1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2011 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 #include <sys/signalfd.h>
23 #include <sys/ioctl.h>
24 #include <linux/sockios.h>
25 #include <sys/statvfs.h>
29 #include <selinux/selinux.h>
34 #include "sd-journal.h"
35 #include "sd-messages.h"
36 #include "sd-daemon.h"
40 #include "journal-file.h"
41 #include "socket-util.h"
42 #include "cgroup-util.h"
44 #include "conf-parser.h"
45 #include "selinux-util.h"
47 #include "formats-util.h"
48 #include "process-util.h"
49 #include "hostname-util.h"
50 #include "signal-util.h"
51 #include "journal-internal.h"
52 #include "journal-vacuum.h"
53 #include "journal-authenticate.h"
54 #include "journald-rate-limit.h"
55 #include "journald-kmsg.h"
56 #include "journald-syslog.h"
57 #include "journald-stream.h"
58 #include "journald-native.h"
59 #include "journald-audit.h"
60 #include "journald-server.h"
62 #define USER_JOURNALS_MAX 1024
64 #define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
65 #define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC)
66 #define DEFAULT_RATE_LIMIT_BURST 1000
67 #define DEFAULT_MAX_FILE_USEC USEC_PER_MONTH
69 #define RECHECK_AVAILABLE_SPACE_USEC (30*USEC_PER_SEC)
71 static const char* const storage_table
[_STORAGE_MAX
] = {
72 [STORAGE_AUTO
] = "auto",
73 [STORAGE_VOLATILE
] = "volatile",
74 [STORAGE_PERSISTENT
] = "persistent",
75 [STORAGE_NONE
] = "none"
78 DEFINE_STRING_TABLE_LOOKUP(storage
, Storage
);
79 DEFINE_CONFIG_PARSE_ENUM(config_parse_storage
, storage
, Storage
, "Failed to parse storage setting");
81 static const char* const split_mode_table
[_SPLIT_MAX
] = {
82 [SPLIT_LOGIN
] = "login",
84 [SPLIT_NONE
] = "none",
87 DEFINE_STRING_TABLE_LOOKUP(split_mode
, SplitMode
);
88 DEFINE_CONFIG_PARSE_ENUM(config_parse_split_mode
, split_mode
, SplitMode
, "Failed to parse split mode setting");
90 static uint64_t available_space(Server
*s
, bool verbose
) {
92 _cleanup_free_
char *p
= NULL
;
95 uint64_t sum
= 0, ss_avail
= 0, avail
= 0;
97 _cleanup_closedir_
DIR *d
= NULL
;
102 ts
= now(CLOCK_MONOTONIC
);
104 if (s
->cached_available_space_timestamp
+ RECHECK_AVAILABLE_SPACE_USEC
> ts
106 return s
->cached_available_space
;
108 r
= sd_id128_get_machine(&machine
);
112 if (s
->system_journal
) {
113 f
= "/var/log/journal/";
114 m
= &s
->system_metrics
;
116 f
= "/run/log/journal/";
117 m
= &s
->runtime_metrics
;
122 p
= strappend(f
, sd_id128_to_string(machine
, ids
));
130 if (fstatvfs(dirfd(d
), &ss
) < 0)
139 if (!de
&& errno
!= 0)
145 if (!endswith(de
->d_name
, ".journal") &&
146 !endswith(de
->d_name
, ".journal~"))
149 if (fstatat(dirfd(d
), de
->d_name
, &st
, AT_SYMLINK_NOFOLLOW
) < 0)
152 if (!S_ISREG(st
.st_mode
))
155 sum
+= (uint64_t) st
.st_blocks
* 512UL;
158 ss_avail
= ss
.f_bsize
* ss
.f_bavail
;
160 /* If we reached a high mark, we will always allow this much
161 * again, unless usage goes above max_use. This watermark
162 * value is cached so that we don't give up space on pressure,
163 * but hover below the maximum usage. */
168 avail
= LESS_BY(ss_avail
, m
->keep_free
);
170 s
->cached_available_space
= LESS_BY(MIN(m
->max_use
, avail
), sum
);
171 s
->cached_available_space_timestamp
= ts
;
174 char fb1
[FORMAT_BYTES_MAX
], fb2
[FORMAT_BYTES_MAX
], fb3
[FORMAT_BYTES_MAX
],
175 fb4
[FORMAT_BYTES_MAX
], fb5
[FORMAT_BYTES_MAX
];
177 server_driver_message(s
, SD_MESSAGE_JOURNAL_USAGE
,
178 "%s is currently using %s.\n"
179 "Maximum allowed usage is set to %s.\n"
180 "Leaving at least %s free (of currently available %s of space).\n"
181 "Enforced usage limit is thus %s.",
182 s
->system_journal
? "Permanent journal (/var/log/journal/)" : "Runtime journal (/run/log/journal/)",
183 format_bytes(fb1
, sizeof(fb1
), sum
),
184 format_bytes(fb2
, sizeof(fb2
), m
->max_use
),
185 format_bytes(fb3
, sizeof(fb3
), m
->keep_free
),
186 format_bytes(fb4
, sizeof(fb4
), ss_avail
),
187 format_bytes(fb5
, sizeof(fb5
), s
->cached_available_space
+ sum
));
190 return s
->cached_available_space
;
193 void server_fix_perms(Server
*s
, JournalFile
*f
, uid_t uid
) {
196 _cleanup_(acl_freep
) acl_t acl
= NULL
;
198 acl_permset_t permset
;
203 r
= fchmod(f
->fd
, 0640);
205 log_warning_errno(errno
, "Failed to fix access mode on %s, ignoring: %m", f
->path
);
208 if (uid
<= SYSTEM_UID_MAX
)
211 acl
= acl_get_fd(f
->fd
);
213 log_warning_errno(errno
, "Failed to read ACL on %s, ignoring: %m", f
->path
);
217 r
= acl_find_uid(acl
, uid
, &entry
);
220 if (acl_create_entry(&acl
, &entry
) < 0 ||
221 acl_set_tag_type(entry
, ACL_USER
) < 0 ||
222 acl_set_qualifier(entry
, &uid
) < 0) {
223 log_warning_errno(errno
, "Failed to patch ACL on %s, ignoring: %m", f
->path
);
228 /* We do not recalculate the mask unconditionally here,
229 * so that the fchmod() mask above stays intact. */
230 if (acl_get_permset(entry
, &permset
) < 0 ||
231 acl_add_perm(permset
, ACL_READ
) < 0 ||
232 calc_acl_mask_if_needed(&acl
) < 0) {
233 log_warning_errno(errno
, "Failed to patch ACL on %s, ignoring: %m", f
->path
);
237 if (acl_set_fd(f
->fd
, acl
) < 0)
238 log_warning_errno(errno
, "Failed to set ACL on %s, ignoring: %m", f
->path
);
243 static JournalFile
* find_journal(Server
*s
, uid_t uid
) {
244 _cleanup_free_
char *p
= NULL
;
251 /* We split up user logs only on /var, not on /run. If the
252 * runtime file is open, we write to it exclusively, in order
253 * to guarantee proper order as soon as we flush /run to
254 * /var and close the runtime file. */
256 if (s
->runtime_journal
)
257 return s
->runtime_journal
;
259 if (uid
<= SYSTEM_UID_MAX
)
260 return s
->system_journal
;
262 r
= sd_id128_get_machine(&machine
);
264 return s
->system_journal
;
266 f
= ordered_hashmap_get(s
->user_journals
, UINT32_TO_PTR(uid
));
270 if (asprintf(&p
, "/var/log/journal/" SD_ID128_FORMAT_STR
"/user-"UID_FMT
".journal",
271 SD_ID128_FORMAT_VAL(machine
), uid
) < 0)
272 return s
->system_journal
;
274 while (ordered_hashmap_size(s
->user_journals
) >= USER_JOURNALS_MAX
) {
275 /* Too many open? Then let's close one */
276 f
= ordered_hashmap_steal_first(s
->user_journals
);
278 journal_file_close(f
);
281 r
= journal_file_open_reliably(p
, O_RDWR
|O_CREAT
, 0640, s
->compress
, s
->seal
, &s
->system_metrics
, s
->mmap
, NULL
, &f
);
283 return s
->system_journal
;
285 server_fix_perms(s
, f
, uid
);
287 r
= ordered_hashmap_put(s
->user_journals
, UINT32_TO_PTR(uid
), f
);
289 journal_file_close(f
);
290 return s
->system_journal
;
296 static int do_rotate(
309 r
= journal_file_rotate(f
, s
->compress
, seal
);
312 log_error_errno(r
, "Failed to rotate %s: %m", (*f
)->path
);
314 log_error_errno(r
, "Failed to create new %s journal: %m", name
);
316 server_fix_perms(s
, *f
, uid
);
321 void server_rotate(Server
*s
) {
327 log_debug("Rotating...");
329 do_rotate(s
, &s
->runtime_journal
, "runtime", false, 0);
330 do_rotate(s
, &s
->system_journal
, "system", s
->seal
, 0);
332 ORDERED_HASHMAP_FOREACH_KEY(f
, k
, s
->user_journals
, i
) {
333 r
= do_rotate(s
, &f
, "user", s
->seal
, PTR_TO_UINT32(k
));
335 ordered_hashmap_replace(s
->user_journals
, k
, f
);
337 /* Old file has been closed and deallocated */
338 ordered_hashmap_remove(s
->user_journals
, k
);
342 void server_sync(Server
*s
) {
348 if (s
->system_journal
) {
349 r
= journal_file_set_offline(s
->system_journal
);
351 log_warning_errno(r
, "Failed to sync system journal, ignoring: %m");
354 ORDERED_HASHMAP_FOREACH_KEY(f
, k
, s
->user_journals
, i
) {
355 r
= journal_file_set_offline(f
);
357 log_warning_errno(r
, "Failed to sync user journal, ignoring: %m");
360 if (s
->sync_event_source
) {
361 r
= sd_event_source_set_enabled(s
->sync_event_source
, SD_EVENT_OFF
);
363 log_error_errno(r
, "Failed to disable sync timer source: %m");
366 s
->sync_scheduled
= false;
369 static void do_vacuum(
374 JournalMetrics
*metrics
) {
382 p
= strjoina(path
, id
);
383 r
= journal_directory_vacuum(p
, metrics
->max_use
, s
->max_retention_usec
, &s
->oldest_file_usec
, false);
384 if (r
< 0 && r
!= -ENOENT
)
385 log_error_errno(r
, "Failed to vacuum %s: %m", p
);
388 void server_vacuum(Server
*s
) {
393 log_debug("Vacuuming...");
395 s
->oldest_file_usec
= 0;
397 r
= sd_id128_get_machine(&machine
);
399 log_error_errno(r
, "Failed to get machine ID: %m");
402 sd_id128_to_string(machine
, ids
);
404 do_vacuum(s
, ids
, s
->system_journal
, "/var/log/journal/", &s
->system_metrics
);
405 do_vacuum(s
, ids
, s
->runtime_journal
, "/run/log/journal/", &s
->runtime_metrics
);
407 s
->cached_available_space_timestamp
= 0;
410 static void server_cache_machine_id(Server
*s
) {
416 r
= sd_id128_get_machine(&id
);
420 sd_id128_to_string(id
, stpcpy(s
->machine_id_field
, "_MACHINE_ID="));
423 static void server_cache_boot_id(Server
*s
) {
429 r
= sd_id128_get_boot(&id
);
433 sd_id128_to_string(id
, stpcpy(s
->boot_id_field
, "_BOOT_ID="));
436 static void server_cache_hostname(Server
*s
) {
437 _cleanup_free_
char *t
= NULL
;
442 t
= gethostname_malloc();
446 x
= strappend("_HOSTNAME=", t
);
450 free(s
->hostname_field
);
451 s
->hostname_field
= x
;
454 static bool shall_try_append_again(JournalFile
*f
, int r
) {
456 /* -E2BIG Hit configured limit
458 -EDQUOT Quota limit hit
460 -EIO I/O error of some kind (mmap)
461 -EHOSTDOWN Other machine
462 -EBUSY Unclean shutdown
463 -EPROTONOSUPPORT Unsupported feature
466 -ESHUTDOWN Already archived
467 -EIDRM Journal file has been deleted */
469 if (r
== -E2BIG
|| r
== -EFBIG
|| r
== -EDQUOT
|| r
== -ENOSPC
)
470 log_debug("%s: Allocation limit reached, rotating.", f
->path
);
471 else if (r
== -EHOSTDOWN
)
472 log_info("%s: Journal file from other machine, rotating.", f
->path
);
473 else if (r
== -EBUSY
)
474 log_info("%s: Unclean shutdown, rotating.", f
->path
);
475 else if (r
== -EPROTONOSUPPORT
)
476 log_info("%s: Unsupported feature, rotating.", f
->path
);
477 else if (r
== -EBADMSG
|| r
== -ENODATA
|| r
== ESHUTDOWN
)
478 log_warning("%s: Journal file corrupted, rotating.", f
->path
);
480 log_warning("%s: IO error, rotating.", f
->path
);
481 else if (r
== -EIDRM
)
482 log_warning("%s: Journal file has been deleted, rotating.", f
->path
);
489 static void write_to_journal(Server
*s
, uid_t uid
, struct iovec
*iovec
, unsigned n
, int priority
) {
491 bool vacuumed
= false;
498 f
= find_journal(s
, uid
);
502 if (journal_file_rotate_suggested(f
, s
->max_file_usec
)) {
503 log_debug("%s: Journal header limits reached or header out-of-date, rotating.", f
->path
);
508 f
= find_journal(s
, uid
);
513 r
= journal_file_append_entry(f
, NULL
, iovec
, n
, &s
->seqnum
, NULL
, NULL
);
515 server_schedule_sync(s
, priority
);
519 if (vacuumed
|| !shall_try_append_again(f
, r
)) {
520 log_error_errno(r
, "Failed to write entry (%d items, %zu bytes), ignoring: %m", n
, IOVEC_TOTAL_SIZE(iovec
, n
));
527 f
= find_journal(s
, uid
);
531 log_debug("Retrying write.");
532 r
= journal_file_append_entry(f
, NULL
, iovec
, n
, &s
->seqnum
, NULL
, NULL
);
534 log_error_errno(r
, "Failed to write entry (%d items, %zu bytes) despite vacuuming, ignoring: %m", n
, IOVEC_TOTAL_SIZE(iovec
, n
));
536 server_schedule_sync(s
, priority
);
539 static void dispatch_message_real(
541 struct iovec
*iovec
, unsigned n
, unsigned m
,
542 const struct ucred
*ucred
,
543 const struct timeval
*tv
,
544 const char *label
, size_t label_len
,
549 char pid
[sizeof("_PID=") + DECIMAL_STR_MAX(pid_t
)],
550 uid
[sizeof("_UID=") + DECIMAL_STR_MAX(uid_t
)],
551 gid
[sizeof("_GID=") + DECIMAL_STR_MAX(gid_t
)],
552 owner_uid
[sizeof("_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t
)],
553 source_time
[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t
)],
554 o_uid
[sizeof("OBJECT_UID=") + DECIMAL_STR_MAX(uid_t
)],
555 o_gid
[sizeof("OBJECT_GID=") + DECIMAL_STR_MAX(gid_t
)],
556 o_owner_uid
[sizeof("OBJECT_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t
)];
562 uid_t realuid
= 0, owner
= 0, journal_uid
;
563 bool owner_valid
= false;
565 char audit_session
[sizeof("_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
566 audit_loginuid
[sizeof("_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t
)],
567 o_audit_session
[sizeof("OBJECT_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
568 o_audit_loginuid
[sizeof("OBJECT_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t
)];
577 assert(n
+ N_IOVEC_META_FIELDS
+ (object_pid
? N_IOVEC_OBJECT_FIELDS
: 0) <= m
);
580 realuid
= ucred
->uid
;
582 sprintf(pid
, "_PID="PID_FMT
, ucred
->pid
);
583 IOVEC_SET_STRING(iovec
[n
++], pid
);
585 sprintf(uid
, "_UID="UID_FMT
, ucred
->uid
);
586 IOVEC_SET_STRING(iovec
[n
++], uid
);
588 sprintf(gid
, "_GID="GID_FMT
, ucred
->gid
);
589 IOVEC_SET_STRING(iovec
[n
++], gid
);
591 r
= get_process_comm(ucred
->pid
, &t
);
593 x
= strjoina("_COMM=", t
);
595 IOVEC_SET_STRING(iovec
[n
++], x
);
598 r
= get_process_exe(ucred
->pid
, &t
);
600 x
= strjoina("_EXE=", t
);
602 IOVEC_SET_STRING(iovec
[n
++], x
);
605 r
= get_process_cmdline(ucred
->pid
, 0, false, &t
);
607 x
= strjoina("_CMDLINE=", t
);
609 IOVEC_SET_STRING(iovec
[n
++], x
);
612 r
= get_process_capeff(ucred
->pid
, &t
);
614 x
= strjoina("_CAP_EFFECTIVE=", t
);
616 IOVEC_SET_STRING(iovec
[n
++], x
);
620 r
= audit_session_from_pid(ucred
->pid
, &audit
);
622 sprintf(audit_session
, "_AUDIT_SESSION=%"PRIu32
, audit
);
623 IOVEC_SET_STRING(iovec
[n
++], audit_session
);
626 r
= audit_loginuid_from_pid(ucred
->pid
, &loginuid
);
628 sprintf(audit_loginuid
, "_AUDIT_LOGINUID="UID_FMT
, loginuid
);
629 IOVEC_SET_STRING(iovec
[n
++], audit_loginuid
);
633 r
= cg_pid_get_path_shifted(ucred
->pid
, s
->cgroup_root
, &c
);
635 char *session
= NULL
;
637 x
= strjoina("_SYSTEMD_CGROUP=", c
);
638 IOVEC_SET_STRING(iovec
[n
++], x
);
640 r
= cg_path_get_session(c
, &t
);
642 session
= strjoina("_SYSTEMD_SESSION=", t
);
644 IOVEC_SET_STRING(iovec
[n
++], session
);
647 if (cg_path_get_owner_uid(c
, &owner
) >= 0) {
650 sprintf(owner_uid
, "_SYSTEMD_OWNER_UID="UID_FMT
, owner
);
651 IOVEC_SET_STRING(iovec
[n
++], owner_uid
);
654 if (cg_path_get_unit(c
, &t
) >= 0) {
655 x
= strjoina("_SYSTEMD_UNIT=", t
);
657 IOVEC_SET_STRING(iovec
[n
++], x
);
658 } else if (unit_id
&& !session
) {
659 x
= strjoina("_SYSTEMD_UNIT=", unit_id
);
660 IOVEC_SET_STRING(iovec
[n
++], x
);
663 if (cg_path_get_user_unit(c
, &t
) >= 0) {
664 x
= strjoina("_SYSTEMD_USER_UNIT=", t
);
666 IOVEC_SET_STRING(iovec
[n
++], x
);
667 } else if (unit_id
&& session
) {
668 x
= strjoina("_SYSTEMD_USER_UNIT=", unit_id
);
669 IOVEC_SET_STRING(iovec
[n
++], x
);
672 if (cg_path_get_slice(c
, &t
) >= 0) {
673 x
= strjoina("_SYSTEMD_SLICE=", t
);
675 IOVEC_SET_STRING(iovec
[n
++], x
);
679 } else if (unit_id
) {
680 x
= strjoina("_SYSTEMD_UNIT=", unit_id
);
681 IOVEC_SET_STRING(iovec
[n
++], x
);
685 if (mac_selinux_use()) {
687 x
= alloca(strlen("_SELINUX_CONTEXT=") + label_len
+ 1);
689 *((char*) mempcpy(stpcpy(x
, "_SELINUX_CONTEXT="), label
, label_len
)) = 0;
690 IOVEC_SET_STRING(iovec
[n
++], x
);
692 security_context_t con
;
694 if (getpidcon(ucred
->pid
, &con
) >= 0) {
695 x
= strjoina("_SELINUX_CONTEXT=", con
);
698 IOVEC_SET_STRING(iovec
[n
++], x
);
707 r
= get_process_uid(object_pid
, &object_uid
);
709 sprintf(o_uid
, "OBJECT_UID="UID_FMT
, object_uid
);
710 IOVEC_SET_STRING(iovec
[n
++], o_uid
);
713 r
= get_process_gid(object_pid
, &object_gid
);
715 sprintf(o_gid
, "OBJECT_GID="GID_FMT
, object_gid
);
716 IOVEC_SET_STRING(iovec
[n
++], o_gid
);
719 r
= get_process_comm(object_pid
, &t
);
721 x
= strjoina("OBJECT_COMM=", t
);
723 IOVEC_SET_STRING(iovec
[n
++], x
);
726 r
= get_process_exe(object_pid
, &t
);
728 x
= strjoina("OBJECT_EXE=", t
);
730 IOVEC_SET_STRING(iovec
[n
++], x
);
733 r
= get_process_cmdline(object_pid
, 0, false, &t
);
735 x
= strjoina("OBJECT_CMDLINE=", t
);
737 IOVEC_SET_STRING(iovec
[n
++], x
);
741 r
= audit_session_from_pid(object_pid
, &audit
);
743 sprintf(o_audit_session
, "OBJECT_AUDIT_SESSION=%"PRIu32
, audit
);
744 IOVEC_SET_STRING(iovec
[n
++], o_audit_session
);
747 r
= audit_loginuid_from_pid(object_pid
, &loginuid
);
749 sprintf(o_audit_loginuid
, "OBJECT_AUDIT_LOGINUID="UID_FMT
, loginuid
);
750 IOVEC_SET_STRING(iovec
[n
++], o_audit_loginuid
);
754 r
= cg_pid_get_path_shifted(object_pid
, s
->cgroup_root
, &c
);
756 x
= strjoina("OBJECT_SYSTEMD_CGROUP=", c
);
757 IOVEC_SET_STRING(iovec
[n
++], x
);
759 r
= cg_path_get_session(c
, &t
);
761 x
= strjoina("OBJECT_SYSTEMD_SESSION=", t
);
763 IOVEC_SET_STRING(iovec
[n
++], x
);
766 if (cg_path_get_owner_uid(c
, &owner
) >= 0) {
767 sprintf(o_owner_uid
, "OBJECT_SYSTEMD_OWNER_UID="UID_FMT
, owner
);
768 IOVEC_SET_STRING(iovec
[n
++], o_owner_uid
);
771 if (cg_path_get_unit(c
, &t
) >= 0) {
772 x
= strjoina("OBJECT_SYSTEMD_UNIT=", t
);
774 IOVEC_SET_STRING(iovec
[n
++], x
);
777 if (cg_path_get_user_unit(c
, &t
) >= 0) {
778 x
= strjoina("OBJECT_SYSTEMD_USER_UNIT=", t
);
780 IOVEC_SET_STRING(iovec
[n
++], x
);
789 sprintf(source_time
, "_SOURCE_REALTIME_TIMESTAMP=%llu", (unsigned long long) timeval_load(tv
));
790 IOVEC_SET_STRING(iovec
[n
++], source_time
);
793 /* Note that strictly speaking storing the boot id here is
794 * redundant since the entry includes this in-line
795 * anyway. However, we need this indexed, too. */
796 if (!isempty(s
->boot_id_field
))
797 IOVEC_SET_STRING(iovec
[n
++], s
->boot_id_field
);
799 if (!isempty(s
->machine_id_field
))
800 IOVEC_SET_STRING(iovec
[n
++], s
->machine_id_field
);
802 if (!isempty(s
->hostname_field
))
803 IOVEC_SET_STRING(iovec
[n
++], s
->hostname_field
);
807 if (s
->split_mode
== SPLIT_UID
&& realuid
> 0)
808 /* Split up strictly by any UID */
809 journal_uid
= realuid
;
810 else if (s
->split_mode
== SPLIT_LOGIN
&& realuid
> 0 && owner_valid
&& owner
> 0)
811 /* Split up by login UIDs. We do this only if the
812 * realuid is not root, in order not to accidentally
813 * leak privileged information to the user that is
814 * logged by a privileged process that is part of an
815 * unprivileged session. */
820 write_to_journal(s
, journal_uid
, iovec
, n
, priority
);
823 void server_driver_message(Server
*s
, sd_id128_t message_id
, const char *format
, ...) {
824 char mid
[11 + 32 + 1];
825 char buffer
[16 + LINE_MAX
+ 1];
826 struct iovec iovec
[N_IOVEC_META_FIELDS
+ 6];
829 struct ucred ucred
= {};
834 IOVEC_SET_STRING(iovec
[n
++], "SYSLOG_FACILITY=3");
835 IOVEC_SET_STRING(iovec
[n
++], "SYSLOG_IDENTIFIER=systemd-journald");
837 IOVEC_SET_STRING(iovec
[n
++], "PRIORITY=6");
838 IOVEC_SET_STRING(iovec
[n
++], "_TRANSPORT=driver");
840 memcpy(buffer
, "MESSAGE=", 8);
841 va_start(ap
, format
);
842 vsnprintf(buffer
+ 8, sizeof(buffer
) - 8, format
, ap
);
844 IOVEC_SET_STRING(iovec
[n
++], buffer
);
846 if (!sd_id128_equal(message_id
, SD_ID128_NULL
)) {
847 snprintf(mid
, sizeof(mid
), LOG_MESSAGE_ID(message_id
));
848 IOVEC_SET_STRING(iovec
[n
++], mid
);
851 ucred
.pid
= getpid();
852 ucred
.uid
= getuid();
853 ucred
.gid
= getgid();
855 dispatch_message_real(s
, iovec
, n
, ELEMENTSOF(iovec
), &ucred
, NULL
, NULL
, 0, NULL
, LOG_INFO
, 0);
858 void server_dispatch_message(
860 struct iovec
*iovec
, unsigned n
, unsigned m
,
861 const struct ucred
*ucred
,
862 const struct timeval
*tv
,
863 const char *label
, size_t label_len
,
869 _cleanup_free_
char *path
= NULL
;
873 assert(iovec
|| n
== 0);
878 if (LOG_PRI(priority
) > s
->max_level_store
)
881 /* Stop early in case the information will not be stored
883 if (s
->storage
== STORAGE_NONE
)
889 r
= cg_pid_get_path_shifted(ucred
->pid
, s
->cgroup_root
, &path
);
893 /* example: /user/lennart/3/foobar
894 * /system/dbus.service/foobar
896 * So let's cut of everything past the third /, since that is
897 * where user directories start */
899 c
= strchr(path
, '/');
901 c
= strchr(c
+1, '/');
903 c
= strchr(c
+1, '/');
909 rl
= journal_rate_limit_test(s
->rate_limit
, path
,
910 priority
& LOG_PRIMASK
, available_space(s
, false));
915 /* Write a suppression message if we suppressed something */
917 server_driver_message(s
, SD_MESSAGE_JOURNAL_DROPPED
,
918 "Suppressed %u messages from %s", rl
- 1, path
);
921 dispatch_message_real(s
, iovec
, n
, m
, ucred
, tv
, label
, label_len
, unit_id
, priority
, object_pid
);
925 static int system_journal_open(Server
*s
, bool flush_requested
) {
931 r
= sd_id128_get_machine(&machine
);
933 return log_error_errno(r
, "Failed to get machine id: %m");
935 sd_id128_to_string(machine
, ids
);
937 if (!s
->system_journal
&&
938 (s
->storage
== STORAGE_PERSISTENT
|| s
->storage
== STORAGE_AUTO
) &&
940 || access("/run/systemd/journal/flushed", F_OK
) >= 0)) {
942 /* If in auto mode: first try to create the machine
943 * path, but not the prefix.
945 * If in persistent mode: create /var/log/journal and
946 * the machine path */
948 if (s
->storage
== STORAGE_PERSISTENT
)
949 (void) mkdir_p("/var/log/journal/", 0755);
951 fn
= strjoina("/var/log/journal/", ids
);
952 (void) mkdir(fn
, 0755);
954 fn
= strjoina(fn
, "/system.journal");
955 r
= journal_file_open_reliably(fn
, O_RDWR
|O_CREAT
, 0640, s
->compress
, s
->seal
, &s
->system_metrics
, s
->mmap
, NULL
, &s
->system_journal
);
958 server_fix_perms(s
, s
->system_journal
, 0);
960 if (r
!= -ENOENT
&& r
!= -EROFS
)
961 log_warning_errno(r
, "Failed to open system journal: %m");
967 if (!s
->runtime_journal
&&
968 (s
->storage
!= STORAGE_NONE
)) {
970 fn
= strjoina("/run/log/journal/", ids
, "/system.journal", NULL
);
972 if (s
->system_journal
) {
974 /* Try to open the runtime journal, but only
975 * if it already exists, so that we can flush
976 * it into the system journal */
978 r
= journal_file_open(fn
, O_RDWR
, 0640, s
->compress
, false, &s
->runtime_metrics
, s
->mmap
, NULL
, &s
->runtime_journal
);
981 log_warning_errno(r
, "Failed to open runtime journal: %m");
988 /* OK, we really need the runtime journal, so create
989 * it if necessary. */
991 (void) mkdir("/run/log", 0755);
992 (void) mkdir("/run/log/journal", 0755);
993 (void) mkdir_parents(fn
, 0750);
995 r
= journal_file_open_reliably(fn
, O_RDWR
|O_CREAT
, 0640, s
->compress
, false, &s
->runtime_metrics
, s
->mmap
, NULL
, &s
->runtime_journal
);
997 return log_error_errno(r
, "Failed to open runtime journal: %m");
1000 if (s
->runtime_journal
)
1001 server_fix_perms(s
, s
->runtime_journal
, 0);
1004 available_space(s
, true);
1009 int server_flush_to_var(Server
*s
) {
1011 sd_journal
*j
= NULL
;
1012 char ts
[FORMAT_TIMESPAN_MAX
];
1019 if (s
->storage
!= STORAGE_AUTO
&&
1020 s
->storage
!= STORAGE_PERSISTENT
)
1023 if (!s
->runtime_journal
)
1026 system_journal_open(s
, true);
1028 if (!s
->system_journal
)
1031 log_debug("Flushing to /var...");
1033 start
= now(CLOCK_MONOTONIC
);
1035 r
= sd_id128_get_machine(&machine
);
1039 r
= sd_journal_open(&j
, SD_JOURNAL_RUNTIME_ONLY
);
1041 return log_error_errno(r
, "Failed to read runtime journal: %m");
1043 sd_journal_set_data_threshold(j
, 0);
1045 SD_JOURNAL_FOREACH(j
) {
1049 f
= j
->current_file
;
1050 assert(f
&& f
->current_offset
> 0);
1054 r
= journal_file_move_to_object(f
, OBJECT_ENTRY
, f
->current_offset
, &o
);
1056 log_error_errno(r
, "Can't read entry: %m");
1060 r
= journal_file_copy_entry(f
, s
->system_journal
, o
, f
->current_offset
, NULL
, NULL
, NULL
);
1064 if (!shall_try_append_again(s
->system_journal
, r
)) {
1065 log_error_errno(r
, "Can't write entry: %m");
1072 if (!s
->system_journal
) {
1073 log_notice("Didn't flush runtime journal since rotation of system journal wasn't successful.");
1078 log_debug("Retrying write.");
1079 r
= journal_file_copy_entry(f
, s
->system_journal
, o
, f
->current_offset
, NULL
, NULL
, NULL
);
1081 log_error_errno(r
, "Can't write entry: %m");
1089 journal_file_post_change(s
->system_journal
);
1091 s
->runtime_journal
= journal_file_close(s
->runtime_journal
);
1094 (void) rm_rf("/run/log/journal", REMOVE_ROOT
);
1096 sd_journal_close(j
);
1098 server_driver_message(s
, SD_ID128_NULL
, "Time spent on flushing to /var is %s for %u entries.", format_timespan(ts
, sizeof(ts
), now(CLOCK_MONOTONIC
) - start
, 0), n
);
1103 int server_process_datagram(sd_event_source
*es
, int fd
, uint32_t revents
, void *userdata
) {
1104 Server
*s
= userdata
;
1105 struct ucred
*ucred
= NULL
;
1106 struct timeval
*tv
= NULL
;
1107 struct cmsghdr
*cmsg
;
1109 size_t label_len
= 0, m
;
1112 int *fds
= NULL
, v
= 0;
1116 struct cmsghdr cmsghdr
;
1118 /* We use NAME_MAX space for the SELinux label
1119 * here. The kernel currently enforces no
1120 * limit, but according to suggestions from
1121 * the SELinux people this will change and it
1122 * will probably be identical to NAME_MAX. For
1123 * now we use that, but this should be updated
1124 * one day when the final limit is known. */
1125 uint8_t buf
[CMSG_SPACE(sizeof(struct ucred
)) +
1126 CMSG_SPACE(sizeof(struct timeval
)) +
1127 CMSG_SPACE(sizeof(int)) + /* fd */
1128 CMSG_SPACE(NAME_MAX
)]; /* selinux label */
1131 union sockaddr_union sa
= {};
1133 struct msghdr msghdr
= {
1136 .msg_control
= &control
,
1137 .msg_controllen
= sizeof(control
),
1139 .msg_namelen
= sizeof(sa
),
1143 assert(fd
== s
->native_fd
|| fd
== s
->syslog_fd
|| fd
== s
->audit_fd
);
1145 if (revents
!= EPOLLIN
) {
1146 log_error("Got invalid event from epoll for datagram fd: %"PRIx32
, revents
);
1150 /* Try to get the right size, if we can. (Not all
1151 * sockets support SIOCINQ, hence we just try, but
1152 * don't rely on it. */
1153 (void) ioctl(fd
, SIOCINQ
, &v
);
1155 /* Fix it up, if it is too small. We use the same fixed value as auditd here. Awful! */
1156 m
= PAGE_ALIGN(MAX3((size_t) v
+ 1,
1158 ALIGN(sizeof(struct nlmsghdr
)) + ALIGN((size_t) MAX_AUDIT_MESSAGE_LENGTH
)) + 1);
1160 if (!GREEDY_REALLOC(s
->buffer
, s
->buffer_size
, m
))
1163 iovec
.iov_base
= s
->buffer
;
1164 iovec
.iov_len
= s
->buffer_size
- 1; /* Leave room for trailing NUL we add later */
1166 n
= recvmsg(fd
, &msghdr
, MSG_DONTWAIT
|MSG_CMSG_CLOEXEC
);
1168 if (errno
== EINTR
|| errno
== EAGAIN
)
1171 return log_error_errno(errno
, "recvmsg() failed: %m");
1174 CMSG_FOREACH(cmsg
, &msghdr
) {
1176 if (cmsg
->cmsg_level
== SOL_SOCKET
&&
1177 cmsg
->cmsg_type
== SCM_CREDENTIALS
&&
1178 cmsg
->cmsg_len
== CMSG_LEN(sizeof(struct ucred
)))
1179 ucred
= (struct ucred
*) CMSG_DATA(cmsg
);
1180 else if (cmsg
->cmsg_level
== SOL_SOCKET
&&
1181 cmsg
->cmsg_type
== SCM_SECURITY
) {
1182 label
= (char*) CMSG_DATA(cmsg
);
1183 label_len
= cmsg
->cmsg_len
- CMSG_LEN(0);
1184 } else if (cmsg
->cmsg_level
== SOL_SOCKET
&&
1185 cmsg
->cmsg_type
== SO_TIMESTAMP
&&
1186 cmsg
->cmsg_len
== CMSG_LEN(sizeof(struct timeval
)))
1187 tv
= (struct timeval
*) CMSG_DATA(cmsg
);
1188 else if (cmsg
->cmsg_level
== SOL_SOCKET
&&
1189 cmsg
->cmsg_type
== SCM_RIGHTS
) {
1190 fds
= (int*) CMSG_DATA(cmsg
);
1191 n_fds
= (cmsg
->cmsg_len
- CMSG_LEN(0)) / sizeof(int);
1195 /* And a trailing NUL, just in case */
1198 if (fd
== s
->syslog_fd
) {
1199 if (n
> 0 && n_fds
== 0)
1200 server_process_syslog_message(s
, strstrip(s
->buffer
), ucred
, tv
, label
, label_len
);
1202 log_warning("Got file descriptors via syslog socket. Ignoring.");
1204 } else if (fd
== s
->native_fd
) {
1205 if (n
> 0 && n_fds
== 0)
1206 server_process_native_message(s
, s
->buffer
, n
, ucred
, tv
, label
, label_len
);
1207 else if (n
== 0 && n_fds
== 1)
1208 server_process_native_file(s
, fds
[0], ucred
, tv
, label
, label_len
);
1210 log_warning("Got too many file descriptors via native socket. Ignoring.");
1213 assert(fd
== s
->audit_fd
);
1215 if (n
> 0 && n_fds
== 0)
1216 server_process_audit_message(s
, s
->buffer
, n
, ucred
, &sa
, msghdr
.msg_namelen
);
1218 log_warning("Got file descriptors via audit socket. Ignoring.");
1221 close_many(fds
, n_fds
);
1225 static int dispatch_sigusr1(sd_event_source
*es
, const struct signalfd_siginfo
*si
, void *userdata
) {
1226 Server
*s
= userdata
;
1230 log_info("Received request to flush runtime journal from PID %"PRIu32
, si
->ssi_pid
);
1232 server_flush_to_var(s
);
1236 touch("/run/systemd/journal/flushed");
1241 static int dispatch_sigusr2(sd_event_source
*es
, const struct signalfd_siginfo
*si
, void *userdata
) {
1242 Server
*s
= userdata
;
1246 log_info("Received request to rotate journal from PID %"PRIu32
, si
->ssi_pid
);
1253 static int dispatch_sigterm(sd_event_source
*es
, const struct signalfd_siginfo
*si
, void *userdata
) {
1254 Server
*s
= userdata
;
1258 log_received_signal(LOG_INFO
, si
);
1260 sd_event_exit(s
->event
, 0);
1264 static int setup_signals(Server
*s
) {
1269 assert(sigprocmask_many(SIG_SETMASK
, NULL
, SIGINT
, SIGTERM
, SIGUSR1
, SIGUSR2
, -1) >= 0);
1271 r
= sd_event_add_signal(s
->event
, &s
->sigusr1_event_source
, SIGUSR1
, dispatch_sigusr1
, s
);
1275 r
= sd_event_add_signal(s
->event
, &s
->sigusr2_event_source
, SIGUSR2
, dispatch_sigusr2
, s
);
1279 r
= sd_event_add_signal(s
->event
, &s
->sigterm_event_source
, SIGTERM
, dispatch_sigterm
, s
);
1283 r
= sd_event_add_signal(s
->event
, &s
->sigint_event_source
, SIGINT
, dispatch_sigterm
, s
);
1290 static int server_parse_proc_cmdline(Server
*s
) {
1291 _cleanup_free_
char *line
= NULL
;
1292 const char *w
, *state
;
1296 r
= proc_cmdline(&line
);
1298 log_warning_errno(r
, "Failed to read /proc/cmdline, ignoring: %m");
1302 FOREACH_WORD_QUOTED(w
, l
, line
, state
) {
1303 _cleanup_free_
char *word
;
1305 word
= strndup(w
, l
);
1309 if (startswith(word
, "systemd.journald.forward_to_syslog=")) {
1310 r
= parse_boolean(word
+ 35);
1312 log_warning("Failed to parse forward to syslog switch %s. Ignoring.", word
+ 35);
1314 s
->forward_to_syslog
= r
;
1315 } else if (startswith(word
, "systemd.journald.forward_to_kmsg=")) {
1316 r
= parse_boolean(word
+ 33);
1318 log_warning("Failed to parse forward to kmsg switch %s. Ignoring.", word
+ 33);
1320 s
->forward_to_kmsg
= r
;
1321 } else if (startswith(word
, "systemd.journald.forward_to_console=")) {
1322 r
= parse_boolean(word
+ 36);
1324 log_warning("Failed to parse forward to console switch %s. Ignoring.", word
+ 36);
1326 s
->forward_to_console
= r
;
1327 } else if (startswith(word
, "systemd.journald.forward_to_wall=")) {
1328 r
= parse_boolean(word
+ 33);
1330 log_warning("Failed to parse forward to wall switch %s. Ignoring.", word
+ 33);
1332 s
->forward_to_wall
= r
;
1333 } else if (startswith(word
, "systemd.journald"))
1334 log_warning("Invalid systemd.journald parameter. Ignoring.");
1337 /* do not warn about state here, since probably systemd already did */
1341 static int server_parse_config_file(Server
*s
) {
1344 return config_parse_many("/etc/systemd/journald.conf",
1345 CONF_DIRS_NULSTR("systemd/journald.conf"),
1347 config_item_perf_lookup
, journald_gperf_lookup
,
1351 static int server_dispatch_sync(sd_event_source
*es
, usec_t t
, void *userdata
) {
1352 Server
*s
= userdata
;
1360 int server_schedule_sync(Server
*s
, int priority
) {
1365 if (priority
<= LOG_CRIT
) {
1366 /* Immediately sync to disk when this is of priority CRIT, ALERT, EMERG */
1371 if (s
->sync_scheduled
)
1374 if (s
->sync_interval_usec
> 0) {
1377 r
= sd_event_now(s
->event
, CLOCK_MONOTONIC
, &when
);
1381 when
+= s
->sync_interval_usec
;
1383 if (!s
->sync_event_source
) {
1384 r
= sd_event_add_time(
1386 &s
->sync_event_source
,
1389 server_dispatch_sync
, s
);
1393 r
= sd_event_source_set_priority(s
->sync_event_source
, SD_EVENT_PRIORITY_IMPORTANT
);
1395 r
= sd_event_source_set_time(s
->sync_event_source
, when
);
1399 r
= sd_event_source_set_enabled(s
->sync_event_source
, SD_EVENT_ONESHOT
);
1404 s
->sync_scheduled
= true;
1410 static int dispatch_hostname_change(sd_event_source
*es
, int fd
, uint32_t revents
, void *userdata
) {
1411 Server
*s
= userdata
;
1415 server_cache_hostname(s
);
1419 static int server_open_hostname(Server
*s
) {
1424 s
->hostname_fd
= open("/proc/sys/kernel/hostname", O_RDONLY
|O_CLOEXEC
|O_NDELAY
|O_NOCTTY
);
1425 if (s
->hostname_fd
< 0)
1426 return log_error_errno(errno
, "Failed to open /proc/sys/kernel/hostname: %m");
1428 r
= sd_event_add_io(s
->event
, &s
->hostname_event_source
, s
->hostname_fd
, 0, dispatch_hostname_change
, s
);
1430 /* kernels prior to 3.2 don't support polling this file. Ignore
1433 log_warning_errno(r
, "Failed to register hostname fd in event loop, ignoring: %m");
1434 s
->hostname_fd
= safe_close(s
->hostname_fd
);
1438 return log_error_errno(r
, "Failed to register hostname fd in event loop: %m");
1441 r
= sd_event_source_set_priority(s
->hostname_event_source
, SD_EVENT_PRIORITY_IMPORTANT
-10);
1443 return log_error_errno(r
, "Failed to adjust priority of host name event source: %m");
1448 int server_init(Server
*s
) {
1449 _cleanup_fdset_free_ FDSet
*fds
= NULL
;
1455 s
->syslog_fd
= s
->native_fd
= s
->stdout_fd
= s
->dev_kmsg_fd
= s
->audit_fd
= s
->hostname_fd
= -1;
1459 s
->sync_interval_usec
= DEFAULT_SYNC_INTERVAL_USEC
;
1460 s
->sync_scheduled
= false;
1462 s
->rate_limit_interval
= DEFAULT_RATE_LIMIT_INTERVAL
;
1463 s
->rate_limit_burst
= DEFAULT_RATE_LIMIT_BURST
;
1465 s
->forward_to_wall
= true;
1467 s
->max_file_usec
= DEFAULT_MAX_FILE_USEC
;
1469 s
->max_level_store
= LOG_DEBUG
;
1470 s
->max_level_syslog
= LOG_DEBUG
;
1471 s
->max_level_kmsg
= LOG_NOTICE
;
1472 s
->max_level_console
= LOG_INFO
;
1473 s
->max_level_wall
= LOG_EMERG
;
1475 memset(&s
->system_metrics
, 0xFF, sizeof(s
->system_metrics
));
1476 memset(&s
->runtime_metrics
, 0xFF, sizeof(s
->runtime_metrics
));
1478 server_parse_config_file(s
);
1479 server_parse_proc_cmdline(s
);
1480 if (!!s
->rate_limit_interval
^ !!s
->rate_limit_burst
) {
1481 log_debug("Setting both rate limit interval and burst from "USEC_FMT
",%u to 0,0",
1482 s
->rate_limit_interval
, s
->rate_limit_burst
);
1483 s
->rate_limit_interval
= s
->rate_limit_burst
= 0;
1486 mkdir_p("/run/systemd/journal", 0755);
1488 s
->user_journals
= ordered_hashmap_new(NULL
);
1489 if (!s
->user_journals
)
1492 s
->mmap
= mmap_cache_new();
1496 r
= sd_event_default(&s
->event
);
1498 return log_error_errno(r
, "Failed to create event loop: %m");
1500 sd_event_set_watchdog(s
->event
, true);
1502 n
= sd_listen_fds(true);
1504 return log_error_errno(n
, "Failed to read listening file descriptors from environment: %m");
1506 for (fd
= SD_LISTEN_FDS_START
; fd
< SD_LISTEN_FDS_START
+ n
; fd
++) {
1508 if (sd_is_socket_unix(fd
, SOCK_DGRAM
, -1, "/run/systemd/journal/socket", 0) > 0) {
1510 if (s
->native_fd
>= 0) {
1511 log_error("Too many native sockets passed.");
1517 } else if (sd_is_socket_unix(fd
, SOCK_STREAM
, 1, "/run/systemd/journal/stdout", 0) > 0) {
1519 if (s
->stdout_fd
>= 0) {
1520 log_error("Too many stdout sockets passed.");
1526 } else if (sd_is_socket_unix(fd
, SOCK_DGRAM
, -1, "/dev/log", 0) > 0 ||
1527 sd_is_socket_unix(fd
, SOCK_DGRAM
, -1, "/run/systemd/journal/dev-log", 0) > 0) {
1529 if (s
->syslog_fd
>= 0) {
1530 log_error("Too many /dev/log sockets passed.");
1536 } else if (sd_is_socket(fd
, AF_NETLINK
, SOCK_RAW
, -1) > 0) {
1538 if (s
->audit_fd
>= 0) {
1539 log_error("Too many audit sockets passed.");
1553 r
= fdset_put(fds
, fd
);
1559 r
= server_open_stdout_socket(s
, fds
);
1563 if (fdset_size(fds
) > 0) {
1564 log_warning("%u unknown file descriptors passed, closing.", fdset_size(fds
));
1565 fds
= fdset_free(fds
);
1568 r
= server_open_syslog_socket(s
);
1572 r
= server_open_native_socket(s
);
1576 r
= server_open_dev_kmsg(s
);
1580 r
= server_open_audit(s
);
1584 r
= server_open_kernel_seqnum(s
);
1588 r
= server_open_hostname(s
);
1592 r
= setup_signals(s
);
1596 s
->udev
= udev_new();
1600 s
->rate_limit
= journal_rate_limit_new(s
->rate_limit_interval
, s
->rate_limit_burst
);
1604 r
= cg_get_root_path(&s
->cgroup_root
);
1608 server_cache_hostname(s
);
1609 server_cache_boot_id(s
);
1610 server_cache_machine_id(s
);
1612 return system_journal_open(s
, false);
1615 void server_maybe_append_tags(Server
*s
) {
1621 n
= now(CLOCK_REALTIME
);
1623 if (s
->system_journal
)
1624 journal_file_maybe_append_tag(s
->system_journal
, n
);
1626 ORDERED_HASHMAP_FOREACH(f
, s
->user_journals
, i
)
1627 journal_file_maybe_append_tag(f
, n
);
1631 void server_done(Server
*s
) {
1635 while (s
->stdout_streams
)
1636 stdout_stream_free(s
->stdout_streams
);
1638 if (s
->system_journal
)
1639 journal_file_close(s
->system_journal
);
1641 if (s
->runtime_journal
)
1642 journal_file_close(s
->runtime_journal
);
1644 while ((f
= ordered_hashmap_steal_first(s
->user_journals
)))
1645 journal_file_close(f
);
1647 ordered_hashmap_free(s
->user_journals
);
1649 sd_event_source_unref(s
->syslog_event_source
);
1650 sd_event_source_unref(s
->native_event_source
);
1651 sd_event_source_unref(s
->stdout_event_source
);
1652 sd_event_source_unref(s
->dev_kmsg_event_source
);
1653 sd_event_source_unref(s
->audit_event_source
);
1654 sd_event_source_unref(s
->sync_event_source
);
1655 sd_event_source_unref(s
->sigusr1_event_source
);
1656 sd_event_source_unref(s
->sigusr2_event_source
);
1657 sd_event_source_unref(s
->sigterm_event_source
);
1658 sd_event_source_unref(s
->sigint_event_source
);
1659 sd_event_source_unref(s
->hostname_event_source
);
1660 sd_event_unref(s
->event
);
1662 safe_close(s
->syslog_fd
);
1663 safe_close(s
->native_fd
);
1664 safe_close(s
->stdout_fd
);
1665 safe_close(s
->dev_kmsg_fd
);
1666 safe_close(s
->audit_fd
);
1667 safe_close(s
->hostname_fd
);
1670 journal_rate_limit_free(s
->rate_limit
);
1672 if (s
->kernel_seqnum
)
1673 munmap(s
->kernel_seqnum
, sizeof(uint64_t));
1677 free(s
->cgroup_root
);
1678 free(s
->hostname_field
);
1681 mmap_cache_unref(s
->mmap
);
1683 udev_unref(s
->udev
);