT
765 r = audit_session_from_pid(object_pid, &audit);
766 if (r >= 0) {
de0671ee 767 sprintf(o_audit_session, "OBJECT_AUDIT_SESSION=%"PRIu32, audit);
968f3196
ZJS		 768 IOVEC_SET_STRING(iovec[n++], o_audit_session);
769 }
770
771 r = audit_loginuid_from_pid(object_pid, &loginuid);
772 if (r >= 0) {
de0671ee 773 sprintf(o_audit_loginuid, "OBJECT_AUDIT_LOGINUID="UID_FMT, loginuid);
968f3196
ZJS		 774 IOVEC_SET_STRING(iovec[n++], o_audit_loginuid);
775 }
776#endif
777
e9174f29 778 r = cg_pid_get_path_shifted(object_pid, s->cgroup_root, &c);
968f3196 779 if (r >= 0) {
63c372cb 780 x = strjoina("OBJECT_SYSTEMD_CGROUP=", c);
968f3196
ZJS		 781 IOVEC_SET_STRING(iovec[n++], x);
782
783 r = cg_path_get_session(c, &t);
784 if (r >= 0) {
63c372cb 785 x = strjoina("OBJECT_SYSTEMD_SESSION=", t);
968f3196
ZJS		 786 free(t);
787 IOVEC_SET_STRING(iovec[n++], x);
788 }
789
790 if (cg_path_get_owner_uid(c, &owner) >= 0) {
de0671ee 791 sprintf(o_owner_uid, "OBJECT_SYSTEMD_OWNER_UID="UID_FMT, owner);
968f3196
ZJS		 792 IOVEC_SET_STRING(iovec[n++], o_owner_uid);
793 }
794
795 if (cg_path_get_unit(c, &t) >= 0) {
63c372cb 796 x = strjoina("OBJECT_SYSTEMD_UNIT=", t);
968f3196 797 free(t);
19cace37
LP		 798 IOVEC_SET_STRING(iovec[n++], x);
799 }
800
801 if (cg_path_get_user_unit(c, &t) >= 0) {
63c372cb 802 x = strjoina("OBJECT_SYSTEMD_USER_UNIT=", t);
968f3196 803 free(t);
968f3196 804 IOVEC_SET_STRING(iovec[n++], x);
19cace37 805 }
968f3196
ZJS		 806
807 free(c);
808 }
809 }
810 assert(n <= m);
d025f1e4
ZJS		 811
812 if (tv) {
ae018d9b 813 sprintf(source_time, "_SOURCE_REALTIME_TIMESTAMP=%llu", (unsigned long long) timeval_load(tv));
a5693989 814 IOVEC_SET_STRING(iovec[n++], source_time);
d025f1e4
ZJS		 815 }
816
817 /* Note that strictly speaking storing the boot id here is
818 * redundant since the entry includes this in-line
819 * anyway. However, we need this indexed, too. */
0c24bb23
LP		 820 if (!isempty(s->boot_id_field))
821 IOVEC_SET_STRING(iovec[n++], s->boot_id_field);
d025f1e4 822
0c24bb23
LP		 823 if (!isempty(s->machine_id_field))
824 IOVEC_SET_STRING(iovec[n++], s->machine_id_field);
d025f1e4 825
0c24bb23
LP		 826 if (!isempty(s->hostname_field))
827 IOVEC_SET_STRING(iovec[n++], s->hostname_field);
d025f1e4
ZJS		 828
829 assert(n <= m);
830
da499392 831 if (s->split_mode == SPLIT_UID && realuid > 0)
40adcda8 832 /* Split up strictly by any UID */
759c945a 833 journal_uid = realuid;
82499507 834 else if (s->split_mode == SPLIT_LOGIN && realuid > 0 && owner_valid && owner > 0)
edc3797f
LP		 835 /* Split up by login UIDs. We do this only if the
836 * realuid is not root, in order not to accidentally
837 * leak privileged information to the user that is
838 * logged by a privileged process that is part of an
7517e174 839 * unprivileged session. */
8a0889df 840 journal_uid = owner;
da499392
KS		 841 else
842 journal_uid = 0;
759c945a 843
d07f7b9e 844 write_to_journal(s, journal_uid, iovec, n, priority);
d025f1e4
ZJS		 845}
846
847void server_driver_message(Server *s, sd_id128_t message_id, const char *format, ...) {
848 char mid[11 + 32 + 1];
849 char buffer[16 + LINE_MAX + 1];
b6fa2555 850 struct iovec iovec[N_IOVEC_META_FIELDS + 6];
d025f1e4
ZJS		 851 int n = 0;
852 va_list ap;
b92bea5d 853 struct ucred ucred = {};
d025f1e4
ZJS		 854
855 assert(s);
856 assert(format);
857
b6fa2555
EV		 858 IOVEC_SET_STRING(iovec[n++], "SYSLOG_FACILITY=3");
859 IOVEC_SET_STRING(iovec[n++], "SYSLOG_IDENTIFIER=systemd-journald");
860
d025f1e4
ZJS		 861 IOVEC_SET_STRING(iovec[n++], "PRIORITY=6");
862 IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=driver");
863
864 memcpy(buffer, "MESSAGE=", 8);
865 va_start(ap, format);
866 vsnprintf(buffer + 8, sizeof(buffer) - 8, format, ap);
867 va_end(ap);
d025f1e4
ZJS		 868 IOVEC_SET_STRING(iovec[n++], buffer);
869
870 if (!sd_id128_equal(message_id, SD_ID128_NULL)) {
e2cc6eca 871 snprintf(mid, sizeof(mid), LOG_MESSAGE_ID(message_id));
d025f1e4
ZJS		 872 IOVEC_SET_STRING(iovec[n++], mid);
873 }
874
d025f1e4
ZJS		 875 ucred.pid = getpid();
876 ucred.uid = getuid();
877 ucred.gid = getgid();
878
d07f7b9e 879 dispatch_message_real(s, iovec, n, ELEMENTSOF(iovec), &ucred, NULL, NULL, 0, NULL, LOG_INFO, 0);
d025f1e4
ZJS		 880}
881
882void server_dispatch_message(
883 Server *s,
884 struct iovec *iovec, unsigned n, unsigned m,
3b3154df
LP		 885 const struct ucred *ucred,
886 const struct timeval *tv,
d025f1e4
ZJS		 887 const char *label, size_t label_len,
888 const char *unit_id,
968f3196
ZJS		 889 int priority,
890 pid_t object_pid) {
d025f1e4 891
7027ff61 892 int rl, r;
7fd1b19b 893 _cleanup_free_ char *path = NULL;
8580d1f7 894 uint64_t available = 0;
db91ea32 895 char *c;
d025f1e4
ZJS		 896
897 assert(s);
898 assert(iovec || n == 0);
899
900 if (n == 0)
901 return;
902
903 if (LOG_PRI(priority) > s->max_level_store)
904 return;
905
2f5df74a
HHPF		 906 /* Stop early in case the information will not be stored
907 * in a journal. */
908 if (s->storage == STORAGE_NONE)
909 return;
910
d025f1e4
ZJS		 911 if (!ucred)
912 goto finish;
913
e9174f29 914 r = cg_pid_get_path_shifted(ucred->pid, s->cgroup_root, &path);
7027ff61 915 if (r < 0)
d025f1e4
ZJS		 916 goto finish;
917
918 /* example: /user/lennart/3/foobar
919 * /system/dbus.service/foobar
920 *
921 * So let's cut of everything past the third /, since that is
922 * where user directories start */
923
924 c = strchr(path, '/');
925 if (c) {
926 c = strchr(c+1, '/');
927 if (c) {
928 c = strchr(c+1, '/');
929 if (c)
930 *c = 0;
931 }
932 }
933
8580d1f7
LP		 934 (void) determine_space(s, false, false, &available, NULL);
935 rl = journal_rate_limit_test(s->rate_limit, path, priority & LOG_PRIMASK, available);
db91ea32 936 if (rl == 0)
d025f1e4 937 return;
d025f1e4
ZJS		 938
939 /* Write a suppression message if we suppressed something */
940 if (rl > 1)
db91ea32
ZJS		 941 server_driver_message(s, SD_MESSAGE_JOURNAL_DROPPED,
942 "Suppressed %u messages from %s", rl - 1, path);
d025f1e4
ZJS		 943
944finish:
d07f7b9e 945 dispatch_message_real(s, iovec, n, m, ucred, tv, label, label_len, unit_id, priority, object_pid);
d025f1e4
ZJS		 946}
947
948
caa2f4c0 949static int system_journal_open(Server *s, bool flush_requested) {
84267e40 950 const char *fn;
09eba4d4 951 int r = 0;
d025f1e4
ZJS		 952
953 if (!s->system_journal &&
954 (s->storage == STORAGE_PERSISTENT || s->storage == STORAGE_AUTO) &&
caa2f4c0
ZJS		 955 (flush_requested
956 || access("/run/systemd/journal/flushed", F_OK) >= 0)) {
d025f1e4
ZJS		 957
958 /* If in auto mode: first try to create the machine
959 * path, but not the prefix.
960 *
961 * If in persistent mode: create /var/log/journal and
962 * the machine path */
963
964 if (s->storage == STORAGE_PERSISTENT)
ac892057 965 (void) mkdir_p("/var/log/journal/", 0755);
d025f1e4 966
8580d1f7 967 fn = strjoina("/var/log/journal/", SERVER_MACHINE_ID(s));
d025f1e4 968 (void) mkdir(fn, 0755);
d025f1e4 969
63c372cb 970 fn = strjoina(fn, "/system.journal");
d025f1e4 971 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &s->system_journal);
8580d1f7 972 if (r >= 0) {
d025f1e4 973 server_fix_perms(s, s->system_journal, 0);
8580d1f7
LP		 974 (void) determine_space_for(s, &s->system_metrics, "/var/log/journal/", "System journal", true, true, NULL, NULL);
975 } else if (r < 0) {
433dd100 976 if (r != -ENOENT && r != -EROFS)
da927ba9 977 log_warning_errno(r, "Failed to open system journal: %m");
e40ec7ae 978
433dd100
LN		 979 r = 0;
980 }
d025f1e4
ZJS		 981 }
982
983 if (!s->runtime_journal &&
984 (s->storage != STORAGE_NONE)) {
985
8580d1f7 986 fn = strjoina("/run/log/journal/", SERVER_MACHINE_ID(s), "/system.journal");
d025f1e4
ZJS		 987
988 if (s->system_journal) {
989
990 /* Try to open the runtime journal, but only
991 * if it already exists, so that we can flush
992 * it into the system journal */
993
994 r = journal_file_open(fn, O_RDWR, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
d025f1e4
ZJS		 995 if (r < 0) {
996 if (r != -ENOENT)
da927ba9 997 log_warning_errno(r, "Failed to open runtime journal: %m");
d025f1e4
ZJS		 998
999 r = 0;
1000 }
1001
1002 } else {
1003
1004 /* OK, we really need the runtime journal, so create
1005 * it if necessary. */
1006
fc1d70af
LP		 1007 (void) mkdir("/run/log", 0755);
1008 (void) mkdir("/run/log/journal", 0755);
1009 (void) mkdir_parents(fn, 0750);
1010
d025f1e4 1011 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
23bbb0de
MS		 1012 if (r < 0)
1013 return log_error_errno(r, "Failed to open runtime journal: %m");
d025f1e4
ZJS		 1014 }
1015
8580d1f7 1016 if (s->runtime_journal) {
d025f1e4 1017 server_fix_perms(s, s->runtime_journal, 0);
8580d1f7
LP		 1018 (void) determine_space_for(s, &s->runtime_metrics, "/run/log/journal/", "Runtime journal", true, true, NULL, NULL);
1019 }
d025f1e4
ZJS		 1020 }
1021
1022 return r;
1023}
1024
1025int server_flush_to_var(Server *s) {
d025f1e4
ZJS		 1026 sd_id128_t machine;
1027 sd_journal *j = NULL;
fbb63411
LP		 1028 char ts[FORMAT_TIMESPAN_MAX];
1029 usec_t start;
1030 unsigned n = 0;
1031 int r;
d025f1e4
ZJS		 1032
1033 assert(s);
1034
1035 if (s->storage != STORAGE_AUTO &&
1036 s->storage != STORAGE_PERSISTENT)
1037 return 0;
1038
1039 if (!s->runtime_journal)
1040 return 0;
1041
8580d1f7 1042 (void) system_journal_open(s, true);
d025f1e4
ZJS		 1043
1044 if (!s->system_journal)
1045 return 0;
1046
1047 log_debug("Flushing to /var...");
1048
fbb63411
LP		 1049 start = now(CLOCK_MONOTONIC);
1050
d025f1e4 1051 r = sd_id128_get_machine(&machine);
00a16861 1052 if (r < 0)
d025f1e4 1053 return r;
d025f1e4
ZJS		 1054
1055 r = sd_journal_open(&j, SD_JOURNAL_RUNTIME_ONLY);
23bbb0de
MS		 1056 if (r < 0)
1057 return log_error_errno(r, "Failed to read runtime journal: %m");
d025f1e4 1058
93b73b06
LP		 1059 sd_journal_set_data_threshold(j, 0);
1060
d025f1e4
ZJS		 1061 SD_JOURNAL_FOREACH(j) {
1062 Object *o = NULL;
1063 JournalFile *f;
1064
1065 f = j->current_file;
1066 assert(f && f->current_offset > 0);
1067
fbb63411
LP		 1068 n++;
1069
d025f1e4
ZJS		 1070 r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
1071 if (r < 0) {
da927ba9 1072 log_error_errno(r, "Can't read entry: %m");
d025f1e4
ZJS		 1073 goto finish;
1074 }
1075
1076 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
1077 if (r >= 0)
1078 continue;
1079
1080 if (!shall_try_append_again(s->system_journal, r)) {
da927ba9 1081 log_error_errno(r, "Can't write entry: %m");
d025f1e4
ZJS		 1082 goto finish;
1083 }
1084
1085 server_rotate(s);
8580d1f7 1086 server_vacuum(s, false, false);
d025f1e4 1087
253f59df
LP		 1088 if (!s->system_journal) {
1089 log_notice("Didn't flush runtime journal since rotation of system journal wasn't successful.");
1090 r = -EIO;
1091 goto finish;
1092 }
1093
d025f1e4
ZJS		 1094 log_debug("Retrying write.");
1095 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
1096 if (r < 0) {
da927ba9 1097 log_error_errno(r, "Can't write entry: %m");
d025f1e4
ZJS		 1098 goto finish;
1099 }
1100 }
1101
804ae586
LP		 1102 r = 0;
1103
d025f1e4
ZJS		 1104finish:
1105 journal_file_post_change(s->system_journal);
1106
804ae586 1107 s->runtime_journal = journal_file_close(s->runtime_journal);
d025f1e4
ZJS		 1108
1109 if (r >= 0)
c6878637 1110 (void) rm_rf("/run/log/journal", REMOVE_ROOT);
d025f1e4 1111
763c7aa2 1112 sd_journal_close(j);
d025f1e4 1113
fbb63411
LP		 1114 server_driver_message(s, SD_ID128_NULL, "Time spent on flushing to /var is %s for %u entries.", format_timespan(ts, sizeof(ts), now(CLOCK_MONOTONIC) - start, 0), n);
1115
d025f1e4
ZJS		 1116 return r;
1117}
1118
8531ae70 1119int server_process_datagram(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
f9a810be 1120 Server *s = userdata;
a315ac4e
LP		 1121 struct ucred *ucred = NULL;
1122 struct timeval *tv = NULL;
1123 struct cmsghdr *cmsg;
1124 char *label = NULL;
1125 size_t label_len = 0, m;
1126 struct iovec iovec;
1127 ssize_t n;
1128 int *fds = NULL, v = 0;
1129 unsigned n_fds = 0;
1130
1131 union {
1132 struct cmsghdr cmsghdr;
1133
1134 /* We use NAME_MAX space for the SELinux label
1135 * here. The kernel currently enforces no
1136 * limit, but according to suggestions from
1137 * the SELinux people this will change and it
1138 * will probably be identical to NAME_MAX. For
1139 * now we use that, but this should be updated
1140 * one day when the final limit is known. */
1141 uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
1142 CMSG_SPACE(sizeof(struct timeval)) +
1143 CMSG_SPACE(sizeof(int)) + /* fd */
1144 CMSG_SPACE(NAME_MAX)]; /* selinux label */
1145 } control = {};
1146
1147 union sockaddr_union sa = {};
1148
1149 struct msghdr msghdr = {
1150 .msg_iov = &iovec,
1151 .msg_iovlen = 1,
1152 .msg_control = &control,
1153 .msg_controllen = sizeof(control),
1154 .msg_name = &sa,
1155 .msg_namelen = sizeof(sa),
1156 };
f9a810be 1157
d025f1e4 1158 assert(s);
875c2e22 1159 assert(fd == s->native_fd || fd == s->syslog_fd || fd == s->audit_fd);
f9a810be
LP		 1160
1161 if (revents != EPOLLIN) {
1162 log_error("Got invalid event from epoll for datagram fd: %"PRIx32, revents);
1163 return -EIO;
1164 }
1165
a315ac4e
LP		 1166 /* Try to get the right size, if we can. (Not all
1167 * sockets support SIOCINQ, hence we just try, but
1168 * don't rely on it. */
1169 (void) ioctl(fd, SIOCINQ, &v);
d025f1e4 1170
a315ac4e
LP		 1171 /* Fix it up, if it is too small. We use the same fixed value as auditd here. Awful! */
1172 m = PAGE_ALIGN(MAX3((size_t) v + 1,
1173 (size_t) LINE_MAX,
1174 ALIGN(sizeof(struct nlmsghdr)) + ALIGN((size_t) MAX_AUDIT_MESSAGE_LENGTH)) + 1);
d025f1e4 1175
a315ac4e
LP		 1176 if (!GREEDY_REALLOC(s->buffer, s->buffer_size, m))
1177 return log_oom();
875c2e22 1178
a315ac4e
LP		 1179 iovec.iov_base = s->buffer;
1180 iovec.iov_len = s->buffer_size - 1; /* Leave room for trailing NUL we add later */
d025f1e4 1181
a315ac4e
LP		 1182 n = recvmsg(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
1183 if (n < 0) {
1184 if (errno == EINTR || errno == EAGAIN)
1185 return 0;
875c2e22 1186
a315ac4e
LP		 1187 return log_error_errno(errno, "recvmsg() failed: %m");
1188 }
875c2e22 1189
a315ac4e
LP		 1190 CMSG_FOREACH(cmsg, &msghdr) {
1191
1192 if (cmsg->cmsg_level == SOL_SOCKET &&
1193 cmsg->cmsg_type == SCM_CREDENTIALS &&
1194 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
1195 ucred = (struct ucred*) CMSG_DATA(cmsg);
1196 else if (cmsg->cmsg_level == SOL_SOCKET &&
1197 cmsg->cmsg_type == SCM_SECURITY) {
1198 label = (char*) CMSG_DATA(cmsg);
1199 label_len = cmsg->cmsg_len - CMSG_LEN(0);
1200 } else if (cmsg->cmsg_level == SOL_SOCKET &&
1201 cmsg->cmsg_type == SO_TIMESTAMP &&
1202 cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval)))
1203 tv = (struct timeval*) CMSG_DATA(cmsg);
1204 else if (cmsg->cmsg_level == SOL_SOCKET &&
1205 cmsg->cmsg_type == SCM_RIGHTS) {
1206 fds = (int*) CMSG_DATA(cmsg);
1207 n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
d025f1e4 1208 }
a315ac4e 1209 }
d025f1e4 1210
a315ac4e
LP		 1211 /* And a trailing NUL, just in case */
1212 s->buffer[n] = 0;
1213
1214 if (fd == s->syslog_fd) {
1215 if (n > 0 && n_fds == 0)
1216 server_process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len);
1217 else if (n_fds > 0)
1218 log_warning("Got file descriptors via syslog socket. Ignoring.");
1219
1220 } else if (fd == s->native_fd) {
1221 if (n > 0 && n_fds == 0)
1222 server_process_native_message(s, s->buffer, n, ucred, tv, label, label_len);
1223 else if (n == 0 && n_fds == 1)
1224 server_process_native_file(s, fds[0], ucred, tv, label, label_len);
1225 else if (n_fds > 0)
1226 log_warning("Got too many file descriptors via native socket. Ignoring.");
1227
1228 } else {
1229 assert(fd == s->audit_fd);
1230
1231 if (n > 0 && n_fds == 0)
1232 server_process_audit_message(s, s->buffer, n, ucred, &sa, msghdr.msg_namelen);
1233 else if (n_fds > 0)
1234 log_warning("Got file descriptors via audit socket. Ignoring.");
f9a810be 1235 }
a315ac4e
LP		 1236
1237 close_many(fds, n_fds);
1238 return 0;
f9a810be 1239}
d025f1e4 1240
f9a810be
LP		 1241static int dispatch_sigusr1(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1242 Server *s = userdata;
d025f1e4 1243
f9a810be 1244 assert(s);
d025f1e4 1245
f9a810be 1246 log_info("Received request to flush runtime journal from PID %"PRIu32, si->ssi_pid);
d025f1e4 1247
f9a810be
LP		 1248 server_flush_to_var(s);
1249 server_sync(s);
8580d1f7 1250 server_vacuum(s, false, false);
d025f1e4 1251
ac5b0c13 1252 (void) touch("/run/systemd/journal/flushed");
74055aa7 1253
f9a810be
LP		 1254 return 0;
1255}
d025f1e4 1256
f9a810be
LP		 1257static int dispatch_sigusr2(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1258 Server *s = userdata;
d025f1e4 1259
f9a810be 1260 assert(s);
d025f1e4 1261
f9a810be
LP		 1262 log_info("Received request to rotate journal from PID %"PRIu32, si->ssi_pid);
1263 server_rotate(s);
8580d1f7 1264 server_vacuum(s, true, true);
d025f1e4 1265
f9a810be
LP		 1266 return 0;
1267}
d025f1e4 1268
f9a810be
LP		 1269static int dispatch_sigterm(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1270 Server *s = userdata;
d025f1e4 1271
f9a810be 1272 assert(s);
d025f1e4 1273
4daf54a8 1274 log_received_signal(LOG_INFO, si);
d025f1e4 1275
6203e07a 1276 sd_event_exit(s->event, 0);
d025f1e4
ZJS		 1277 return 0;
1278}
1279
f9a810be 1280static int setup_signals(Server *s) {
f9a810be 1281 int r;
d025f1e4
ZJS		 1282
1283 assert(s);
1284
72c0a2c2 1285 assert(sigprocmask_many(SIG_SETMASK, NULL, SIGINT, SIGTERM, SIGUSR1, SIGUSR2, -1) >= 0);
d025f1e4 1286
151b9b96 1287 r = sd_event_add_signal(s->event, &s->sigusr1_event_source, SIGUSR1, dispatch_sigusr1, s);
f9a810be
LP		 1288 if (r < 0)
1289 return r;
1290
151b9b96 1291 r = sd_event_add_signal(s->event, &s->sigusr2_event_source, SIGUSR2, dispatch_sigusr2, s);
f9a810be
LP		 1292 if (r < 0)
1293 return r;
d025f1e4 1294
151b9b96 1295 r = sd_event_add_signal(s->event, &s->sigterm_event_source, SIGTERM, dispatch_sigterm, s);
f9a810be
LP		 1296 if (r < 0)
1297 return r;
d025f1e4 1298
151b9b96 1299 r = sd_event_add_signal(s->event, &s->sigint_event_source, SIGINT, dispatch_sigterm, s);
f9a810be
LP		 1300 if (r < 0)
1301 return r;
d025f1e4
ZJS		 1302
1303 return 0;
1304}
1305
1306static int server_parse_proc_cmdline(Server *s) {
7fd1b19b 1307 _cleanup_free_ char *line = NULL;
d581d9d9 1308 const char *p;
74df0fca 1309 int r;
d025f1e4 1310
74df0fca 1311 r = proc_cmdline(&line);
b5884878 1312 if (r < 0) {
da927ba9 1313 log_warning_errno(r, "Failed to read /proc/cmdline, ignoring: %m");
d025f1e4 1314 return 0;
b5884878 1315 }
d025f1e4 1316
d581d9d9
SS		 1317 p = line;
1318 for(;;) {
7fd1b19b 1319 _cleanup_free_ char *word;
d025f1e4 1320
d581d9d9
SS		 1321 r = extract_first_word(&p, &word, NULL, 0);
1322 if (r < 0)
1323 return log_error_errno(r, "Failed to parse journald syntax \"%s\": %m", line);
1324
1325 if (r == 0)
1326 break;
d025f1e4
ZJS		 1327
1328 if (startswith(word, "systemd.journald.forward_to_syslog=")) {
1329 r = parse_boolean(word + 35);
1330 if (r < 0)
1331 log_warning("Failed to parse forward to syslog switch %s. Ignoring.", word + 35);
1332 else
1333 s->forward_to_syslog = r;
1334 } else if (startswith(word, "systemd.journald.forward_to_kmsg=")) {
1335 r = parse_boolean(word + 33);
1336 if (r < 0)
1337 log_warning("Failed to parse forward to kmsg switch %s. Ignoring.", word + 33);
1338 else
1339 s->forward_to_kmsg = r;
1340 } else if (startswith(word, "systemd.journald.forward_to_console=")) {
1341 r = parse_boolean(word + 36);
1342 if (r < 0)
1343 log_warning("Failed to parse forward to console switch %s. Ignoring.", word + 36);
1344 else
1345 s->forward_to_console = r;
40b71e89
ST		 1346 } else if (startswith(word, "systemd.journald.forward_to_wall=")) {
1347 r = parse_boolean(word + 33);
1348 if (r < 0)
1349 log_warning("Failed to parse forward to wall switch %s. Ignoring.", word + 33);
1350 else
1351 s->forward_to_wall = r;
d025f1e4
ZJS		 1352 } else if (startswith(word, "systemd.journald"))
1353 log_warning("Invalid systemd.journald parameter. Ignoring.");
d025f1e4
ZJS		 1354 }
1355
804ae586 1356 /* do not warn about state here, since probably systemd already did */
db91ea32 1357 return 0;
d025f1e4
ZJS		 1358}
1359
1360static int server_parse_config_file(Server *s) {
d025f1e4
ZJS		 1361 assert(s);
1362
a9edaeff
JT		 1363 return config_parse_many("/etc/systemd/journald.conf",
1364 CONF_DIRS_NULSTR("systemd/journald.conf"),
1365 "Journal\0",
1366 config_item_perf_lookup, journald_gperf_lookup,
1367 false, s);
d025f1e4
ZJS		 1368}
1369
f9a810be
LP		 1370static int server_dispatch_sync(sd_event_source *es, usec_t t, void *userdata) {
1371 Server *s = userdata;
26687bf8
OS		 1372
1373 assert(s);
1374
f9a810be 1375 server_sync(s);
26687bf8
OS		 1376 return 0;
1377}
1378
d07f7b9e 1379int server_schedule_sync(Server *s, int priority) {
26687bf8
OS		 1380 int r;
1381
26687bf8
OS		 1382 assert(s);
1383
d07f7b9e
LP		 1384 if (priority <= LOG_CRIT) {
1385 /* Immediately sync to disk when this is of priority CRIT, ALERT, EMERG */
1386 server_sync(s);
1387 return 0;
1388 }
1389
26687bf8
OS		 1390 if (s->sync_scheduled)
1391 return 0;
1392
f9a810be
LP		 1393 if (s->sync_interval_usec > 0) {
1394 usec_t when;
ca267016 1395
6a0f1f6d 1396 r = sd_event_now(s->event, CLOCK_MONOTONIC, &when);
f9a810be
LP		 1397 if (r < 0)
1398 return r;
26687bf8 1399
f9a810be
LP		 1400 when += s->sync_interval_usec;
1401
1402 if (!s->sync_event_source) {
6a0f1f6d
LP		 1403 r = sd_event_add_time(
1404 s->event,
1405 &s->sync_event_source,
1406 CLOCK_MONOTONIC,
1407 when, 0,
1408 server_dispatch_sync, s);
f9a810be
LP		 1409 if (r < 0)
1410 return r;
1411
1412 r = sd_event_source_set_priority(s->sync_event_source, SD_EVENT_PRIORITY_IMPORTANT);
1413 } else {
1414 r = sd_event_source_set_time(s->sync_event_source, when);
1415 if (r < 0)
1416 return r;
1417
1418 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_ONESHOT);
1419 }
26687bf8 1420 if (r < 0)
f9a810be 1421 return r;
26687bf8 1422
f9a810be
LP		 1423 s->sync_scheduled = true;
1424 }
26687bf8
OS		 1425
1426 return 0;
1427}
1428
0c24bb23
LP		 1429static int dispatch_hostname_change(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
1430 Server *s = userdata;
1431
1432 assert(s);
1433
1434 server_cache_hostname(s);
1435 return 0;
1436}
1437
1438static int server_open_hostname(Server *s) {
1439 int r;
1440
1441 assert(s);
1442
1443 s->hostname_fd = open("/proc/sys/kernel/hostname", O_RDONLY|O_CLOEXEC|O_NDELAY|O_NOCTTY);
4a62c710
MS		 1444 if (s->hostname_fd < 0)
1445 return log_error_errno(errno, "Failed to open /proc/sys/kernel/hostname: %m");
0c24bb23 1446
151b9b96 1447 r = sd_event_add_io(s->event, &s->hostname_event_source, s->hostname_fd, 0, dispatch_hostname_change, s);
0c24bb23 1448 if (r < 0) {
28def94c
DR		 1449 /* kernels prior to 3.2 don't support polling this file. Ignore
1450 * the failure. */
1451 if (r == -EPERM) {
e53fc357 1452 log_warning_errno(r, "Failed to register hostname fd in event loop, ignoring: %m");
03e334a1 1453 s->hostname_fd = safe_close(s->hostname_fd);
28def94c
DR		 1454 return 0;
1455 }
1456
23bbb0de 1457 return log_error_errno(r, "Failed to register hostname fd in event loop: %m");
0c24bb23
LP		 1458 }
1459
1460 r = sd_event_source_set_priority(s->hostname_event_source, SD_EVENT_PRIORITY_IMPORTANT-10);
23bbb0de
MS		 1461 if (r < 0)
1462 return log_error_errno(r, "Failed to adjust priority of host name event source: %m");
0c24bb23
LP		 1463
1464 return 0;
1465}
1466
e22aa3d3
LP		 1467static int dispatch_notify_event(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
1468 Server *s = userdata;
1469 int r;
1470
1471 assert(s);
1472 assert(s->notify_event_source == es);
1473 assert(s->notify_fd == fd);
1474
1475 if (revents != EPOLLOUT) {
1476 log_error("Invalid events on notify file descriptor.");
1477 return -EINVAL;
1478 }
1479
1480 /* The $NOTIFY_SOCKET is writable again, now send exactly one
119e9655
LP		 1481 * message on it. Either it's the wtachdog event, the initial
1482 * READY=1 event or an stdout stream event. If there's nothing
1483 * to write anymore, turn our event source off. The next time
1484 * there's something to send it will be turned on again. */
e22aa3d3
LP		 1485
1486 if (!s->sent_notify_ready) {
1487 static const char p[] =
1488 "READY=1\n"
1489 "STATUS=Processing requests...";
1490 ssize_t l;
1491
1492 l = send(s->notify_fd, p, strlen(p), MSG_DONTWAIT);
1493 if (l < 0) {
1494 if (errno == EAGAIN)
1495 return 0;
1496
1497 return log_error_errno(errno, "Failed to send READY=1 notification message: %m");
1498 }
1499
1500 s->sent_notify_ready = true;
1501 log_debug("Sent READY=1 notification.");
1502
119e9655
LP		 1503 } else if (s->send_watchdog) {
1504
1505 static const char p[] =
1506 "WATCHDOG=1";
1507
1508 ssize_t l;
1509
1510 l = send(s->notify_fd, p, strlen(p), MSG_DONTWAIT);
1511 if (l < 0) {
1512 if (errno == EAGAIN)
1513 return 0;
1514
1515 return log_error_errno(errno, "Failed to send WATCHDOG=1 notification message: %m");
1516 }
1517
1518 s->send_watchdog = false;
1519 log_debug("Sent WATCHDOG=1 notification.");
1520
e22aa3d3
LP		 1521 } else if (s->stdout_streams_notify_queue)
1522 /* Dispatch one stream notification event */
1523 stdout_stream_send_notify(s->stdout_streams_notify_queue);
1524
1525 /* Leave us enabled if there's still more to to do. */
119e9655 1526 if (s->send_watchdog || s->stdout_streams_notify_queue)
e22aa3d3
LP		 1527 return 0;
1528
1529 /* There was nothing to do anymore, let's turn ourselves off. */
1530 r = sd_event_source_set_enabled(es, SD_EVENT_OFF);
1531 if (r < 0)
1532 return log_error_errno(r, "Failed to turn off notify event source: %m");
1533
1534 return 0;
1535}
1536
119e9655
LP		 1537static int dispatch_watchdog(sd_event_source *es, uint64_t usec, void *userdata) {
1538 Server *s = userdata;
1539 int r;
1540
1541 assert(s);
1542
1543 s->send_watchdog = true;
1544
1545 r = sd_event_source_set_enabled(s->notify_event_source, SD_EVENT_ON);
1546 if (r < 0)
1547 log_warning_errno(r, "Failed to turn on notify event source: %m");
1548
1549 r = sd_event_source_set_time(s->watchdog_event_source, usec + s->watchdog_usec / 2);
1550 if (r < 0)
1551 return log_error_errno(r, "Failed to restart watchdog event source: %m");
1552
1553 r = sd_event_source_set_enabled(s->watchdog_event_source, SD_EVENT_ON);
1554 if (r < 0)
1555 return log_error_errno(r, "Failed to enable watchdog event source: %m");
1556
1557 return 0;
1558}
1559
e22aa3d3
LP		 1560static int server_connect_notify(Server *s) {
1561 union sockaddr_union sa = {
1562 .un.sun_family = AF_UNIX,
1563 };
1564 const char *e;
1565 int r;
1566
1567 assert(s);
1568 assert(s->notify_fd < 0);
1569 assert(!s->notify_event_source);
1570
1571 /*
1572 So here's the problem: we'd like to send notification
1573 messages to PID 1, but we cannot do that via sd_notify(),
1574 since that's synchronous, and we might end up blocking on
1575 it. Specifically: given that PID 1 might block on
1576 dbus-daemon during IPC, and dbus-daemon is logging to us,
1577 and might hence block on us, we might end up in a deadlock
1578 if we block on sending PID 1 notification messages -- by
1579 generating a full blocking circle. To avoid this, let's
1580 create a non-blocking socket, and connect it to the
1581 notification socket, and then wait for POLLOUT before we
1582 send anything. This should efficiently avoid any deadlocks,
1583 as we'll never block on PID 1, hence PID 1 can safely block
1584 on dbus-daemon which can safely block on us again.
1585
1586 Don't think that this issue is real? It is, see:
1587 https://github.com/systemd/systemd/issues/1505
1588 */
1589
1590 e = getenv("NOTIFY_SOCKET");
1591 if (!e)
1592 return 0;
1593
1594 if ((e[0] != '@' && e[0] != '/') || e[1] == 0) {
1595 log_error("NOTIFY_SOCKET set to an invalid value: %s", e);
1596 return -EINVAL;
1597 }
1598
1599 if (strlen(e) > sizeof(sa.un.sun_path)) {
1600 log_error("NOTIFY_SOCKET path too long: %s", e);
1601 return -EINVAL;
1602 }
1603
1604 s->notify_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
1605 if (s->notify_fd < 0)
1606 return log_error_errno(errno, "Failed to create notify socket: %m");
1607
1608 (void) fd_inc_sndbuf(s->notify_fd, NOTIFY_SNDBUF_SIZE);
1609
1610 strncpy(sa.un.sun_path, e, sizeof(sa.un.sun_path));
1611 if (sa.un.sun_path[0] == '@')
1612 sa.un.sun_path[0] = 0;
1613
1614 r = connect(s->notify_fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(e));
1615 if (r < 0)
1616 return log_error_errno(errno, "Failed to connect to notify socket: %m");
1617
1618 r = sd_event_add_io(s->event, &s->notify_event_source, s->notify_fd, EPOLLOUT, dispatch_notify_event, s);
1619 if (r < 0)
1620 return log_error_errno(r, "Failed to watch notification socket: %m");
1621
119e9655
LP		 1622 if (sd_watchdog_enabled(false, &s->watchdog_usec) > 0) {
1623 s->send_watchdog = true;
1624
1625 r = sd_event_add_time(s->event, &s->watchdog_event_source, CLOCK_MONOTONIC, now(CLOCK_MONOTONIC) + s->watchdog_usec/2, s->watchdog_usec*3/4, dispatch_watchdog, s);
1626 if (r < 0)
1627 return log_error_errno(r, "Failed to add watchdog time event: %m");
1628 }
1629
e22aa3d3
LP		 1630 /* This should fire pretty soon, which we'll use to send the
1631 * READY=1 event. */
1632
1633 return 0;
1634}
1635
d025f1e4 1636int server_init(Server *s) {
13790add 1637 _cleanup_fdset_free_ FDSet *fds = NULL;
d025f1e4 1638 int n, r, fd;
7d18d348 1639 bool no_sockets;
d025f1e4
ZJS		 1640
1641 assert(s);
1642
1643 zero(*s);
e22aa3d3 1644 s->syslog_fd = s->native_fd = s->stdout_fd = s->dev_kmsg_fd = s->audit_fd = s->hostname_fd = s->notify_fd = -1;
d025f1e4
ZJS		 1645 s->compress = true;
1646 s->seal = true;
1647
119e9655
LP		 1648 s->watchdog_usec = USEC_INFINITY;
1649
26687bf8
OS		 1650 s->sync_interval_usec = DEFAULT_SYNC_INTERVAL_USEC;
1651 s->sync_scheduled = false;
1652
d025f1e4
ZJS		 1653 s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL;
1654 s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST;
1655
40b71e89 1656 s->forward_to_wall = true;
d025f1e4 1657
e150e820
MB		 1658 s->max_file_usec = DEFAULT_MAX_FILE_USEC;
1659
d025f1e4
ZJS		 1660 s->max_level_store = LOG_DEBUG;
1661 s->max_level_syslog = LOG_DEBUG;
1662 s->max_level_kmsg = LOG_NOTICE;
1663 s->max_level_console = LOG_INFO;
40b71e89 1664 s->max_level_wall = LOG_EMERG;
d025f1e4 1665
8580d1f7
LP		 1666 journal_reset_metrics(&s->system_metrics);
1667 journal_reset_metrics(&s->runtime_metrics);
d025f1e4
ZJS		 1668
1669 server_parse_config_file(s);
1670 server_parse_proc_cmdline(s);
8580d1f7 1671
d288f79f 1672 if (!!s->rate_limit_interval ^ !!s->rate_limit_burst) {
b1389b0d
ZJS		 1673 log_debug("Setting both rate limit interval and burst from "USEC_FMT",%u to 0,0",
1674 s->rate_limit_interval, s->rate_limit_burst);
d288f79f
ZJS		 1675 s->rate_limit_interval = s->rate_limit_burst = 0;
1676 }
d025f1e4 1677
8580d1f7 1678 (void) mkdir_p("/run/systemd/journal", 0755);
d025f1e4 1679
43cf8388 1680 s->user_journals = ordered_hashmap_new(NULL);
d025f1e4
ZJS		 1681 if (!s->user_journals)
1682 return log_oom();
1683
1684 s->mmap = mmap_cache_new();
1685 if (!s->mmap)
1686 return log_oom();
1687
f9a810be 1688 r = sd_event_default(&s->event);
23bbb0de
MS		 1689 if (r < 0)
1690 return log_error_errno(r, "Failed to create event loop: %m");
d025f1e4
ZJS		 1691
1692 n = sd_listen_fds(true);
23bbb0de
MS		 1693 if (n < 0)
1694 return log_error_errno(n, "Failed to read listening file descriptors from environment: %m");
d025f1e4
ZJS		 1695
1696 for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
1697
1698 if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/socket", 0) > 0) {
1699
1700 if (s->native_fd >= 0) {
1701 log_error("Too many native sockets passed.");
1702 return -EINVAL;
1703 }
1704
1705 s->native_fd = fd;
1706
1707 } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, "/run/systemd/journal/stdout", 0) > 0) {
1708
1709 if (s->stdout_fd >= 0) {
1710 log_error("Too many stdout sockets passed.");
1711 return -EINVAL;
1712 }
1713
1714 s->stdout_fd = fd;
1715
03ee5c38
LP		 1716 } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0 ||
1717 sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/dev-log", 0) > 0) {
d025f1e4
ZJS		 1718
1719 if (s->syslog_fd >= 0) {
1720 log_error("Too many /dev/log sockets passed.");
1721 return -EINVAL;
1722 }
1723
1724 s->syslog_fd = fd;
1725
875c2e22
LP		 1726 } else if (sd_is_socket(fd, AF_NETLINK, SOCK_RAW, -1) > 0) {
1727
1728 if (s->audit_fd >= 0) {
1729 log_error("Too many audit sockets passed.");
1730 return -EINVAL;
1731 }
1732
1733 s->audit_fd = fd;
1734
4ec3cd73 1735 } else {
4ec3cd73 1736
13790add
LP		 1737 if (!fds) {
1738 fds = fdset_new();
1739 if (!fds)
1740 return log_oom();
1741 }
4ec3cd73 1742
13790add
LP		 1743 r = fdset_put(fds, fd);
1744 if (r < 0)
1745 return log_oom();
4ec3cd73 1746 }
d025f1e4
ZJS		 1747 }
1748
15d91bff
ZJS		 1749 /* Try to restore streams, but don't bother if this fails */
1750 (void) server_restore_streams(s, fds);
d025f1e4 1751
13790add
LP		 1752 if (fdset_size(fds) > 0) {
1753 log_warning("%u unknown file descriptors passed, closing.", fdset_size(fds));
1754 fds = fdset_free(fds);
1755 }
1756
7d18d348
ZJS		 1757 no_sockets = s->native_fd < 0 && s->stdout_fd < 0 && s->syslog_fd < 0 && s->audit_fd < 0;
1758
1759 /* always open stdout, syslog, native, and kmsg sockets */
37b7affe
ZJS		 1760
1761 /* systemd-journald.socket: /run/systemd/journal/stdout */
15d91bff
ZJS		 1762 r = server_open_stdout_socket(s);
1763 if (r < 0)
1764 return r;
1765
37b7affe 1766 /* systemd-journald-dev-log.socket: /run/systemd/journal/dev-log */
13790add 1767 r = server_open_syslog_socket(s);
d025f1e4
ZJS		 1768 if (r < 0)
1769 return r;
1770
37b7affe 1771 /* systemd-journald.socket: /run/systemd/journal/socket */
13790add 1772 r = server_open_native_socket(s);
d025f1e4
ZJS		 1773 if (r < 0)
1774 return r;
1775
37b7affe 1776 /* /dev/ksmg */
d025f1e4
ZJS		 1777 r = server_open_dev_kmsg(s);
1778 if (r < 0)
1779 return r;
1780
7d18d348
ZJS		 1781 /* Unless we got *some* sockets and not audit, open audit socket */
1782 if (s->audit_fd >= 0 || no_sockets) {
1783 r = server_open_audit(s);
1784 if (r < 0)
1785 return r;
1786 }
875c2e22 1787
d025f1e4
ZJS		 1788 r = server_open_kernel_seqnum(s);
1789 if (r < 0)
1790 return r;
1791
0c24bb23
LP		 1792 r = server_open_hostname(s);
1793 if (r < 0)
1794 return r;
1795
f9a810be 1796 r = setup_signals(s);
d025f1e4
ZJS		 1797 if (r < 0)
1798 return r;
1799
1800 s->udev = udev_new();
1801 if (!s->udev)
1802 return -ENOMEM;
1803
f9a810be 1804 s->rate_limit = journal_rate_limit_new(s->rate_limit_interval, s->rate_limit_burst);
d025f1e4
ZJS		 1805 if (!s->rate_limit)
1806 return -ENOMEM;
1807
e9174f29
LP		 1808 r = cg_get_root_path(&s->cgroup_root);
1809 if (r < 0)
1810 return r;
1811
0c24bb23
LP		 1812 server_cache_hostname(s);
1813 server_cache_boot_id(s);
1814 server_cache_machine_id(s);
1815
e22aa3d3
LP		 1816 (void) server_connect_notify(s);
1817
804ae586 1818 return system_journal_open(s, false);
d025f1e4
ZJS		 1819}
1820
1821void server_maybe_append_tags(Server *s) {
1822#ifdef HAVE_GCRYPT
1823 JournalFile *f;
1824 Iterator i;
1825 usec_t n;
1826
1827 n = now(CLOCK_REALTIME);
1828
1829 if (s->system_journal)
1830 journal_file_maybe_append_tag(s->system_journal, n);
1831
43cf8388 1832 ORDERED_HASHMAP_FOREACH(f, s->user_journals, i)
d025f1e4
ZJS		 1833 journal_file_maybe_append_tag(f, n);
1834#endif
1835}
1836
1837void server_done(Server *s) {
1838 JournalFile *f;
1839 assert(s);
1840
1841 while (s->stdout_streams)
1842 stdout_stream_free(s->stdout_streams);
1843
1844 if (s->system_journal)
1845 journal_file_close(s->system_journal);
1846
1847 if (s->runtime_journal)
1848 journal_file_close(s->runtime_journal);
1849
43cf8388 1850 while ((f = ordered_hashmap_steal_first(s->user_journals)))
d025f1e4
ZJS		 1851 journal_file_close(f);
1852
43cf8388 1853 ordered_hashmap_free(s->user_journals);
d025f1e4 1854
f9a810be
LP		 1855 sd_event_source_unref(s->syslog_event_source);
1856 sd_event_source_unref(s->native_event_source);
1857 sd_event_source_unref(s->stdout_event_source);
1858 sd_event_source_unref(s->dev_kmsg_event_source);
875c2e22 1859 sd_event_source_unref(s->audit_event_source);
f9a810be
LP		 1860 sd_event_source_unref(s->sync_event_source);
1861 sd_event_source_unref(s->sigusr1_event_source);
1862 sd_event_source_unref(s->sigusr2_event_source);
1863 sd_event_source_unref(s->sigterm_event_source);
1864 sd_event_source_unref(s->sigint_event_source);
0c24bb23 1865 sd_event_source_unref(s->hostname_event_source);
e22aa3d3 1866 sd_event_source_unref(s->notify_event_source);
119e9655 1867 sd_event_source_unref(s->watchdog_event_source);
f9a810be 1868 sd_event_unref(s->event);
d025f1e4 1869
03e334a1
LP		 1870 safe_close(s->syslog_fd);
1871 safe_close(s->native_fd);
1872 safe_close(s->stdout_fd);
1873 safe_close(s->dev_kmsg_fd);
875c2e22 1874 safe_close(s->audit_fd);
03e334a1 1875 safe_close(s->hostname_fd);
e22aa3d3 1876 safe_close(s->notify_fd);
0c24bb23 1877
d025f1e4
ZJS		 1878 if (s->rate_limit)
1879 journal_rate_limit_free(s->rate_limit);
1880
1881 if (s->kernel_seqnum)
1882 munmap(s->kernel_seqnum, sizeof(uint64_t));
1883
1884 free(s->buffer);
1885 free(s->tty_path);
e9174f29 1886 free(s->cgroup_root);
99d0966e 1887 free(s->hostname_field);
d025f1e4
ZJS		 1888
1889 if (s->mmap)
1890 mmap_cache_unref(s->mmap);
1891
3e044c49 1892 udev_unref(s->udev);
d025f1e4 1893}
8580d1f7
LP		 1894
1895static const char* const storage_table[_STORAGE_MAX] = {
1896 [STORAGE_AUTO] = "auto",
1897 [STORAGE_VOLATILE] = "volatile",
1898 [STORAGE_PERSISTENT] = "persistent",
1899 [STORAGE_NONE] = "none"
1900};
1901
1902DEFINE_STRING_TABLE_LOOKUP(storage, Storage);
1903DEFINE_CONFIG_PARSE_ENUM(config_parse_storage, storage, Storage, "Failed to parse storage setting");
1904
1905static const char* const split_mode_table[_SPLIT_MAX] = {
1906 [SPLIT_LOGIN] = "login",
1907 [SPLIT_UID] = "uid",
1908 [SPLIT_NONE] = "none",
1909};
1910
1911DEFINE_STRING_TABLE_LOOKUP(split_mode, SplitMode);
1912DEFINE_CONFIG_PARSE_ENUM(config_parse_split_mode, split_mode, SplitMode, "Failed to parse split mode setting");
Unnamed repository; edit this file 'description' to name the repository.