1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
4 #include <selinux/selinux.h>
8 #include <sys/signalfd.h>
9 #include <sys/statvfs.h>
10 #include <linux/sockios.h>
12 #include "sd-daemon.h"
13 #include "sd-journal.h"
14 #include "sd-messages.h"
17 #include "alloc-util.h"
18 #include "audit-util.h"
19 #include "cgroup-util.h"
20 #include "conf-parser.h"
21 #include "dirent-util.h"
22 #include "extract-word.h"
25 #include "format-util.h"
28 #include "hostname-util.h"
29 #include "id128-util.h"
30 #include "initrd-util.h"
32 #include "journal-authenticate.h"
33 #include "journal-internal.h"
34 #include "journal-vacuum.h"
35 #include "journald-audit.h"
36 #include "journald-context.h"
37 #include "journald-kmsg.h"
38 #include "journald-native.h"
39 #include "journald-rate-limit.h"
40 #include "journald-server.h"
41 #include "journald-stream.h"
42 #include "journald-syslog.h"
44 #include "missing_audit.h"
46 #include "parse-util.h"
47 #include "path-util.h"
48 #include "proc-cmdline.h"
49 #include "process-util.h"
51 #include "selinux-util.h"
52 #include "signal-util.h"
53 #include "socket-util.h"
54 #include "stdio-util.h"
55 #include "string-table.h"
56 #include "string-util.h"
57 #include "syslog-util.h"
58 #include "uid-alloc-range.h"
59 #include "user-util.h"
61 #define USER_JOURNALS_MAX 1024
63 #define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
64 #define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC)
65 #define DEFAULT_RATE_LIMIT_BURST 10000
66 #define DEFAULT_MAX_FILE_USEC USEC_PER_MONTH
68 #define DEFAULT_KMSG_OWN_INTERVAL (5 * USEC_PER_SEC)
69 #define DEFAULT_KMSG_OWN_BURST 50
71 #define RECHECK_SPACE_USEC (30*USEC_PER_SEC)
73 #define NOTIFY_SNDBUF_SIZE (8*1024*1024)
75 /* The period to insert between posting changes for coalescing */
76 #define POST_CHANGE_TIMER_INTERVAL_USEC (250*USEC_PER_MSEC)
78 /* Pick a good default that is likely to fit into AF_UNIX and AF_INET SOCK_DGRAM datagrams, and even leaves some room
79 * for a bit of additional metadata. */
80 #define DEFAULT_LINE_MAX (48*1024)
82 #define DEFERRED_CLOSES_MAX (4096)
84 #define IDLE_TIMEOUT_USEC (30*USEC_PER_SEC)
86 #define FAILED_TO_WRITE_ENTRY_RATELIMIT ((RateLimit) { .interval = 1 * USEC_PER_SEC, .burst = 1 })
88 static int determine_path_usage(
94 _cleanup_closedir_
DIR *d
= NULL
;
104 return log_ratelimit_full_errno(errno
== ENOENT
? LOG_DEBUG
: LOG_ERR
,
105 errno
, JOURNALD_LOG_RATELIMIT
, "Failed to open %s: %m", path
);
107 if (fstatvfs(dirfd(d
), &ss
) < 0)
108 return log_ratelimit_error_errno(errno
, JOURNALD_LOG_RATELIMIT
,
109 "Failed to fstatvfs(%s): %m", path
);
111 *ret_free
= ss
.f_bsize
* ss
.f_bavail
;
113 FOREACH_DIRENT_ALL(de
, d
, break) {
116 if (!endswith(de
->d_name
, ".journal") &&
117 !endswith(de
->d_name
, ".journal~"))
120 if (fstatat(dirfd(d
), de
->d_name
, &st
, AT_SYMLINK_NOFOLLOW
) < 0) {
121 log_debug_errno(errno
, "Failed to stat %s/%s, ignoring: %m", path
, de
->d_name
);
125 if (!S_ISREG(st
.st_mode
))
128 *ret_used
+= (uint64_t) st
.st_blocks
* 512UL;
134 static void cache_space_invalidate(JournalStorageSpace
*space
) {
138 static int cache_space_refresh(Server
*s
, JournalStorage
*storage
) {
139 JournalStorageSpace
*space
;
140 JournalMetrics
*metrics
;
141 uint64_t vfs_used
, vfs_avail
, avail
;
147 metrics
= &storage
->metrics
;
148 space
= &storage
->space
;
150 ts
= now(CLOCK_MONOTONIC
);
152 if (space
->timestamp
!= 0 && usec_add(space
->timestamp
, RECHECK_SPACE_USEC
) > ts
)
155 r
= determine_path_usage(s
, storage
->path
, &vfs_used
, &vfs_avail
);
159 space
->vfs_used
= vfs_used
;
160 space
->vfs_available
= vfs_avail
;
162 avail
= LESS_BY(vfs_avail
, metrics
->keep_free
);
164 space
->limit
= CLAMP(vfs_used
+ avail
, metrics
->min_use
, metrics
->max_use
);
165 space
->available
= LESS_BY(space
->limit
, vfs_used
);
166 space
->timestamp
= ts
;
170 static void patch_min_use(JournalStorage
*storage
) {
173 /* Let's bump the min_use limit to the current usage on disk. We do
174 * this when starting up and first opening the journal files. This way
175 * sudden spikes in disk usage will not cause journald to vacuum files
176 * without bounds. Note that this means that only a restart of journald
177 * will make it reset this value. */
179 storage
->metrics
.min_use
= MAX(storage
->metrics
.min_use
, storage
->space
.vfs_used
);
182 static JournalStorage
* server_current_storage(Server
*s
) {
185 return s
->system_journal
? &s
->system_storage
: &s
->runtime_storage
;
188 static int determine_space(Server
*s
, uint64_t *available
, uint64_t *limit
) {
194 js
= server_current_storage(s
);
196 r
= cache_space_refresh(s
, js
);
199 *available
= js
->space
.available
;
201 *limit
= js
->space
.limit
;
206 void server_space_usage_message(Server
*s
, JournalStorage
*storage
) {
210 storage
= server_current_storage(s
);
212 if (cache_space_refresh(s
, storage
) < 0)
215 const JournalMetrics
*metrics
= &storage
->metrics
;
217 server_driver_message(s
, 0,
218 "MESSAGE_ID=" SD_MESSAGE_JOURNAL_USAGE_STR
,
219 LOG_MESSAGE("%s (%s) is %s, max %s, %s free.",
220 storage
->name
, storage
->path
,
221 FORMAT_BYTES(storage
->space
.vfs_used
),
222 FORMAT_BYTES(storage
->space
.limit
),
223 FORMAT_BYTES(storage
->space
.available
)),
224 "JOURNAL_NAME=%s", storage
->name
,
225 "JOURNAL_PATH=%s", storage
->path
,
226 "CURRENT_USE=%"PRIu64
, storage
->space
.vfs_used
,
227 "CURRENT_USE_PRETTY=%s", FORMAT_BYTES(storage
->space
.vfs_used
),
228 "MAX_USE=%"PRIu64
, metrics
->max_use
,
229 "MAX_USE_PRETTY=%s", FORMAT_BYTES(metrics
->max_use
),
230 "DISK_KEEP_FREE=%"PRIu64
, metrics
->keep_free
,
231 "DISK_KEEP_FREE_PRETTY=%s", FORMAT_BYTES(metrics
->keep_free
),
232 "DISK_AVAILABLE=%"PRIu64
, storage
->space
.vfs_available
,
233 "DISK_AVAILABLE_PRETTY=%s", FORMAT_BYTES(storage
->space
.vfs_available
),
234 "LIMIT=%"PRIu64
, storage
->space
.limit
,
235 "LIMIT_PRETTY=%s", FORMAT_BYTES(storage
->space
.limit
),
236 "AVAILABLE=%"PRIu64
, storage
->space
.available
,
237 "AVAILABLE_PRETTY=%s", FORMAT_BYTES(storage
->space
.available
),
241 static bool uid_for_system_journal(uid_t uid
) {
243 /* Returns true if the specified UID shall get its data stored in the system journal. */
245 return uid_is_system(uid
) || uid_is_dynamic(uid
) || uid
== UID_NOBODY
;
248 static void server_add_acls(ManagedJournalFile
*f
, uid_t uid
) {
254 if (uid_for_system_journal(uid
))
257 r
= fd_add_uid_acl_permission(f
->file
->fd
, uid
, ACL_READ
);
259 log_ratelimit_warning_errno(r
, JOURNALD_LOG_RATELIMIT
,
260 "Failed to set ACL on %s, ignoring: %m", f
->file
->path
);
264 static int open_journal(
270 JournalMetrics
*metrics
,
271 ManagedJournalFile
**ret
) {
273 _cleanup_(managed_journal_file_closep
) ManagedJournalFile
*f
= NULL
;
274 JournalFileFlags file_flags
;
281 file_flags
= (s
->compress
.enabled
? JOURNAL_COMPRESS
: 0) | (seal
? JOURNAL_SEAL
: 0);
284 r
= managed_journal_file_open_reliably(
289 s
->compress
.threshold_bytes
,
296 r
= managed_journal_file_open(
302 s
->compress
.threshold_bytes
,
312 r
= journal_file_enable_post_change_timer(f
->file
, s
->event
, POST_CHANGE_TIMER_INTERVAL_USEC
);
320 static bool flushed_flag_is_set(Server
*s
) {
325 /* We don't support the "flushing" concept for namespace instances, we assume them to always have
330 fn
= strjoina(s
->runtime_directory
, "/flushed");
331 return access(fn
, F_OK
) >= 0;
334 static int system_journal_open(Server
*s
, bool flush_requested
, bool relinquish_requested
) {
338 if (!s
->system_journal
&&
339 IN_SET(s
->storage
, STORAGE_PERSISTENT
, STORAGE_AUTO
) &&
340 (flush_requested
|| flushed_flag_is_set(s
)) &&
341 !relinquish_requested
) {
343 /* If in auto mode: first try to create the machine path, but not the prefix.
345 * If in persistent mode: create /var/log/journal and the machine path */
347 if (s
->storage
== STORAGE_PERSISTENT
)
348 (void) mkdir_parents(s
->system_storage
.path
, 0755);
350 (void) mkdir(s
->system_storage
.path
, 0755);
352 fn
= strjoina(s
->system_storage
.path
, "/system.journal");
353 r
= open_journal(s
, true, fn
, O_RDWR
|O_CREAT
, s
->seal
, &s
->system_storage
.metrics
, &s
->system_journal
);
355 server_add_acls(s
->system_journal
, 0);
356 (void) cache_space_refresh(s
, &s
->system_storage
);
357 patch_min_use(&s
->system_storage
);
359 if (!IN_SET(r
, -ENOENT
, -EROFS
))
360 log_ratelimit_warning_errno(r
, JOURNALD_LOG_RATELIMIT
,
361 "Failed to open system journal: %m");
366 /* If the runtime journal is open, and we're post-flush, we're recovering from a failed
367 * system journal rotate (ENOSPC) for which the runtime journal was reopened.
369 * Perform an implicit flush to var, leaving the runtime journal closed, now that the system
372 if (!flush_requested
)
373 (void) server_flush_to_var(s
, true);
376 if (!s
->runtime_journal
&&
377 (s
->storage
!= STORAGE_NONE
)) {
379 fn
= strjoina(s
->runtime_storage
.path
, "/system.journal");
381 if (s
->system_journal
&& !relinquish_requested
) {
383 /* Try to open the runtime journal, but only
384 * if it already exists, so that we can flush
385 * it into the system journal */
387 r
= open_journal(s
, false, fn
, O_RDWR
, false, &s
->runtime_storage
.metrics
, &s
->runtime_journal
);
390 log_ratelimit_warning_errno(r
, JOURNALD_LOG_RATELIMIT
,
391 "Failed to open runtime journal: %m");
398 /* OK, we really need the runtime journal, so create it if necessary. */
400 (void) mkdir_parents(s
->runtime_storage
.path
, 0755);
401 (void) mkdir(s
->runtime_storage
.path
, 0750);
403 r
= open_journal(s
, true, fn
, O_RDWR
|O_CREAT
, false, &s
->runtime_storage
.metrics
, &s
->runtime_journal
);
405 return log_ratelimit_warning_errno(r
, JOURNALD_LOG_RATELIMIT
,
406 "Failed to open runtime journal: %m");
409 if (s
->runtime_journal
) {
410 server_add_acls(s
->runtime_journal
, 0);
411 (void) cache_space_refresh(s
, &s
->runtime_storage
);
412 patch_min_use(&s
->runtime_storage
);
419 static ManagedJournalFile
* find_journal(Server
*s
, uid_t uid
) {
420 _cleanup_free_
char *p
= NULL
;
421 ManagedJournalFile
*f
;
426 /* A rotate that fails to create the new journal (ENOSPC) leaves the rotated journal as NULL. Unless
427 * we revisit opening, even after space is made available we'll continue to return NULL indefinitely.
429 * system_journal_open() is a noop if the journals are already open, so we can just call it here to
430 * recover from failed rotates (or anything else that's left the journals as NULL).
432 * Fixes https://github.com/systemd/systemd/issues/3968 */
433 (void) system_journal_open(s
, false, false);
435 /* We split up user logs only on /var, not on /run. If the runtime file is open, we write to it
436 * exclusively, in order to guarantee proper order as soon as we flush /run to /var and close the
439 if (s
->runtime_journal
)
440 return s
->runtime_journal
;
442 /* If we are not in persistent mode, then we need return NULL immediately rather than opening a
443 * persistent journal of any sort.
445 * Fixes https://github.com/systemd/systemd/issues/20390 */
446 if (!IN_SET(s
->storage
, STORAGE_AUTO
, STORAGE_PERSISTENT
))
449 if (uid_for_system_journal(uid
))
450 return s
->system_journal
;
452 f
= ordered_hashmap_get(s
->user_journals
, UID_TO_PTR(uid
));
456 if (asprintf(&p
, "%s/user-" UID_FMT
".journal", s
->system_storage
.path
, uid
) < 0) {
458 return s
->system_journal
;
461 /* Too many open? Then let's close one (or more) */
462 while (ordered_hashmap_size(s
->user_journals
) >= USER_JOURNALS_MAX
) {
463 assert_se(f
= ordered_hashmap_steal_first(s
->user_journals
));
464 (void) managed_journal_file_close(f
);
467 r
= open_journal(s
, true, p
, O_RDWR
|O_CREAT
, s
->seal
, &s
->system_storage
.metrics
, &f
);
469 return s
->system_journal
;
471 r
= ordered_hashmap_put(s
->user_journals
, UID_TO_PTR(uid
), f
);
473 (void) managed_journal_file_close(f
);
474 return s
->system_journal
;
477 server_add_acls(f
, uid
);
481 static int do_rotate(
483 ManagedJournalFile
**f
,
488 JournalFileFlags file_flags
;
497 (s
->compress
.enabled
? JOURNAL_COMPRESS
: 0)|
498 (seal
? JOURNAL_SEAL
: 0);
500 r
= managed_journal_file_rotate(f
, s
->mmap
, file_flags
, s
->compress
.threshold_bytes
, s
->deferred_closes
);
503 return log_ratelimit_error_errno(r
, JOURNALD_LOG_RATELIMIT
,
504 "Failed to rotate %s: %m", (*f
)->file
->path
);
506 return log_ratelimit_error_errno(r
, JOURNALD_LOG_RATELIMIT
,
507 "Failed to create new %s journal: %m", name
);
510 server_add_acls(*f
, uid
);
514 static void server_process_deferred_closes(Server
*s
) {
515 ManagedJournalFile
*f
;
517 /* Perform any deferred closes which aren't still offlining. */
518 SET_FOREACH(f
, s
->deferred_closes
) {
519 if (managed_journal_file_is_offlining(f
))
522 (void) set_remove(s
->deferred_closes
, f
);
523 (void) managed_journal_file_close(f
);
527 static void server_vacuum_deferred_closes(Server
*s
) {
530 /* Make some room in the deferred closes list, so that it doesn't grow without bounds */
531 if (set_size(s
->deferred_closes
) < DEFERRED_CLOSES_MAX
)
534 /* Let's first remove all journal files that might already have completed closing */
535 server_process_deferred_closes(s
);
537 /* And now, let's close some more until we reach the limit again. */
538 while (set_size(s
->deferred_closes
) >= DEFERRED_CLOSES_MAX
) {
539 ManagedJournalFile
*f
;
541 assert_se(f
= set_steal_first(s
->deferred_closes
));
542 managed_journal_file_close(f
);
546 static int vacuum_offline_user_journals(Server
*s
) {
547 _cleanup_closedir_
DIR *d
= NULL
;
552 d
= opendir(s
->system_storage
.path
);
557 return log_ratelimit_error_errno(errno
, JOURNALD_LOG_RATELIMIT
,
558 "Failed to open %s: %m", s
->system_storage
.path
);
562 _cleanup_free_
char *u
= NULL
, *full
= NULL
;
563 _cleanup_close_
int fd
= -1;
566 ManagedJournalFile
*f
;
570 de
= readdir_no_dot(d
);
573 log_ratelimit_warning_errno(errno
, JOURNALD_LOG_RATELIMIT
,
574 "Failed to enumerate %s, ignoring: %m",
575 s
->system_storage
.path
);
580 a
= startswith(de
->d_name
, "user-");
583 b
= endswith(de
->d_name
, ".journal");
591 r
= parse_uid(u
, &uid
);
593 log_debug_errno(r
, "Failed to parse UID from file name '%s', ignoring: %m", de
->d_name
);
597 /* Already rotated in the above loop? i.e. is it an open user journal? */
598 if (ordered_hashmap_contains(s
->user_journals
, UID_TO_PTR(uid
)))
601 full
= path_join(s
->system_storage
.path
, de
->d_name
);
605 fd
= openat(dirfd(d
), de
->d_name
, O_RDWR
|O_CLOEXEC
|O_NOCTTY
|O_NOFOLLOW
|O_NONBLOCK
);
607 log_ratelimit_full_errno(IN_SET(errno
, ELOOP
, ENOENT
) ? LOG_DEBUG
: LOG_WARNING
,
608 errno
, JOURNALD_LOG_RATELIMIT
,
609 "Failed to open journal file '%s' for rotation: %m", full
);
613 /* Make some room in the set of deferred close()s */
614 server_vacuum_deferred_closes(s
);
616 /* Open the file briefly, so that we can archive it */
617 r
= managed_journal_file_open(
621 (s
->compress
.enabled
? JOURNAL_COMPRESS
: 0) |
622 (s
->seal
? JOURNAL_SEAL
: 0),
624 s
->compress
.threshold_bytes
,
625 &s
->system_storage
.metrics
,
631 log_ratelimit_warning_errno(r
, JOURNALD_LOG_RATELIMIT
,
632 "Failed to read journal file %s for rotation, trying to move it out of the way: %m",
635 r
= journal_file_dispose(dirfd(d
), de
->d_name
);
637 log_ratelimit_warning_errno(r
, JOURNALD_LOG_RATELIMIT
,
638 "Failed to move %s out of the way, ignoring: %m",
641 log_debug("Successfully moved %s out of the way.", full
);
646 TAKE_FD(fd
); /* Donated to managed_journal_file_open() */
648 r
= journal_file_archive(f
->file
, NULL
);
650 log_debug_errno(r
, "Failed to archive journal file '%s', ignoring: %m", full
);
652 managed_journal_file_initiate_close(f
, s
->deferred_closes
);
659 void server_rotate(Server
*s
) {
660 ManagedJournalFile
*f
;
664 log_debug("Rotating...");
666 /* First, rotate the system journal (either in its runtime flavour or in its runtime flavour) */
667 (void) do_rotate(s
, &s
->runtime_journal
, "runtime", false, 0);
668 (void) do_rotate(s
, &s
->system_journal
, "system", s
->seal
, 0);
670 /* Then, rotate all user journals we have open (keeping them open) */
671 ORDERED_HASHMAP_FOREACH_KEY(f
, k
, s
->user_journals
) {
672 r
= do_rotate(s
, &f
, "user", s
->seal
, PTR_TO_UID(k
));
674 ordered_hashmap_replace(s
->user_journals
, k
, f
);
676 /* Old file has been closed and deallocated */
677 ordered_hashmap_remove(s
->user_journals
, k
);
680 /* Finally, also rotate all user journals we currently do not have open. (But do so only if we
681 * actually have access to /var, i.e. are not in the log-to-runtime-journal mode). */
682 if (!s
->runtime_journal
)
683 (void) vacuum_offline_user_journals(s
);
685 server_process_deferred_closes(s
);
688 void server_sync(Server
*s
) {
689 ManagedJournalFile
*f
;
692 if (s
->system_journal
) {
693 r
= managed_journal_file_set_offline(s
->system_journal
, false);
695 log_ratelimit_warning_errno(r
, JOURNALD_LOG_RATELIMIT
,
696 "Failed to sync system journal, ignoring: %m");
699 ORDERED_HASHMAP_FOREACH(f
, s
->user_journals
) {
700 r
= managed_journal_file_set_offline(f
, false);
702 log_ratelimit_warning_errno(r
, JOURNALD_LOG_RATELIMIT
,
703 "Failed to sync user journal, ignoring: %m");
706 if (s
->sync_event_source
) {
707 r
= sd_event_source_set_enabled(s
->sync_event_source
, SD_EVENT_OFF
);
709 log_ratelimit_error_errno(r
, JOURNALD_LOG_RATELIMIT
,
710 "Failed to disable sync timer source: %m");
713 s
->sync_scheduled
= false;
716 static void do_vacuum(Server
*s
, JournalStorage
*storage
, bool verbose
) {
723 (void) cache_space_refresh(s
, storage
);
726 server_space_usage_message(s
, storage
);
728 r
= journal_directory_vacuum(storage
->path
, storage
->space
.limit
,
729 storage
->metrics
.n_max_files
, s
->max_retention_usec
,
730 &s
->oldest_file_usec
, verbose
);
731 if (r
< 0 && r
!= -ENOENT
)
732 log_ratelimit_warning_errno(r
, JOURNALD_LOG_RATELIMIT
,
733 "Failed to vacuum %s, ignoring: %m", storage
->path
);
735 cache_space_invalidate(&storage
->space
);
738 void server_vacuum(Server
*s
, bool verbose
) {
741 log_debug("Vacuuming...");
743 s
->oldest_file_usec
= 0;
745 if (s
->system_journal
)
746 do_vacuum(s
, &s
->system_storage
, verbose
);
747 if (s
->runtime_journal
)
748 do_vacuum(s
, &s
->runtime_storage
, verbose
);
751 static void server_cache_machine_id(Server
*s
) {
757 r
= sd_id128_get_machine(&id
);
761 sd_id128_to_string(id
, stpcpy(s
->machine_id_field
, "_MACHINE_ID="));
764 static void server_cache_boot_id(Server
*s
) {
770 r
= sd_id128_get_boot(&id
);
774 sd_id128_to_string(id
, stpcpy(s
->boot_id_field
, "_BOOT_ID="));
777 static void server_cache_hostname(Server
*s
) {
778 _cleanup_free_
char *t
= NULL
;
783 t
= gethostname_malloc();
787 x
= strjoin("_HOSTNAME=", t
);
791 free_and_replace(s
->hostname_field
, x
);
794 static bool shall_try_append_again(JournalFile
*f
, int r
) {
797 case -E2BIG
: /* Hit configured limit */
798 case -EFBIG
: /* Hit fs limit */
799 case -EDQUOT
: /* Quota limit hit */
800 case -ENOSPC
: /* Disk full */
801 log_debug("%s: Allocation limit reached, rotating.", f
->path
);
804 case -EIO
: /* I/O error of some kind (mmap) */
805 log_ratelimit_warning(JOURNALD_LOG_RATELIMIT
, "%s: IO error, rotating.", f
->path
);
808 case -EHOSTDOWN
: /* Other machine */
809 log_ratelimit_info(JOURNALD_LOG_RATELIMIT
, "%s: Journal file from other machine, rotating.", f
->path
);
812 case -EBUSY
: /* Unclean shutdown */
813 log_ratelimit_info(JOURNALD_LOG_RATELIMIT
, "%s: Unclean shutdown, rotating.", f
->path
);
816 case -EPROTONOSUPPORT
: /* Unsupported feature */
817 log_ratelimit_info(JOURNALD_LOG_RATELIMIT
, "%s: Unsupported feature, rotating.", f
->path
);
820 case -EBADMSG
: /* Corrupted */
821 case -ENODATA
: /* Truncated */
822 case -ESHUTDOWN
: /* Already archived */
823 log_ratelimit_warning(JOURNALD_LOG_RATELIMIT
, "%s: Journal file corrupted, rotating.", f
->path
);
826 case -EIDRM
: /* Journal file has been deleted */
827 log_ratelimit_warning(JOURNALD_LOG_RATELIMIT
, "%s: Journal file has been deleted, rotating.", f
->path
);
830 case -ETXTBSY
: /* Journal file is from the future */
831 log_ratelimit_warning(JOURNALD_LOG_RATELIMIT
, "%s: Journal file is from the future, rotating.", f
->path
);
835 log_ratelimit_warning(JOURNALD_LOG_RATELIMIT
,
836 "%s: underlying file system does not support memory mapping or another required file system feature.",
845 static void write_to_journal(Server
*s
, uid_t uid
, struct iovec
*iovec
, size_t n
, int priority
) {
846 bool vacuumed
= false, rotate
= false;
847 struct dual_timestamp ts
;
848 ManagedJournalFile
*f
;
855 /* Get the closest, linearized time we have for this log event from the event loop. (Note that we do not use
856 * the source time, and not even the time the event was originally seen, but instead simply the time we started
857 * processing it, as we want strictly linear ordering in what we write out.) */
858 assert_se(sd_event_now(s
->event
, CLOCK_REALTIME
, &ts
.realtime
) >= 0);
859 assert_se(sd_event_now(s
->event
, CLOCK_MONOTONIC
, &ts
.monotonic
) >= 0);
861 if (ts
.realtime
< s
->last_realtime_clock
) {
862 /* When the time jumps backwards, let's immediately rotate. Of course, this should not happen during
863 * regular operation. However, when it does happen, then we should make sure that we start fresh files
864 * to ensure that the entries in the journal files are strictly ordered by time, in order to ensure
865 * bisection works correctly. */
867 log_ratelimit_info(JOURNALD_LOG_RATELIMIT
, "Time jumped backwards, rotating.");
871 f
= find_journal(s
, uid
);
875 if (journal_file_rotate_suggested(f
->file
, s
->max_file_usec
, LOG_INFO
)) {
876 log_ratelimit_info(JOURNALD_LOG_RATELIMIT
,
877 "%s: Journal header limits reached or header out-of-date, rotating.",
885 server_vacuum(s
, false);
888 f
= find_journal(s
, uid
);
893 s
->last_realtime_clock
= ts
.realtime
;
895 r
= journal_file_append_entry(f
->file
, &ts
, NULL
, iovec
, n
, &s
->seqnum
, NULL
, NULL
);
897 server_schedule_sync(s
, priority
);
901 if (vacuumed
|| !shall_try_append_again(f
->file
, r
)) {
902 log_ratelimit_error_errno(r
, FAILED_TO_WRITE_ENTRY_RATELIMIT
,
903 "Failed to write entry (%zu items, %zu bytes), ignoring: %m",
904 n
, IOVEC_TOTAL_SIZE(iovec
, n
));
909 log_debug("Journal file %s is full, rotating to a new file", f
->file
->path
);
911 log_ratelimit_info_errno(r
, FAILED_TO_WRITE_ENTRY_RATELIMIT
,
912 "Failed to write entry to %s (%zu items, %zu bytes), rotating before retrying: %m",
913 f
->file
->path
, n
, IOVEC_TOTAL_SIZE(iovec
, n
));
916 server_vacuum(s
, false);
918 f
= find_journal(s
, uid
);
922 log_debug_errno(r
, "Retrying write.");
923 r
= journal_file_append_entry(f
->file
, &ts
, NULL
, iovec
, n
, &s
->seqnum
, NULL
, NULL
);
925 log_ratelimit_error_errno(r
, FAILED_TO_WRITE_ENTRY_RATELIMIT
,
926 "Failed to write entry to %s (%zu items, %zu bytes) despite vacuuming, ignoring: %m",
927 f
->file
->path
, n
, IOVEC_TOTAL_SIZE(iovec
, n
));
929 server_schedule_sync(s
, priority
);
932 #define IOVEC_ADD_NUMERIC_FIELD(iovec, n, value, type, isset, format, field) \
933 if (isset(value)) { \
935 k = newa(char, STRLEN(field "=") + DECIMAL_STR_MAX(type) + 1); \
936 sprintf(k, field "=" format, value); \
937 iovec[n++] = IOVEC_MAKE_STRING(k); \
940 #define IOVEC_ADD_STRING_FIELD(iovec, n, value, field) \
941 if (!isempty(value)) { \
943 k = strjoina(field "=", value); \
944 iovec[n++] = IOVEC_MAKE_STRING(k); \
947 #define IOVEC_ADD_ID128_FIELD(iovec, n, value, field) \
948 if (!sd_id128_is_null(value)) { \
950 k = newa(char, STRLEN(field "=") + SD_ID128_STRING_MAX); \
951 sd_id128_to_string(value, stpcpy(k, field "=")); \
952 iovec[n++] = IOVEC_MAKE_STRING(k); \
955 #define IOVEC_ADD_SIZED_FIELD(iovec, n, value, value_size, field) \
956 if (value_size > 0) { \
958 k = newa(char, STRLEN(field "=") + value_size + 1); \
959 *((char*) mempcpy(stpcpy(k, field "="), value, value_size)) = 0; \
960 iovec[n++] = IOVEC_MAKE_STRING(k); \
963 static void dispatch_message_real(
965 struct iovec
*iovec
, size_t n
, size_t m
,
966 const ClientContext
*c
,
967 const struct timeval
*tv
,
971 char source_time
[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t
)];
972 _unused_ _cleanup_free_
char *cmdline1
= NULL
, *cmdline2
= NULL
;
980 N_IOVEC_META_FIELDS
+
981 (pid_is_valid(object_pid
) ? N_IOVEC_OBJECT_FIELDS
: 0) +
982 client_context_extra_fields_n_iovec(c
) <= m
);
985 IOVEC_ADD_NUMERIC_FIELD(iovec
, n
, c
->pid
, pid_t
, pid_is_valid
, PID_FMT
, "_PID");
986 IOVEC_ADD_NUMERIC_FIELD(iovec
, n
, c
->uid
, uid_t
, uid_is_valid
, UID_FMT
, "_UID");
987 IOVEC_ADD_NUMERIC_FIELD(iovec
, n
, c
->gid
, gid_t
, gid_is_valid
, GID_FMT
, "_GID");
989 IOVEC_ADD_STRING_FIELD(iovec
, n
, c
->comm
, "_COMM"); /* At most TASK_COMM_LENGTH (16 bytes) */
990 IOVEC_ADD_STRING_FIELD(iovec
, n
, c
->exe
, "_EXE"); /* A path, so at most PATH_MAX (4096 bytes) */
993 /* At most _SC_ARG_MAX (2MB usually), which is too much to put on stack.
994 * Let's use a heap allocation for this one. */
995 cmdline1
= set_iovec_string_field(iovec
, &n
, "_CMDLINE=", c
->cmdline
);
997 IOVEC_ADD_STRING_FIELD(iovec
, n
, c
->capeff
, "_CAP_EFFECTIVE"); /* Read from /proc/.../status */
998 IOVEC_ADD_SIZED_FIELD(iovec
, n
, c
->label
, c
->label_size
, "_SELINUX_CONTEXT");
999 IOVEC_ADD_NUMERIC_FIELD(iovec
, n
, c
->auditid
, uint32_t, audit_session_is_valid
, "%" PRIu32
, "_AUDIT_SESSION");
1000 IOVEC_ADD_NUMERIC_FIELD(iovec
, n
, c
->loginuid
, uid_t
, uid_is_valid
, UID_FMT
, "_AUDIT_LOGINUID");
1002 IOVEC_ADD_STRING_FIELD(iovec
, n
, c
->cgroup
, "_SYSTEMD_CGROUP"); /* A path */
1003 IOVEC_ADD_STRING_FIELD(iovec
, n
, c
->session
, "_SYSTEMD_SESSION");
1004 IOVEC_ADD_NUMERIC_FIELD(iovec
, n
, c
->owner_uid
, uid_t
, uid_is_valid
, UID_FMT
, "_SYSTEMD_OWNER_UID");
1005 IOVEC_ADD_STRING_FIELD(iovec
, n
, c
->unit
, "_SYSTEMD_UNIT"); /* Unit names are bounded by UNIT_NAME_MAX */
1006 IOVEC_ADD_STRING_FIELD(iovec
, n
, c
->user_unit
, "_SYSTEMD_USER_UNIT");
1007 IOVEC_ADD_STRING_FIELD(iovec
, n
, c
->slice
, "_SYSTEMD_SLICE");
1008 IOVEC_ADD_STRING_FIELD(iovec
, n
, c
->user_slice
, "_SYSTEMD_USER_SLICE");
1010 IOVEC_ADD_ID128_FIELD(iovec
, n
, c
->invocation_id
, "_SYSTEMD_INVOCATION_ID");
1012 if (c
->extra_fields_n_iovec
> 0) {
1013 memcpy(iovec
+ n
, c
->extra_fields_iovec
, c
->extra_fields_n_iovec
* sizeof(struct iovec
));
1014 n
+= c
->extra_fields_n_iovec
;
1020 if (pid_is_valid(object_pid
) && client_context_get(s
, object_pid
, NULL
, NULL
, 0, NULL
, &o
) >= 0) {
1022 IOVEC_ADD_NUMERIC_FIELD(iovec
, n
, o
->pid
, pid_t
, pid_is_valid
, PID_FMT
, "OBJECT_PID");
1023 IOVEC_ADD_NUMERIC_FIELD(iovec
, n
, o
->uid
, uid_t
, uid_is_valid
, UID_FMT
, "OBJECT_UID");
1024 IOVEC_ADD_NUMERIC_FIELD(iovec
, n
, o
->gid
, gid_t
, gid_is_valid
, GID_FMT
, "OBJECT_GID");
1026 /* See above for size limits, only ->cmdline may be large, so use a heap allocation for it. */
1027 IOVEC_ADD_STRING_FIELD(iovec
, n
, o
->comm
, "OBJECT_COMM");
1028 IOVEC_ADD_STRING_FIELD(iovec
, n
, o
->exe
, "OBJECT_EXE");
1030 cmdline2
= set_iovec_string_field(iovec
, &n
, "OBJECT_CMDLINE=", o
->cmdline
);
1032 IOVEC_ADD_STRING_FIELD(iovec
, n
, o
->capeff
, "OBJECT_CAP_EFFECTIVE");
1033 IOVEC_ADD_SIZED_FIELD(iovec
, n
, o
->label
, o
->label_size
, "OBJECT_SELINUX_CONTEXT");
1034 IOVEC_ADD_NUMERIC_FIELD(iovec
, n
, o
->auditid
, uint32_t, audit_session_is_valid
, "%" PRIu32
, "OBJECT_AUDIT_SESSION");
1035 IOVEC_ADD_NUMERIC_FIELD(iovec
, n
, o
->loginuid
, uid_t
, uid_is_valid
, UID_FMT
, "OBJECT_AUDIT_LOGINUID");
1037 IOVEC_ADD_STRING_FIELD(iovec
, n
, o
->cgroup
, "OBJECT_SYSTEMD_CGROUP");
1038 IOVEC_ADD_STRING_FIELD(iovec
, n
, o
->session
, "OBJECT_SYSTEMD_SESSION");
1039 IOVEC_ADD_NUMERIC_FIELD(iovec
, n
, o
->owner_uid
, uid_t
, uid_is_valid
, UID_FMT
, "OBJECT_SYSTEMD_OWNER_UID");
1040 IOVEC_ADD_STRING_FIELD(iovec
, n
, o
->unit
, "OBJECT_SYSTEMD_UNIT");
1041 IOVEC_ADD_STRING_FIELD(iovec
, n
, o
->user_unit
, "OBJECT_SYSTEMD_USER_UNIT");
1042 IOVEC_ADD_STRING_FIELD(iovec
, n
, o
->slice
, "OBJECT_SYSTEMD_SLICE");
1043 IOVEC_ADD_STRING_FIELD(iovec
, n
, o
->user_slice
, "OBJECT_SYSTEMD_USER_SLICE");
1045 IOVEC_ADD_ID128_FIELD(iovec
, n
, o
->invocation_id
, "OBJECT_SYSTEMD_INVOCATION_ID=");
1051 sprintf(source_time
, "_SOURCE_REALTIME_TIMESTAMP=" USEC_FMT
, timeval_load(tv
));
1052 iovec
[n
++] = IOVEC_MAKE_STRING(source_time
);
1055 /* Note that strictly speaking storing the boot id here is
1056 * redundant since the entry includes this in-line
1057 * anyway. However, we need this indexed, too. */
1058 if (!isempty(s
->boot_id_field
))
1059 iovec
[n
++] = IOVEC_MAKE_STRING(s
->boot_id_field
);
1061 if (!isempty(s
->machine_id_field
))
1062 iovec
[n
++] = IOVEC_MAKE_STRING(s
->machine_id_field
);
1064 if (!isempty(s
->hostname_field
))
1065 iovec
[n
++] = IOVEC_MAKE_STRING(s
->hostname_field
);
1067 if (!isempty(s
->namespace_field
))
1068 iovec
[n
++] = IOVEC_MAKE_STRING(s
->namespace_field
);
1070 iovec
[n
++] = in_initrd() ? IOVEC_MAKE_STRING("_RUNTIME_SCOPE=initrd") : IOVEC_MAKE_STRING("_RUNTIME_SCOPE=system");
1073 if (s
->split_mode
== SPLIT_UID
&& c
&& uid_is_valid(c
->uid
))
1074 /* Split up strictly by (non-root) UID */
1075 journal_uid
= c
->uid
;
1076 else if (s
->split_mode
== SPLIT_LOGIN
&& c
&& c
->uid
> 0 && uid_is_valid(c
->owner_uid
))
1077 /* Split up by login UIDs. We do this only if the
1078 * realuid is not root, in order not to accidentally
1079 * leak privileged information to the user that is
1080 * logged by a privileged process that is part of an
1081 * unprivileged session. */
1082 journal_uid
= c
->owner_uid
;
1086 write_to_journal(s
, journal_uid
, iovec
, n
, priority
);
1089 void server_driver_message(Server
*s
, pid_t object_pid
, const char *message_id
, const char *format
, ...) {
1091 struct iovec
*iovec
;
1099 m
= N_IOVEC_META_FIELDS
+ 5 + N_IOVEC_PAYLOAD_FIELDS
+ client_context_extra_fields_n_iovec(s
->my_context
) + N_IOVEC_OBJECT_FIELDS
;
1100 iovec
= newa(struct iovec
, m
);
1102 assert_cc(3 == LOG_FAC(LOG_DAEMON
));
1103 iovec
[n
++] = IOVEC_MAKE_STRING("SYSLOG_FACILITY=3");
1104 iovec
[n
++] = IOVEC_MAKE_STRING("SYSLOG_IDENTIFIER=systemd-journald");
1106 iovec
[n
++] = IOVEC_MAKE_STRING("_TRANSPORT=driver");
1107 assert_cc(6 == LOG_INFO
);
1108 iovec
[n
++] = IOVEC_MAKE_STRING("PRIORITY=6");
1111 iovec
[n
++] = IOVEC_MAKE_STRING(message_id
);
1114 va_start(ap
, format
);
1115 r
= log_format_iovec(iovec
, m
, &n
, false, 0, format
, ap
);
1116 /* Error handling below */
1120 dispatch_message_real(s
, iovec
, n
, m
, s
->my_context
, NULL
, LOG_INFO
, object_pid
);
1123 free(iovec
[k
++].iov_base
);
1126 /* We failed to format the message. Emit a warning instead. */
1130 xsprintf(buf
, "MESSAGE=Entry printing failed: %m");
1133 iovec
[n
++] = IOVEC_MAKE_STRING("PRIORITY=4");
1134 iovec
[n
++] = IOVEC_MAKE_STRING(buf
);
1135 dispatch_message_real(s
, iovec
, n
, m
, s
->my_context
, NULL
, LOG_INFO
, object_pid
);
1139 void server_dispatch_message(
1141 struct iovec
*iovec
, size_t n
, size_t m
,
1143 const struct timeval
*tv
,
1147 uint64_t available
= 0;
1151 assert(iovec
|| n
== 0);
1156 if (LOG_PRI(priority
) > s
->max_level_store
)
1159 /* Stop early in case the information will not be stored
1161 if (s
->storage
== STORAGE_NONE
)
1165 (void) determine_space(s
, &available
, NULL
);
1167 rl
= journal_ratelimit_test(s
->ratelimit
, c
->unit
, c
->log_ratelimit_interval
, c
->log_ratelimit_burst
, priority
& LOG_PRIMASK
, available
);
1171 /* Write a suppression message if we suppressed something */
1173 server_driver_message(s
, c
->pid
,
1174 "MESSAGE_ID=" SD_MESSAGE_JOURNAL_DROPPED_STR
,
1175 LOG_MESSAGE("Suppressed %i messages from %s", rl
- 1, c
->unit
),
1176 "N_DROPPED=%i", rl
- 1,
1180 dispatch_message_real(s
, iovec
, n
, m
, c
, tv
, priority
, object_pid
);
1183 int server_flush_to_var(Server
*s
, bool require_flag_file
) {
1184 sd_journal
*j
= NULL
;
1192 if (!IN_SET(s
->storage
, STORAGE_AUTO
, STORAGE_PERSISTENT
))
1195 if (s
->namespace) /* Flushing concept does not exist for namespace instances */
1198 if (!s
->runtime_journal
) /* Nothing to flush? */
1201 if (require_flag_file
&& !flushed_flag_is_set(s
))
1204 (void) system_journal_open(s
, true, false);
1206 if (!s
->system_journal
)
1209 log_debug("Flushing to %s...", s
->system_storage
.path
);
1211 start
= now(CLOCK_MONOTONIC
);
1213 r
= sd_journal_open(&j
, SD_JOURNAL_RUNTIME_ONLY
);
1215 return log_ratelimit_error_errno(r
, JOURNALD_LOG_RATELIMIT
,
1216 "Failed to read runtime journal: %m");
1218 sd_journal_set_data_threshold(j
, 0);
1220 SD_JOURNAL_FOREACH(j
) {
1224 f
= j
->current_file
;
1225 assert(f
&& f
->current_offset
> 0);
1229 r
= journal_file_move_to_object(f
, OBJECT_ENTRY
, f
->current_offset
, &o
);
1231 log_ratelimit_error_errno(r
, JOURNALD_LOG_RATELIMIT
, "Can't read entry: %m");
1235 r
= journal_file_copy_entry(f
, s
->system_journal
->file
, o
, f
->current_offset
);
1239 if (!shall_try_append_again(s
->system_journal
->file
, r
)) {
1240 log_ratelimit_error_errno(r
, JOURNALD_LOG_RATELIMIT
, "Can't write entry: %m");
1244 log_ratelimit_info(JOURNALD_LOG_RATELIMIT
, "Rotating system journal.");
1247 server_vacuum(s
, false);
1249 if (!s
->system_journal
) {
1250 log_ratelimit_notice(JOURNALD_LOG_RATELIMIT
,
1251 "Didn't flush runtime journal since rotation of system journal wasn't successful.");
1256 log_debug("Retrying write.");
1257 r
= journal_file_copy_entry(f
, s
->system_journal
->file
, o
, f
->current_offset
);
1259 log_ratelimit_error_errno(r
, JOURNALD_LOG_RATELIMIT
, "Can't write entry: %m");
1267 if (s
->system_journal
)
1268 journal_file_post_change(s
->system_journal
->file
);
1270 s
->runtime_journal
= managed_journal_file_close(s
->runtime_journal
);
1273 (void) rm_rf(s
->runtime_storage
.path
, REMOVE_ROOT
);
1275 sd_journal_close(j
);
1277 server_driver_message(s
, 0, NULL
,
1278 LOG_MESSAGE("Time spent on flushing to %s is %s for %u entries.",
1279 s
->system_storage
.path
,
1280 FORMAT_TIMESPAN(usec_sub_unsigned(now(CLOCK_MONOTONIC
), start
), 0),
1284 fn
= strjoina(s
->runtime_directory
, "/flushed");
1287 log_ratelimit_warning_errno(k
, JOURNALD_LOG_RATELIMIT
,
1288 "Failed to touch %s, ignoring: %m", fn
);
1290 server_refresh_idle_timer(s
);
1294 static int server_relinquish_var(Server
*s
) {
1298 if (s
->storage
== STORAGE_NONE
)
1301 if (s
->namespace) /* Concept does not exist for namespaced instances */
1304 if (s
->runtime_journal
&& !s
->system_journal
)
1307 log_debug("Relinquishing %s...", s
->system_storage
.path
);
1309 (void) system_journal_open(s
, false, true);
1311 s
->system_journal
= managed_journal_file_close(s
->system_journal
);
1312 ordered_hashmap_clear_with_destructor(s
->user_journals
, managed_journal_file_close
);
1313 set_clear_with_destructor(s
->deferred_closes
, managed_journal_file_close
);
1315 fn
= strjoina(s
->runtime_directory
, "/flushed");
1316 if (unlink(fn
) < 0 && errno
!= ENOENT
)
1317 log_ratelimit_warning_errno(errno
, JOURNALD_LOG_RATELIMIT
,
1318 "Failed to unlink %s, ignoring: %m", fn
);
1320 server_refresh_idle_timer(s
);
1324 int server_process_datagram(
1325 sd_event_source
*es
,
1330 size_t label_len
= 0, m
;
1331 Server
*s
= ASSERT_PTR(userdata
);
1332 struct ucred
*ucred
= NULL
;
1333 struct timeval
*tv
= NULL
;
1334 struct cmsghdr
*cmsg
;
1338 int *fds
= NULL
, v
= 0;
1341 /* We use NAME_MAX space for the SELinux label here. The kernel currently enforces no limit, but
1342 * according to suggestions from the SELinux people this will change and it will probably be
1343 * identical to NAME_MAX. For now we use that, but this should be updated one day when the final
1346 * Here, we need to explicitly initialize the buffer with zero, as glibc has a bug in
1347 * __convert_scm_timestamps(), which assumes the buffer is initialized. See #20741. */
1348 CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct ucred
)) +
1349 CMSG_SPACE_TIMEVAL
+
1350 CMSG_SPACE(sizeof(int)) + /* fd */
1351 CMSG_SPACE(NAME_MAX
) /* selinux label */) control
= {};
1353 union sockaddr_union sa
= {};
1355 struct msghdr msghdr
= {
1358 .msg_control
= &control
,
1359 .msg_controllen
= sizeof(control
),
1361 .msg_namelen
= sizeof(sa
),
1364 assert(fd
== s
->native_fd
|| fd
== s
->syslog_fd
|| fd
== s
->audit_fd
);
1366 if (revents
!= EPOLLIN
)
1367 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
1368 "Got invalid event from epoll for datagram fd: %" PRIx32
,
1371 /* Try to get the right size, if we can. (Not all sockets support SIOCINQ, hence we just try, but don't rely on
1373 (void) ioctl(fd
, SIOCINQ
, &v
);
1375 /* Fix it up, if it is too small. We use the same fixed value as auditd here. Awful! */
1376 m
= PAGE_ALIGN(MAX3((size_t) v
+ 1,
1378 ALIGN(sizeof(struct nlmsghdr
)) + ALIGN((size_t) MAX_AUDIT_MESSAGE_LENGTH
)) + 1);
1380 if (!GREEDY_REALLOC(s
->buffer
, m
))
1383 iovec
= IOVEC_MAKE(s
->buffer
, MALLOC_ELEMENTSOF(s
->buffer
) - 1); /* Leave room for trailing NUL we add later */
1385 n
= recvmsg_safe(fd
, &msghdr
, MSG_DONTWAIT
|MSG_CMSG_CLOEXEC
);
1387 if (ERRNO_IS_TRANSIENT(n
))
1390 log_ratelimit_warning(JOURNALD_LOG_RATELIMIT
,
1391 "Got message with truncated control data (too many fds sent?), ignoring.");
1394 return log_ratelimit_error_errno(n
, JOURNALD_LOG_RATELIMIT
, "recvmsg() failed: %m");
1397 CMSG_FOREACH(cmsg
, &msghdr
)
1398 if (cmsg
->cmsg_level
== SOL_SOCKET
&&
1399 cmsg
->cmsg_type
== SCM_CREDENTIALS
&&
1400 cmsg
->cmsg_len
== CMSG_LEN(sizeof(struct ucred
))) {
1402 ucred
= (struct ucred
*) CMSG_DATA(cmsg
);
1403 } else if (cmsg
->cmsg_level
== SOL_SOCKET
&&
1404 cmsg
->cmsg_type
== SCM_SECURITY
) {
1406 label
= (char*) CMSG_DATA(cmsg
);
1407 label_len
= cmsg
->cmsg_len
- CMSG_LEN(0);
1408 } else if (cmsg
->cmsg_level
== SOL_SOCKET
&&
1409 cmsg
->cmsg_type
== SO_TIMESTAMP
&&
1410 cmsg
->cmsg_len
== CMSG_LEN(sizeof(struct timeval
))) {
1412 tv
= (struct timeval
*) CMSG_DATA(cmsg
);
1413 } else if (cmsg
->cmsg_level
== SOL_SOCKET
&&
1414 cmsg
->cmsg_type
== SCM_RIGHTS
) {
1416 fds
= (int*) CMSG_DATA(cmsg
);
1417 n_fds
= (cmsg
->cmsg_len
- CMSG_LEN(0)) / sizeof(int);
1420 /* And a trailing NUL, just in case */
1423 if (fd
== s
->syslog_fd
) {
1424 if (n
> 0 && n_fds
== 0)
1425 server_process_syslog_message(s
, s
->buffer
, n
, ucred
, tv
, label
, label_len
);
1427 log_ratelimit_warning(JOURNALD_LOG_RATELIMIT
,
1428 "Got file descriptors via syslog socket. Ignoring.");
1430 } else if (fd
== s
->native_fd
) {
1431 if (n
> 0 && n_fds
== 0)
1432 server_process_native_message(s
, s
->buffer
, n
, ucred
, tv
, label
, label_len
);
1433 else if (n
== 0 && n_fds
== 1)
1434 server_process_native_file(s
, fds
[0], ucred
, tv
, label
, label_len
);
1436 log_ratelimit_warning(JOURNALD_LOG_RATELIMIT
,
1437 "Got too many file descriptors via native socket. Ignoring.");
1440 assert(fd
== s
->audit_fd
);
1442 if (n
> 0 && n_fds
== 0)
1443 server_process_audit_message(s
, s
->buffer
, n
, ucred
, &sa
, msghdr
.msg_namelen
);
1445 log_ratelimit_warning(JOURNALD_LOG_RATELIMIT
,
1446 "Got file descriptors via audit socket. Ignoring.");
1449 close_many(fds
, n_fds
);
1451 server_refresh_idle_timer(s
);
1455 static void server_full_flush(Server
*s
) {
1458 (void) server_flush_to_var(s
, false);
1460 server_vacuum(s
, false);
1462 server_space_usage_message(s
, NULL
);
1464 server_refresh_idle_timer(s
);
1467 static int dispatch_sigusr1(sd_event_source
*es
, const struct signalfd_siginfo
*si
, void *userdata
) {
1468 Server
*s
= ASSERT_PTR(userdata
);
1471 log_error("Received SIGUSR1 signal from PID %u, but flushing runtime journals not supported for namespaced instances.", si
->ssi_pid
);
1475 log_info("Received SIGUSR1 signal from PID %u, as request to flush runtime journal.", si
->ssi_pid
);
1476 server_full_flush(s
);
1481 static void server_full_rotate(Server
*s
) {
1488 server_vacuum(s
, true);
1490 if (s
->system_journal
)
1491 patch_min_use(&s
->system_storage
);
1492 if (s
->runtime_journal
)
1493 patch_min_use(&s
->runtime_storage
);
1495 /* Let clients know when the most recent rotation happened. */
1496 fn
= strjoina(s
->runtime_directory
, "/rotated");
1497 r
= write_timestamp_file_atomic(fn
, now(CLOCK_MONOTONIC
));
1499 log_ratelimit_warning_errno(r
, JOURNALD_LOG_RATELIMIT
,
1500 "Failed to write %s, ignoring: %m", fn
);
1503 static int dispatch_sigusr2(sd_event_source
*es
, const struct signalfd_siginfo
*si
, void *userdata
) {
1504 Server
*s
= ASSERT_PTR(userdata
);
1506 log_info("Received SIGUSR2 signal from PID %u, as request to rotate journal, rotating.", si
->ssi_pid
);
1507 server_full_rotate(s
);
1512 static int dispatch_sigterm(sd_event_source
*es
, const struct signalfd_siginfo
*si
, void *userdata
) {
1513 _cleanup_(sd_event_source_disable_unrefp
) sd_event_source
*news
= NULL
;
1514 Server
*s
= ASSERT_PTR(userdata
);
1517 log_received_signal(LOG_INFO
, si
);
1519 (void) sd_event_source_set_enabled(es
, SD_EVENT_OFF
); /* Make sure this handler is called at most once */
1521 /* So on one hand we want to ensure that SIGTERMs are definitely handled in appropriate, bounded
1522 * time. On the other hand we want that everything pending is first comprehensively processed and
1523 * written to disk. These goals are incompatible, hence we try to find a middle ground: we'll process
1524 * SIGTERM with high priority, but from the handler (this one right here) we'll install two new event
1525 * sources: one low priority idle one that will issue the exit once everything else is processed (and
1526 * which is hopefully the regular, clean codepath); and one high priority timer that acts as safety
1527 * net: if our idle handler isn't run within 10s, we'll exit anyway.
1529 * TLDR: we'll exit either when everything is processed, or after 10s max, depending on what happens
1532 * Note that exiting before the idle event is hit doesn't typically mean that we lose any data, as
1533 * messages will remain queued in the sockets they came in from, and thus can be processed when we
1534 * start up next – unless we are going down for the final system shutdown, in which case everything
1537 r
= sd_event_add_defer(s
->event
, &news
, NULL
, NULL
); /* NULL handler means → exit when triggered */
1539 log_error_errno(r
, "Failed to allocate exit idle event handler: %m");
1543 (void) sd_event_source_set_description(news
, "exit-idle");
1545 /* Run everything relevant before this. */
1546 r
= sd_event_source_set_priority(news
, SD_EVENT_PRIORITY_NORMAL
+20);
1548 log_error_errno(r
, "Failed to adjust priority of exit idle event handler: %m");
1552 /* Give up ownership, so that this event source is freed automatically when the event loop is freed. */
1553 r
= sd_event_source_set_floating(news
, true);
1555 log_error_errno(r
, "Failed to make exit idle event handler floating: %m");
1559 news
= sd_event_source_unref(news
);
1561 r
= sd_event_add_time_relative(s
->event
, &news
, CLOCK_MONOTONIC
, 10 * USEC_PER_SEC
, 0, NULL
, NULL
);
1563 log_error_errno(r
, "Failed to allocate exit timeout event handler: %m");
1567 (void) sd_event_source_set_description(news
, "exit-timeout");
1569 r
= sd_event_source_set_priority(news
, SD_EVENT_PRIORITY_IMPORTANT
-20); /* This is a safety net, with highest priority */
1571 log_error_errno(r
, "Failed to adjust priority of exit timeout event handler: %m");
1575 r
= sd_event_source_set_floating(news
, true);
1577 log_error_errno(r
, "Failed to make exit timeout event handler floating: %m");
1581 news
= sd_event_source_unref(news
);
1583 log_debug("Exit event sources are now pending.");
1587 sd_event_exit(s
->event
, 0);
1591 static void server_full_sync(Server
*s
) {
1599 /* Let clients know when the most recent sync happened. */
1600 fn
= strjoina(s
->runtime_directory
, "/synced");
1601 r
= write_timestamp_file_atomic(fn
, now(CLOCK_MONOTONIC
));
1603 log_ratelimit_warning_errno(r
, JOURNALD_LOG_RATELIMIT
,
1604 "Failed to write %s, ignoring: %m", fn
);
1609 static int dispatch_sigrtmin1(sd_event_source
*es
, const struct signalfd_siginfo
*si
, void *userdata
) {
1610 Server
*s
= ASSERT_PTR(userdata
);
1612 log_debug("Received SIGRTMIN1 signal from PID %u, as request to sync.", si
->ssi_pid
);
1613 server_full_sync(s
);
1618 static int setup_signals(Server
*s
) {
1623 assert_se(sigprocmask_many(SIG_SETMASK
, NULL
, SIGINT
, SIGTERM
, SIGUSR1
, SIGUSR2
, SIGRTMIN
+1, -1) >= 0);
1625 r
= sd_event_add_signal(s
->event
, &s
->sigusr1_event_source
, SIGUSR1
, dispatch_sigusr1
, s
);
1629 r
= sd_event_add_signal(s
->event
, &s
->sigusr2_event_source
, SIGUSR2
, dispatch_sigusr2
, s
);
1633 r
= sd_event_add_signal(s
->event
, &s
->sigterm_event_source
, SIGTERM
, dispatch_sigterm
, s
);
1637 /* Let's process SIGTERM early, so that we definitely react to it */
1638 r
= sd_event_source_set_priority(s
->sigterm_event_source
, SD_EVENT_PRIORITY_IMPORTANT
-10);
1642 /* When journald is invoked on the terminal (when debugging), it's useful if C-c is handled
1643 * equivalent to SIGTERM. */
1644 r
= sd_event_add_signal(s
->event
, &s
->sigint_event_source
, SIGINT
, dispatch_sigterm
, s
);
1648 r
= sd_event_source_set_priority(s
->sigint_event_source
, SD_EVENT_PRIORITY_IMPORTANT
-10);
1652 /* SIGRTMIN+1 causes an immediate sync. We process this very late, so that everything else queued at
1653 * this point is really written to disk. Clients can watch /run/systemd/journal/synced with inotify
1654 * until its mtime changes to see when a sync happened. */
1655 r
= sd_event_add_signal(s
->event
, &s
->sigrtmin1_event_source
, SIGRTMIN
+1, dispatch_sigrtmin1
, s
);
1659 r
= sd_event_source_set_priority(s
->sigrtmin1_event_source
, SD_EVENT_PRIORITY_NORMAL
+15);
1666 static int parse_proc_cmdline_item(const char *key
, const char *value
, void *data
) {
1667 Server
*s
= ASSERT_PTR(data
);
1670 if (proc_cmdline_key_streq(key
, "systemd.journald.forward_to_syslog")) {
1672 r
= value
? parse_boolean(value
) : true;
1674 log_warning("Failed to parse forward to syslog switch \"%s\". Ignoring.", value
);
1676 s
->forward_to_syslog
= r
;
1678 } else if (proc_cmdline_key_streq(key
, "systemd.journald.forward_to_kmsg")) {
1680 r
= value
? parse_boolean(value
) : true;
1682 log_warning("Failed to parse forward to kmsg switch \"%s\". Ignoring.", value
);
1684 s
->forward_to_kmsg
= r
;
1686 } else if (proc_cmdline_key_streq(key
, "systemd.journald.forward_to_console")) {
1688 r
= value
? parse_boolean(value
) : true;
1690 log_warning("Failed to parse forward to console switch \"%s\". Ignoring.", value
);
1692 s
->forward_to_console
= r
;
1694 } else if (proc_cmdline_key_streq(key
, "systemd.journald.forward_to_wall")) {
1696 r
= value
? parse_boolean(value
) : true;
1698 log_warning("Failed to parse forward to wall switch \"%s\". Ignoring.", value
);
1700 s
->forward_to_wall
= r
;
1702 } else if (proc_cmdline_key_streq(key
, "systemd.journald.max_level_console")) {
1704 if (proc_cmdline_value_missing(key
, value
))
1707 r
= log_level_from_string(value
);
1709 log_warning("Failed to parse max level console value \"%s\". Ignoring.", value
);
1711 s
->max_level_console
= r
;
1713 } else if (proc_cmdline_key_streq(key
, "systemd.journald.max_level_store")) {
1715 if (proc_cmdline_value_missing(key
, value
))
1718 r
= log_level_from_string(value
);
1720 log_warning("Failed to parse max level store value \"%s\". Ignoring.", value
);
1722 s
->max_level_store
= r
;
1724 } else if (proc_cmdline_key_streq(key
, "systemd.journald.max_level_syslog")) {
1726 if (proc_cmdline_value_missing(key
, value
))
1729 r
= log_level_from_string(value
);
1731 log_warning("Failed to parse max level syslog value \"%s\". Ignoring.", value
);
1733 s
->max_level_syslog
= r
;
1735 } else if (proc_cmdline_key_streq(key
, "systemd.journald.max_level_kmsg")) {
1737 if (proc_cmdline_value_missing(key
, value
))
1740 r
= log_level_from_string(value
);
1742 log_warning("Failed to parse max level kmsg value \"%s\". Ignoring.", value
);
1744 s
->max_level_kmsg
= r
;
1746 } else if (proc_cmdline_key_streq(key
, "systemd.journald.max_level_wall")) {
1748 if (proc_cmdline_value_missing(key
, value
))
1751 r
= log_level_from_string(value
);
1753 log_warning("Failed to parse max level wall value \"%s\". Ignoring.", value
);
1755 s
->max_level_wall
= r
;
1757 } else if (startswith(key
, "systemd.journald"))
1758 log_warning("Unknown journald kernel command line option \"%s\". Ignoring.", key
);
1760 /* do not warn about state here, since probably systemd already did */
1764 static int server_parse_config_file(Server
*s
) {
1770 const char *namespaced
, *dropin_dirname
;
1772 /* If we are running in namespace mode, load the namespace specific configuration file, and nothing else */
1773 namespaced
= strjoina(PKGSYSCONFDIR
"/journald@", s
->namespace, ".conf");
1774 dropin_dirname
= strjoina("journald@", s
->namespace, ".conf.d");
1776 r
= config_parse_many(
1777 STRV_MAKE_CONST(namespaced
),
1778 (const char* const*) CONF_PATHS_STRV("systemd"),
1781 config_item_perf_lookup
, journald_gperf_lookup
,
1782 CONFIG_PARSE_WARN
, s
, NULL
, NULL
);
1789 return config_parse_many_nulstr(
1790 PKGSYSCONFDIR
"/journald.conf",
1791 CONF_PATHS_NULSTR("systemd/journald.conf.d"),
1793 config_item_perf_lookup
, journald_gperf_lookup
,
1794 CONFIG_PARSE_WARN
, s
, NULL
);
1797 static int server_dispatch_sync(sd_event_source
*es
, usec_t t
, void *userdata
) {
1798 Server
*s
= ASSERT_PTR(userdata
);
1804 int server_schedule_sync(Server
*s
, int priority
) {
1809 if (priority
<= LOG_CRIT
) {
1810 /* Immediately sync to disk when this is of priority CRIT, ALERT, EMERG */
1815 if (s
->sync_scheduled
)
1818 if (s
->sync_interval_usec
> 0) {
1820 if (!s
->sync_event_source
) {
1821 r
= sd_event_add_time_relative(
1823 &s
->sync_event_source
,
1825 s
->sync_interval_usec
, 0,
1826 server_dispatch_sync
, s
);
1830 r
= sd_event_source_set_priority(s
->sync_event_source
, SD_EVENT_PRIORITY_IMPORTANT
);
1832 r
= sd_event_source_set_time_relative(s
->sync_event_source
, s
->sync_interval_usec
);
1836 r
= sd_event_source_set_enabled(s
->sync_event_source
, SD_EVENT_ONESHOT
);
1841 s
->sync_scheduled
= true;
1847 static int dispatch_hostname_change(sd_event_source
*es
, int fd
, uint32_t revents
, void *userdata
) {
1848 Server
*s
= ASSERT_PTR(userdata
);
1850 server_cache_hostname(s
);
1854 static int server_open_hostname(Server
*s
) {
1859 s
->hostname_fd
= open("/proc/sys/kernel/hostname",
1860 O_RDONLY
|O_CLOEXEC
|O_NONBLOCK
|O_NOCTTY
);
1861 if (s
->hostname_fd
< 0)
1862 return log_error_errno(errno
, "Failed to open /proc/sys/kernel/hostname: %m");
1864 r
= sd_event_add_io(s
->event
, &s
->hostname_event_source
, s
->hostname_fd
, 0, dispatch_hostname_change
, s
);
1866 /* kernels prior to 3.2 don't support polling this file. Ignore
1869 log_warning_errno(r
, "Failed to register hostname fd in event loop, ignoring: %m");
1870 s
->hostname_fd
= safe_close(s
->hostname_fd
);
1874 return log_error_errno(r
, "Failed to register hostname fd in event loop: %m");
1877 r
= sd_event_source_set_priority(s
->hostname_event_source
, SD_EVENT_PRIORITY_IMPORTANT
-10);
1879 return log_error_errno(r
, "Failed to adjust priority of hostname event source: %m");
1884 static int dispatch_notify_event(sd_event_source
*es
, int fd
, uint32_t revents
, void *userdata
) {
1885 Server
*s
= ASSERT_PTR(userdata
);
1888 assert(s
->notify_event_source
== es
);
1889 assert(s
->notify_fd
== fd
);
1891 /* The $NOTIFY_SOCKET is writable again, now send exactly one
1892 * message on it. Either it's the watchdog event, the initial
1893 * READY=1 event or an stdout stream event. If there's nothing
1894 * to write anymore, turn our event source off. The next time
1895 * there's something to send it will be turned on again. */
1897 if (!s
->sent_notify_ready
) {
1898 static const char p
[] = "READY=1\n"
1899 "STATUS=Processing requests...";
1901 if (send(s
->notify_fd
, p
, strlen(p
), MSG_DONTWAIT
) < 0) {
1902 if (errno
== EAGAIN
)
1905 return log_error_errno(errno
, "Failed to send READY=1 notification message: %m");
1908 s
->sent_notify_ready
= true;
1909 log_debug("Sent READY=1 notification.");
1911 } else if (s
->send_watchdog
) {
1912 static const char p
[] = "WATCHDOG=1";
1914 if (send(s
->notify_fd
, p
, strlen(p
), MSG_DONTWAIT
) < 0) {
1915 if (errno
== EAGAIN
)
1918 return log_error_errno(errno
, "Failed to send WATCHDOG=1 notification message: %m");
1921 s
->send_watchdog
= false;
1922 log_debug("Sent WATCHDOG=1 notification.");
1924 } else if (s
->stdout_streams_notify_queue
)
1925 /* Dispatch one stream notification event */
1926 stdout_stream_send_notify(s
->stdout_streams_notify_queue
);
1928 /* Leave us enabled if there's still more to do. */
1929 if (s
->send_watchdog
|| s
->stdout_streams_notify_queue
)
1932 /* There was nothing to do anymore, let's turn ourselves off. */
1933 r
= sd_event_source_set_enabled(es
, SD_EVENT_OFF
);
1935 return log_error_errno(r
, "Failed to turn off notify event source: %m");
1940 static int dispatch_watchdog(sd_event_source
*es
, uint64_t usec
, void *userdata
) {
1941 Server
*s
= ASSERT_PTR(userdata
);
1944 s
->send_watchdog
= true;
1946 r
= sd_event_source_set_enabled(s
->notify_event_source
, SD_EVENT_ON
);
1948 log_warning_errno(r
, "Failed to turn on notify event source: %m");
1950 r
= sd_event_source_set_time(s
->watchdog_event_source
, usec
+ s
->watchdog_usec
/ 2);
1952 return log_error_errno(r
, "Failed to restart watchdog event source: %m");
1954 r
= sd_event_source_set_enabled(s
->watchdog_event_source
, SD_EVENT_ON
);
1956 return log_error_errno(r
, "Failed to enable watchdog event source: %m");
1961 static int server_connect_notify(Server
*s
) {
1962 union sockaddr_union sa
;
1968 assert(s
->notify_fd
< 0);
1969 assert(!s
->notify_event_source
);
1972 * So here's the problem: we'd like to send notification messages to PID 1, but we cannot do that via
1973 * sd_notify(), since that's synchronous, and we might end up blocking on it. Specifically: given
1974 * that PID 1 might block on dbus-daemon during IPC, and dbus-daemon is logging to us, and might
1975 * hence block on us, we might end up in a deadlock if we block on sending PID 1 notification
1976 * messages — by generating a full blocking circle. To avoid this, let's create a non-blocking
1977 * socket, and connect it to the notification socket, and then wait for POLLOUT before we send
1978 * anything. This should efficiently avoid any deadlocks, as we'll never block on PID 1, hence PID 1
1979 * can safely block on dbus-daemon which can safely block on us again.
1981 * Don't think that this issue is real? It is, see: https://github.com/systemd/systemd/issues/1505
1984 e
= getenv("NOTIFY_SOCKET");
1988 r
= sockaddr_un_set_path(&sa
.un
, e
);
1990 return log_error_errno(r
, "NOTIFY_SOCKET set to invalid value '%s': %m", e
);
1993 s
->notify_fd
= socket(AF_UNIX
, SOCK_DGRAM
|SOCK_CLOEXEC
|SOCK_NONBLOCK
, 0);
1994 if (s
->notify_fd
< 0)
1995 return log_error_errno(errno
, "Failed to create notify socket: %m");
1997 (void) fd_inc_sndbuf(s
->notify_fd
, NOTIFY_SNDBUF_SIZE
);
1999 r
= connect(s
->notify_fd
, &sa
.sa
, sa_len
);
2001 return log_error_errno(errno
, "Failed to connect to notify socket: %m");
2003 r
= sd_event_add_io(s
->event
, &s
->notify_event_source
, s
->notify_fd
, EPOLLOUT
, dispatch_notify_event
, s
);
2005 return log_error_errno(r
, "Failed to watch notification socket: %m");
2007 if (sd_watchdog_enabled(false, &s
->watchdog_usec
) > 0) {
2008 s
->send_watchdog
= true;
2010 r
= sd_event_add_time_relative(s
->event
, &s
->watchdog_event_source
, CLOCK_MONOTONIC
, s
->watchdog_usec
/2, s
->watchdog_usec
/4, dispatch_watchdog
, s
);
2012 return log_error_errno(r
, "Failed to add watchdog time event: %m");
2015 /* This should fire pretty soon, which we'll use to send the READY=1 event. */
2020 static int synchronize_second_half(sd_event_source
*event_source
, void *userdata
) {
2021 Varlink
*link
= ASSERT_PTR(userdata
);
2025 assert_se(s
= varlink_get_userdata(link
));
2027 /* This is the "second half" of the Synchronize() varlink method. This function is called as deferred
2028 * event source at a low priority to ensure the synchronization completes after all queued log
2029 * messages are processed. */
2030 server_full_sync(s
);
2032 /* Let's get rid of the event source now, by marking it as non-floating again. It then has no ref
2033 * anymore and is immediately destroyed after we return from this function, i.e. from this event
2034 * source handler at the end. */
2035 r
= sd_event_source_set_floating(event_source
, false);
2037 return log_error_errno(r
, "Failed to mark event source as non-floating: %m");
2039 return varlink_reply(link
, NULL
);
2042 static void synchronize_destroy(void *userdata
) {
2043 varlink_unref(userdata
);
2046 static int vl_method_synchronize(Varlink
*link
, JsonVariant
*parameters
, VarlinkMethodFlags flags
, void *userdata
) {
2047 _cleanup_(sd_event_source_unrefp
) sd_event_source
*event_source
= NULL
;
2048 Server
*s
= ASSERT_PTR(userdata
);
2053 if (json_variant_elements(parameters
) > 0)
2054 return varlink_error_invalid_parameter(link
, parameters
);
2056 log_info("Received client request to rotate journal.");
2058 /* We don't do the main work now, but instead enqueue a deferred event loop job which will do
2059 * it. That job is scheduled at low priority, so that we return from this method call only after all
2060 * queued but not processed log messages are written to disk, so that this method call returning can
2061 * be used as nice synchronization point. */
2062 r
= sd_event_add_defer(s
->event
, &event_source
, synchronize_second_half
, link
);
2064 return log_error_errno(r
, "Failed to allocate defer event source: %m");
2066 r
= sd_event_source_set_destroy_callback(event_source
, synchronize_destroy
);
2068 return log_error_errno(r
, "Failed to set event source destroy callback: %m");
2070 varlink_ref(link
); /* The varlink object is now left to the destroy callback to unref */
2072 r
= sd_event_source_set_priority(event_source
, SD_EVENT_PRIORITY_NORMAL
+15);
2074 return log_error_errno(r
, "Failed to set defer event source priority: %m");
2076 /* Give up ownership of this event source. It will now be destroyed along with event loop itself,
2077 * unless it destroys itself earlier. */
2078 r
= sd_event_source_set_floating(event_source
, true);
2080 return log_error_errno(r
, "Failed to mark event source as floating: %m");
2082 (void) sd_event_source_set_description(event_source
, "deferred-sync");
2087 static int vl_method_rotate(Varlink
*link
, JsonVariant
*parameters
, VarlinkMethodFlags flags
, void *userdata
) {
2088 Server
*s
= ASSERT_PTR(userdata
);
2092 if (json_variant_elements(parameters
) > 0)
2093 return varlink_error_invalid_parameter(link
, parameters
);
2095 log_info("Received client request to rotate journal, rotating.");
2096 server_full_rotate(s
);
2098 return varlink_reply(link
, NULL
);
2101 static int vl_method_flush_to_var(Varlink
*link
, JsonVariant
*parameters
, VarlinkMethodFlags flags
, void *userdata
) {
2102 Server
*s
= ASSERT_PTR(userdata
);
2106 if (json_variant_elements(parameters
) > 0)
2107 return varlink_error_invalid_parameter(link
, parameters
);
2109 return varlink_error(link
, "io.systemd.Journal.NotSupportedByNamespaces", NULL
);
2111 log_info("Received client request to flush runtime journal.");
2112 server_full_flush(s
);
2114 return varlink_reply(link
, NULL
);
2117 static int vl_method_relinquish_var(Varlink
*link
, JsonVariant
*parameters
, VarlinkMethodFlags flags
, void *userdata
) {
2118 Server
*s
= ASSERT_PTR(userdata
);
2122 if (json_variant_elements(parameters
) > 0)
2123 return varlink_error_invalid_parameter(link
, parameters
);
2125 return varlink_error(link
, "io.systemd.Journal.NotSupportedByNamespaces", NULL
);
2127 log_info("Received client request to relinquish %s access.", s
->system_storage
.path
);
2128 server_relinquish_var(s
);
2130 return varlink_reply(link
, NULL
);
2133 static int vl_connect(VarlinkServer
*server
, Varlink
*link
, void *userdata
) {
2134 Server
*s
= ASSERT_PTR(userdata
);
2139 (void) server_start_or_stop_idle_timer(s
); /* maybe we are no longer idle */
2144 static void vl_disconnect(VarlinkServer
*server
, Varlink
*link
, void *userdata
) {
2145 Server
*s
= ASSERT_PTR(userdata
);
2150 (void) server_start_or_stop_idle_timer(s
); /* maybe we are idle now */
2153 static int server_open_varlink(Server
*s
, const char *socket
, int fd
) {
2158 r
= varlink_server_new(&s
->varlink_server
, VARLINK_SERVER_ROOT_ONLY
|VARLINK_SERVER_INHERIT_USERDATA
);
2162 varlink_server_set_userdata(s
->varlink_server
, s
);
2164 r
= varlink_server_bind_method_many(
2166 "io.systemd.Journal.Synchronize", vl_method_synchronize
,
2167 "io.systemd.Journal.Rotate", vl_method_rotate
,
2168 "io.systemd.Journal.FlushToVar", vl_method_flush_to_var
,
2169 "io.systemd.Journal.RelinquishVar", vl_method_relinquish_var
);
2173 r
= varlink_server_bind_connect(s
->varlink_server
, vl_connect
);
2177 r
= varlink_server_bind_disconnect(s
->varlink_server
, vl_disconnect
);
2182 r
= varlink_server_listen_address(s
->varlink_server
, socket
, 0600);
2184 r
= varlink_server_listen_fd(s
->varlink_server
, fd
);
2188 r
= varlink_server_attach_event(s
->varlink_server
, s
->event
, SD_EVENT_PRIORITY_NORMAL
);
2195 static bool server_is_idle(Server
*s
) {
2198 /* The server for the main namespace is never idle */
2202 /* If a retention maximum is set larger than the idle time we need to be running to enforce it, hence
2203 * turn off the idle logic. */
2204 if (s
->max_retention_usec
> IDLE_TIMEOUT_USEC
)
2207 /* We aren't idle if we have a varlink client */
2208 if (varlink_server_current_connections(s
->varlink_server
) > 0)
2211 /* If we have stdout streams we aren't idle */
2212 if (s
->n_stdout_streams
> 0)
2218 static int server_idle_handler(sd_event_source
*source
, uint64_t usec
, void *userdata
) {
2219 Server
*s
= ASSERT_PTR(userdata
);
2223 log_debug("Server is idle, exiting.");
2224 sd_event_exit(s
->event
, 0);
2228 int server_start_or_stop_idle_timer(Server
*s
) {
2229 _cleanup_(sd_event_source_unrefp
) sd_event_source
*source
= NULL
;
2234 if (!server_is_idle(s
)) {
2235 s
->idle_event_source
= sd_event_source_disable_unref(s
->idle_event_source
);
2239 if (s
->idle_event_source
)
2242 r
= sd_event_add_time_relative(s
->event
, &source
, CLOCK_MONOTONIC
, IDLE_TIMEOUT_USEC
, 0, server_idle_handler
, s
);
2244 return log_error_errno(r
, "Failed to allocate idle timer: %m");
2246 r
= sd_event_source_set_priority(source
, SD_EVENT_PRIORITY_IDLE
);
2248 return log_error_errno(r
, "Failed to set idle timer priority: %m");
2250 (void) sd_event_source_set_description(source
, "idle-timer");
2252 s
->idle_event_source
= TAKE_PTR(source
);
2256 int server_refresh_idle_timer(Server
*s
) {
2261 if (!s
->idle_event_source
)
2264 r
= sd_event_source_set_time_relative(s
->idle_event_source
, IDLE_TIMEOUT_USEC
);
2266 return log_error_errno(r
, "Failed to refresh idle timer: %m");
2271 static int set_namespace(Server
*s
, const char *namespace) {
2277 if (!log_namespace_name_valid(namespace))
2278 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Specified namespace name not valid, refusing: %s", namespace);
2280 s
->namespace = strdup(namespace);
2284 s
->namespace_field
= strjoin("_NAMESPACE=", namespace);
2285 if (!s
->namespace_field
)
2291 int server_init(Server
*s
, const char *namespace) {
2292 const char *native_socket
, *syslog_socket
, *stdout_socket
, *varlink_socket
, *e
;
2293 _cleanup_fdset_free_ FDSet
*fds
= NULL
;
2294 int n
, r
, fd
, varlink_fd
= -1;
2308 .compress
.enabled
= true,
2309 .compress
.threshold_bytes
= UINT64_MAX
,
2314 .watchdog_usec
= USEC_INFINITY
,
2316 .sync_interval_usec
= DEFAULT_SYNC_INTERVAL_USEC
,
2317 .sync_scheduled
= false,
2319 .ratelimit_interval
= DEFAULT_RATE_LIMIT_INTERVAL
,
2320 .ratelimit_burst
= DEFAULT_RATE_LIMIT_BURST
,
2322 .forward_to_wall
= true,
2324 .max_file_usec
= DEFAULT_MAX_FILE_USEC
,
2326 .max_level_store
= LOG_DEBUG
,
2327 .max_level_syslog
= LOG_DEBUG
,
2328 .max_level_kmsg
= LOG_NOTICE
,
2329 .max_level_console
= LOG_INFO
,
2330 .max_level_wall
= LOG_EMERG
,
2332 .line_max
= DEFAULT_LINE_MAX
,
2334 .runtime_storage
.name
= "Runtime Journal",
2335 .system_storage
.name
= "System Journal",
2337 .kmsg_own_ratelimit
= {
2338 .interval
= DEFAULT_KMSG_OWN_INTERVAL
,
2339 .burst
= DEFAULT_KMSG_OWN_BURST
,
2343 r
= set_namespace(s
, namespace);
2347 /* By default, only read from /dev/kmsg if are the main namespace */
2348 s
->read_kmsg
= !s
->namespace;
2349 s
->storage
= s
->namespace ? STORAGE_PERSISTENT
: STORAGE_AUTO
;
2351 journal_reset_metrics(&s
->system_storage
.metrics
);
2352 journal_reset_metrics(&s
->runtime_storage
.metrics
);
2354 server_parse_config_file(s
);
2356 if (!s
->namespace) {
2357 /* Parse kernel command line, but only if we are not a namespace instance */
2358 r
= proc_cmdline_parse(parse_proc_cmdline_item
, s
, PROC_CMDLINE_STRIP_RD_PREFIX
);
2360 log_warning_errno(r
, "Failed to parse kernel command line, ignoring: %m");
2363 if (!!s
->ratelimit_interval
!= !!s
->ratelimit_burst
) { /* One set to 0 and the other not? */
2364 log_debug("Setting both rate limit interval and burst from "USEC_FMT
",%u to 0,0",
2365 s
->ratelimit_interval
, s
->ratelimit_burst
);
2366 s
->ratelimit_interval
= s
->ratelimit_burst
= 0;
2369 e
= getenv("RUNTIME_DIRECTORY");
2371 s
->runtime_directory
= strdup(e
);
2372 else if (s
->namespace)
2373 s
->runtime_directory
= strjoin("/run/systemd/journal.", s
->namespace);
2375 s
->runtime_directory
= strdup("/run/systemd/journal");
2376 if (!s
->runtime_directory
)
2379 (void) mkdir_p(s
->runtime_directory
, 0755);
2381 s
->user_journals
= ordered_hashmap_new(NULL
);
2382 if (!s
->user_journals
)
2385 s
->mmap
= mmap_cache_new();
2389 s
->deferred_closes
= set_new(NULL
);
2390 if (!s
->deferred_closes
)
2393 r
= sd_event_default(&s
->event
);
2395 return log_error_errno(r
, "Failed to create event loop: %m");
2397 n
= sd_listen_fds(true);
2399 return log_error_errno(n
, "Failed to read listening file descriptors from environment: %m");
2401 native_socket
= strjoina(s
->runtime_directory
, "/socket");
2402 stdout_socket
= strjoina(s
->runtime_directory
, "/stdout");
2403 syslog_socket
= strjoina(s
->runtime_directory
, "/dev-log");
2404 varlink_socket
= strjoina(s
->runtime_directory
, "/io.systemd.journal");
2406 for (fd
= SD_LISTEN_FDS_START
; fd
< SD_LISTEN_FDS_START
+ n
; fd
++) {
2408 if (sd_is_socket_unix(fd
, SOCK_DGRAM
, -1, native_socket
, 0) > 0) {
2410 if (s
->native_fd
>= 0)
2411 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
2412 "Too many native sockets passed.");
2416 } else if (sd_is_socket_unix(fd
, SOCK_STREAM
, 1, stdout_socket
, 0) > 0) {
2418 if (s
->stdout_fd
>= 0)
2419 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
2420 "Too many stdout sockets passed.");
2424 } else if (sd_is_socket_unix(fd
, SOCK_DGRAM
, -1, syslog_socket
, 0) > 0) {
2426 if (s
->syslog_fd
>= 0)
2427 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
2428 "Too many /dev/log sockets passed.");
2432 } else if (sd_is_socket_unix(fd
, SOCK_STREAM
, 1, varlink_socket
, 0) > 0) {
2434 if (varlink_fd
>= 0)
2435 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
2436 "Too many varlink sockets passed.");
2439 } else if (sd_is_socket(fd
, AF_NETLINK
, SOCK_RAW
, -1) > 0) {
2441 if (s
->audit_fd
>= 0)
2442 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
2443 "Too many audit sockets passed.");
2455 r
= fdset_put(fds
, fd
);
2461 /* Try to restore streams, but don't bother if this fails */
2462 (void) server_restore_streams(s
, fds
);
2464 if (fdset_size(fds
) > 0) {
2465 log_warning("%u unknown file descriptors passed, closing.", fdset_size(fds
));
2466 fds
= fdset_free(fds
);
2469 no_sockets
= s
->native_fd
< 0 && s
->stdout_fd
< 0 && s
->syslog_fd
< 0 && s
->audit_fd
< 0 && varlink_fd
< 0;
2471 /* always open stdout, syslog, native, and kmsg sockets */
2473 /* systemd-journald.socket: /run/systemd/journal/stdout */
2474 r
= server_open_stdout_socket(s
, stdout_socket
);
2478 /* systemd-journald-dev-log.socket: /run/systemd/journal/dev-log */
2479 r
= server_open_syslog_socket(s
, syslog_socket
);
2483 /* systemd-journald.socket: /run/systemd/journal/socket */
2484 r
= server_open_native_socket(s
, native_socket
);
2489 r
= server_open_dev_kmsg(s
);
2493 /* Unless we got *some* sockets and not audit, open audit socket */
2494 if (s
->audit_fd
>= 0 || no_sockets
) {
2495 r
= server_open_audit(s
);
2500 r
= server_open_varlink(s
, varlink_socket
, varlink_fd
);
2504 r
= server_open_kernel_seqnum(s
);
2508 r
= server_open_hostname(s
);
2512 r
= setup_signals(s
);
2516 s
->ratelimit
= journal_ratelimit_new();
2520 r
= cg_get_root_path(&s
->cgroup_root
);
2522 return log_error_errno(r
, "Failed to acquire cgroup root path: %m");
2524 server_cache_hostname(s
);
2525 server_cache_boot_id(s
);
2526 server_cache_machine_id(s
);
2529 s
->runtime_storage
.path
= strjoin("/run/log/journal/", SERVER_MACHINE_ID(s
), ".", s
->namespace);
2531 s
->runtime_storage
.path
= strjoin("/run/log/journal/", SERVER_MACHINE_ID(s
));
2532 if (!s
->runtime_storage
.path
)
2535 e
= getenv("LOGS_DIRECTORY");
2537 s
->system_storage
.path
= strdup(e
);
2538 else if (s
->namespace)
2539 s
->system_storage
.path
= strjoin("/var/log/journal/", SERVER_MACHINE_ID(s
), ".", s
->namespace);
2541 s
->system_storage
.path
= strjoin("/var/log/journal/", SERVER_MACHINE_ID(s
));
2542 if (!s
->system_storage
.path
)
2545 (void) server_connect_notify(s
);
2547 (void) client_context_acquire_default(s
);
2549 r
= system_journal_open(s
, false, false);
2553 server_start_or_stop_idle_timer(s
);
2557 void server_maybe_append_tags(Server
*s
) {
2559 ManagedJournalFile
*f
;
2562 n
= now(CLOCK_REALTIME
);
2564 if (s
->system_journal
)
2565 journal_file_maybe_append_tag(s
->system_journal
->file
, n
);
2567 ORDERED_HASHMAP_FOREACH(f
, s
->user_journals
)
2568 journal_file_maybe_append_tag(f
->file
, n
);
2572 void server_done(Server
*s
) {
2576 free(s
->namespace_field
);
2578 set_free_with_destructor(s
->deferred_closes
, managed_journal_file_close
);
2580 while (s
->stdout_streams
)
2581 stdout_stream_free(s
->stdout_streams
);
2583 client_context_flush_all(s
);
2585 (void) managed_journal_file_close(s
->system_journal
);
2586 (void) managed_journal_file_close(s
->runtime_journal
);
2588 ordered_hashmap_free_with_destructor(s
->user_journals
, managed_journal_file_close
);
2590 varlink_server_unref(s
->varlink_server
);
2592 sd_event_source_unref(s
->syslog_event_source
);
2593 sd_event_source_unref(s
->native_event_source
);
2594 sd_event_source_unref(s
->stdout_event_source
);
2595 sd_event_source_unref(s
->dev_kmsg_event_source
);
2596 sd_event_source_unref(s
->audit_event_source
);
2597 sd_event_source_unref(s
->sync_event_source
);
2598 sd_event_source_unref(s
->sigusr1_event_source
);
2599 sd_event_source_unref(s
->sigusr2_event_source
);
2600 sd_event_source_unref(s
->sigterm_event_source
);
2601 sd_event_source_unref(s
->sigint_event_source
);
2602 sd_event_source_unref(s
->sigrtmin1_event_source
);
2603 sd_event_source_unref(s
->hostname_event_source
);
2604 sd_event_source_unref(s
->notify_event_source
);
2605 sd_event_source_unref(s
->watchdog_event_source
);
2606 sd_event_source_unref(s
->idle_event_source
);
2607 sd_event_unref(s
->event
);
2609 safe_close(s
->syslog_fd
);
2610 safe_close(s
->native_fd
);
2611 safe_close(s
->stdout_fd
);
2612 safe_close(s
->dev_kmsg_fd
);
2613 safe_close(s
->audit_fd
);
2614 safe_close(s
->hostname_fd
);
2615 safe_close(s
->notify_fd
);
2618 journal_ratelimit_free(s
->ratelimit
);
2620 if (s
->kernel_seqnum
)
2621 munmap(s
->kernel_seqnum
, sizeof(uint64_t));
2625 free(s
->cgroup_root
);
2626 free(s
->hostname_field
);
2627 free(s
->runtime_storage
.path
);
2628 free(s
->system_storage
.path
);
2629 free(s
->runtime_directory
);
2631 mmap_cache_unref(s
->mmap
);
2634 static const char* const storage_table
[_STORAGE_MAX
] = {
2635 [STORAGE_AUTO
] = "auto",
2636 [STORAGE_VOLATILE
] = "volatile",
2637 [STORAGE_PERSISTENT
] = "persistent",
2638 [STORAGE_NONE
] = "none"
2641 DEFINE_STRING_TABLE_LOOKUP(storage
, Storage
);
2642 DEFINE_CONFIG_PARSE_ENUM(config_parse_storage
, storage
, Storage
, "Failed to parse storage setting");
2644 static const char* const split_mode_table
[_SPLIT_MAX
] = {
2645 [SPLIT_LOGIN
] = "login",
2646 [SPLIT_UID
] = "uid",
2647 [SPLIT_NONE
] = "none",
2650 DEFINE_STRING_TABLE_LOOKUP(split_mode
, SplitMode
);
2651 DEFINE_CONFIG_PARSE_ENUM(config_parse_split_mode
, split_mode
, SplitMode
, "Failed to parse split mode setting");
2653 int config_parse_line_max(
2655 const char *filename
,
2657 const char *section
,
2658 unsigned section_line
,
2665 size_t *sz
= ASSERT_PTR(data
);
2672 if (isempty(rvalue
))
2673 /* Empty assignment means default */
2674 *sz
= DEFAULT_LINE_MAX
;
2678 r
= parse_size(rvalue
, 1024, &v
);
2680 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse LineMax= value, ignoring: %s", rvalue
);
2685 /* Why specify 79 here as minimum line length? Simply, because the most common traditional
2686 * terminal size is 80ch, and it might make sense to break one character before the natural
2687 * line break would occur on that. */
2688 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "LineMax= too small, clamping to 79: %s", rvalue
);
2690 } else if (v
> (uint64_t) (SSIZE_MAX
-1)) {
2691 /* So, why specify SSIZE_MAX-1 here? Because that's one below the largest size value read()
2692 * can return, and we need one extra byte for the trailing NUL byte. Of course IRL such large
2693 * memory allocations will fail anyway, hence this limit is mostly theoretical anyway, as we'll
2694 * fail much earlier anyway. */
2695 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "LineMax= too large, clamping to %" PRIu64
": %s", (uint64_t) (SSIZE_MAX
-1), rvalue
);
2704 int config_parse_compress(
2706 const char *filename
,
2708 const char *section
,
2709 unsigned section_line
,
2716 JournalCompressOptions
* compress
= data
;
2719 if (isempty(rvalue
)) {
2720 compress
->enabled
= true;
2721 compress
->threshold_bytes
= UINT64_MAX
;
2722 } else if (streq(rvalue
, "1")) {
2723 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2724 "Compress= ambiguously specified as 1, enabling compression with default threshold");
2725 compress
->enabled
= true;
2726 } else if (streq(rvalue
, "0")) {
2727 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2728 "Compress= ambiguously specified as 0, disabling compression");
2729 compress
->enabled
= false;
2731 r
= parse_boolean(rvalue
);
2733 r
= parse_size(rvalue
, 1024, &compress
->threshold_bytes
);
2735 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2736 "Failed to parse Compress= value, ignoring: %s", rvalue
);
2738 compress
->enabled
= true;
2740 compress
->enabled
= r
;