]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/journal/journald-server.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #30232 from keszybz/ukify-imports
[thirdparty/systemd.git] / src / journal / journald-server.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #if HAVE_SELINUX
4 #include <selinux/selinux.h>
5 #endif
6 #include <sys/ioctl.h>
7 #include <sys/mman.h>
8 #include <sys/signalfd.h>
9 #include <sys/statvfs.h>
10 #include <linux/sockios.h>
11
12 #include "sd-daemon.h"
13 #include "sd-journal.h"
14 #include "sd-messages.h"
15
16 #include "acl-util.h"
17 #include "alloc-util.h"
18 #include "audit-util.h"
19 #include "cgroup-util.h"
20 #include "conf-parser.h"
21 #include "dirent-util.h"
22 #include "extract-word.h"
23 #include "fd-util.h"
24 #include "fileio.h"
25 #include "format-util.h"
26 #include "fs-util.h"
27 #include "hashmap.h"
28 #include "hostname-util.h"
29 #include "id128-util.h"
30 #include "initrd-util.h"
31 #include "iovec-util.h"
32 #include "journal-authenticate.h"
33 #include "journal-file-util.h"
34 #include "journal-internal.h"
35 #include "journal-vacuum.h"
36 #include "journald-audit.h"
37 #include "journald-context.h"
38 #include "journald-kmsg.h"
39 #include "journald-native.h"
40 #include "journald-rate-limit.h"
41 #include "journald-server.h"
42 #include "journald-stream.h"
43 #include "journald-syslog.h"
44 #include "log.h"
45 #include "missing_audit.h"
46 #include "mkdir.h"
47 #include "parse-util.h"
48 #include "path-util.h"
49 #include "proc-cmdline.h"
50 #include "process-util.h"
51 #include "rm-rf.h"
52 #include "selinux-util.h"
53 #include "signal-util.h"
54 #include "socket-util.h"
55 #include "stdio-util.h"
56 #include "string-table.h"
57 #include "string-util.h"
58 #include "syslog-util.h"
59 #include "uid-alloc-range.h"
60 #include "user-util.h"
61 #include "varlink-io.systemd.Journal.h"
62
63 #define USER_JOURNALS_MAX 1024
64
65 #define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
66 #define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC)
67 #define DEFAULT_RATE_LIMIT_BURST 10000
68 #define DEFAULT_MAX_FILE_USEC USEC_PER_MONTH
69
70 #define DEFAULT_KMSG_OWN_INTERVAL (5 * USEC_PER_SEC)
71 #define DEFAULT_KMSG_OWN_BURST 50
72
73 #define RECHECK_SPACE_USEC (30*USEC_PER_SEC)
74
75 #define NOTIFY_SNDBUF_SIZE (8*1024*1024)
76
77 /* The period to insert between posting changes for coalescing */
78 #define POST_CHANGE_TIMER_INTERVAL_USEC (250*USEC_PER_MSEC)
79
80 /* Pick a good default that is likely to fit into AF_UNIX and AF_INET SOCK_DGRAM datagrams, and even leaves some room
81 * for a bit of additional metadata. */
82 #define DEFAULT_LINE_MAX (48*1024)
83
84 #define DEFERRED_CLOSES_MAX (4096)
85
86 #define IDLE_TIMEOUT_USEC (30*USEC_PER_SEC)
87
88 #define FAILED_TO_WRITE_ENTRY_RATELIMIT ((const RateLimit) { .interval = 1 * USEC_PER_SEC, .burst = 1 })
89
90 static int server_determine_path_usage(
91 Server *s,
92 const char *path,
93 uint64_t *ret_used,
94 uint64_t *ret_free) {
95
96 _cleanup_closedir_ DIR *d = NULL;
97 struct statvfs ss;
98
99 assert(s);
100 assert(path);
101 assert(ret_used);
102 assert(ret_free);
103
104 d = opendir(path);
105 if (!d)
106 return log_ratelimit_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR,
107 errno, JOURNAL_LOG_RATELIMIT, "Failed to open %s: %m", path);
108
109 if (fstatvfs(dirfd(d), &ss) < 0)
110 return log_ratelimit_error_errno(errno, JOURNAL_LOG_RATELIMIT,
111 "Failed to fstatvfs(%s): %m", path);
112
113 *ret_free = ss.f_bsize * ss.f_bavail;
114 *ret_used = 0;
115 FOREACH_DIRENT_ALL(de, d, break) {
116 struct stat st;
117
118 if (!endswith(de->d_name, ".journal") &&
119 !endswith(de->d_name, ".journal~"))
120 continue;
121
122 if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
123 log_debug_errno(errno, "Failed to stat %s/%s, ignoring: %m", path, de->d_name);
124 continue;
125 }
126
127 if (!S_ISREG(st.st_mode))
128 continue;
129
130 *ret_used += (uint64_t) st.st_blocks * 512UL;
131 }
132
133 return 0;
134 }
135
136 static void cache_space_invalidate(JournalStorageSpace *space) {
137 zero(*space);
138 }
139
140 static int cache_space_refresh(Server *s, JournalStorage *storage) {
141 JournalStorageSpace *space;
142 JournalMetrics *metrics;
143 uint64_t vfs_used, vfs_avail, avail;
144 usec_t ts;
145 int r;
146
147 assert(s);
148
149 metrics = &storage->metrics;
150 space = &storage->space;
151
152 ts = now(CLOCK_MONOTONIC);
153
154 if (space->timestamp != 0 && usec_add(space->timestamp, RECHECK_SPACE_USEC) > ts)
155 return 0;
156
157 r = server_determine_path_usage(s, storage->path, &vfs_used, &vfs_avail);
158 if (r < 0)
159 return r;
160
161 space->vfs_used = vfs_used;
162 space->vfs_available = vfs_avail;
163
164 avail = LESS_BY(vfs_avail, metrics->keep_free);
165
166 space->limit = CLAMP(vfs_used + avail, metrics->min_use, metrics->max_use);
167 space->available = LESS_BY(space->limit, vfs_used);
168 space->timestamp = ts;
169 return 1;
170 }
171
172 static void patch_min_use(JournalStorage *storage) {
173 assert(storage);
174
175 /* Let's bump the min_use limit to the current usage on disk. We do
176 * this when starting up and first opening the journal files. This way
177 * sudden spikes in disk usage will not cause journald to vacuum files
178 * without bounds. Note that this means that only a restart of journald
179 * will make it reset this value. */
180
181 storage->metrics.min_use = MAX(storage->metrics.min_use, storage->space.vfs_used);
182 }
183
184 static JournalStorage* server_current_storage(Server *s) {
185 assert(s);
186
187 return s->system_journal ? &s->system_storage : &s->runtime_storage;
188 }
189
190 static int server_determine_space(Server *s, uint64_t *available, uint64_t *limit) {
191 JournalStorage *js;
192 int r;
193
194 assert(s);
195
196 js = server_current_storage(s);
197
198 r = cache_space_refresh(s, js);
199 if (r >= 0) {
200 if (available)
201 *available = js->space.available;
202 if (limit)
203 *limit = js->space.limit;
204 }
205 return r;
206 }
207
208 void server_space_usage_message(Server *s, JournalStorage *storage) {
209 assert(s);
210
211 if (!storage)
212 storage = server_current_storage(s);
213
214 if (cache_space_refresh(s, storage) < 0)
215 return;
216
217 const JournalMetrics *metrics = &storage->metrics;
218
219 server_driver_message(s, 0,
220 "MESSAGE_ID=" SD_MESSAGE_JOURNAL_USAGE_STR,
221 LOG_MESSAGE("%s (%s) is %s, max %s, %s free.",
222 storage->name, storage->path,
223 FORMAT_BYTES(storage->space.vfs_used),
224 FORMAT_BYTES(storage->space.limit),
225 FORMAT_BYTES(storage->space.available)),
226 "JOURNAL_NAME=%s", storage->name,
227 "JOURNAL_PATH=%s", storage->path,
228 "CURRENT_USE=%"PRIu64, storage->space.vfs_used,
229 "CURRENT_USE_PRETTY=%s", FORMAT_BYTES(storage->space.vfs_used),
230 "MAX_USE=%"PRIu64, metrics->max_use,
231 "MAX_USE_PRETTY=%s", FORMAT_BYTES(metrics->max_use),
232 "DISK_KEEP_FREE=%"PRIu64, metrics->keep_free,
233 "DISK_KEEP_FREE_PRETTY=%s", FORMAT_BYTES(metrics->keep_free),
234 "DISK_AVAILABLE=%"PRIu64, storage->space.vfs_available,
235 "DISK_AVAILABLE_PRETTY=%s", FORMAT_BYTES(storage->space.vfs_available),
236 "LIMIT=%"PRIu64, storage->space.limit,
237 "LIMIT_PRETTY=%s", FORMAT_BYTES(storage->space.limit),
238 "AVAILABLE=%"PRIu64, storage->space.available,
239 "AVAILABLE_PRETTY=%s", FORMAT_BYTES(storage->space.available),
240 NULL);
241 }
242
243 static void server_add_acls(JournalFile *f, uid_t uid) {
244 assert(f);
245
246 #if HAVE_ACL
247 int r;
248
249 if (uid_for_system_journal(uid))
250 return;
251
252 r = fd_add_uid_acl_permission(f->fd, uid, ACL_READ);
253 if (r < 0)
254 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
255 "Failed to set ACL on %s, ignoring: %m", f->path);
256 #endif
257 }
258
259 static int server_open_journal(
260 Server *s,
261 bool reliably,
262 const char *fname,
263 int open_flags,
264 bool seal,
265 JournalMetrics *metrics,
266 JournalFile **ret) {
267
268 _cleanup_(journal_file_offline_closep) JournalFile *f = NULL;
269 JournalFileFlags file_flags;
270 int r;
271
272 assert(s);
273 assert(fname);
274 assert(ret);
275
276 file_flags =
277 (s->compress.enabled ? JOURNAL_COMPRESS : 0) |
278 (seal ? JOURNAL_SEAL : 0) |
279 JOURNAL_STRICT_ORDER;
280
281 set_clear_with_destructor(s->deferred_closes, journal_file_offline_close);
282
283 if (reliably)
284 r = journal_file_open_reliably(
285 fname,
286 open_flags,
287 file_flags,
288 0640,
289 s->compress.threshold_bytes,
290 metrics,
291 s->mmap,
292 /* template= */ NULL,
293 &f);
294 else
295 r = journal_file_open(
296 /* fd= */ -1,
297 fname,
298 open_flags,
299 file_flags,
300 0640,
301 s->compress.threshold_bytes,
302 metrics,
303 s->mmap,
304 /* template= */ NULL,
305 &f);
306 if (r < 0)
307 return r;
308
309 r = journal_file_enable_post_change_timer(f, s->event, POST_CHANGE_TIMER_INTERVAL_USEC);
310 if (r < 0)
311 return r;
312
313 *ret = TAKE_PTR(f);
314 return r;
315 }
316
317 static bool server_flushed_flag_is_set(Server *s) {
318 const char *fn;
319
320 assert(s);
321
322 /* We don't support the "flushing" concept for namespace instances, we assume them to always have
323 * access to /var */
324 if (s->namespace)
325 return true;
326
327 fn = strjoina(s->runtime_directory, "/flushed");
328 return access(fn, F_OK) >= 0;
329 }
330
331 static int server_system_journal_open(
332 Server *s,
333 bool flush_requested,
334 bool relinquish_requested) {
335
336 const char *fn;
337 int r = 0;
338
339 if (!s->system_journal &&
340 IN_SET(s->storage, STORAGE_PERSISTENT, STORAGE_AUTO) &&
341 (flush_requested || server_flushed_flag_is_set(s)) &&
342 !relinquish_requested) {
343
344 /* If in auto mode: first try to create the machine path, but not the prefix.
345 *
346 * If in persistent mode: create /var/log/journal and the machine path */
347
348 if (s->storage == STORAGE_PERSISTENT)
349 (void) mkdir_parents(s->system_storage.path, 0755);
350
351 (void) mkdir(s->system_storage.path, 0755);
352
353 fn = strjoina(s->system_storage.path, "/system.journal");
354 r = server_open_journal(
355 s,
356 /* reliably= */ true,
357 fn,
358 O_RDWR|O_CREAT,
359 s->seal,
360 &s->system_storage.metrics,
361 &s->system_journal);
362 if (r >= 0) {
363 server_add_acls(s->system_journal, 0);
364 (void) cache_space_refresh(s, &s->system_storage);
365 patch_min_use(&s->system_storage);
366 } else {
367 if (!IN_SET(r, -ENOENT, -EROFS))
368 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
369 "Failed to open system journal: %m");
370
371 r = 0;
372 }
373
374 /* If the runtime journal is open, and we're post-flush, we're recovering from a failed
375 * system journal rotate (ENOSPC) for which the runtime journal was reopened.
376 *
377 * Perform an implicit flush to var, leaving the runtime journal closed, now that the system
378 * journal is back.
379 */
380 if (!flush_requested)
381 (void) server_flush_to_var(s, true);
382 }
383
384 if (!s->runtime_journal &&
385 (s->storage != STORAGE_NONE)) {
386
387 fn = strjoina(s->runtime_storage.path, "/system.journal");
388
389 if (!s->system_journal || relinquish_requested) {
390
391 /* OK, we really need the runtime journal, so create it if necessary. */
392
393 (void) mkdir_parents(s->runtime_storage.path, 0755);
394 (void) mkdir(s->runtime_storage.path, 0750);
395
396 r = server_open_journal(
397 s,
398 /* reliably= */ true,
399 fn,
400 O_RDWR|O_CREAT,
401 /* seal= */ false,
402 &s->runtime_storage.metrics,
403 &s->runtime_journal);
404 if (r < 0)
405 return log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
406 "Failed to open runtime journal: %m");
407
408 } else if (!server_flushed_flag_is_set(s)) {
409 /* Try to open the runtime journal, but only if it already exists, so that we can
410 * flush it into the system journal */
411
412 r = server_open_journal(
413 s,
414 /* reliably= */ false,
415 fn,
416 O_RDWR,
417 /* seal= */ false,
418 &s->runtime_storage.metrics,
419 &s->runtime_journal);
420 if (r < 0) {
421 if (r != -ENOENT)
422 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
423 "Failed to open runtime journal: %m");
424
425 r = 0;
426 }
427 }
428
429 if (s->runtime_journal) {
430 server_add_acls(s->runtime_journal, 0);
431 (void) cache_space_refresh(s, &s->runtime_storage);
432 patch_min_use(&s->runtime_storage);
433 }
434 }
435
436 return r;
437 }
438
439 static int server_find_user_journal(Server *s, uid_t uid, JournalFile **ret) {
440 _cleanup_(journal_file_offline_closep) JournalFile *f = NULL;
441 _cleanup_free_ char *p = NULL;
442 int r;
443
444 assert(!uid_for_system_journal(uid));
445
446 f = ordered_hashmap_get(s->user_journals, UID_TO_PTR(uid));
447 if (f)
448 goto found;
449
450 if (asprintf(&p, "%s/user-" UID_FMT ".journal", s->system_storage.path, uid) < 0)
451 return log_oom();
452
453 /* Too many open? Then let's close one (or more) */
454 while (ordered_hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
455 JournalFile *first;
456
457 assert_se(first = ordered_hashmap_steal_first(s->user_journals));
458 (void) journal_file_offline_close(first);
459 }
460
461 r = server_open_journal(
462 s,
463 /* reliably= */ true,
464 p,
465 O_RDWR|O_CREAT,
466 s->seal,
467 &s->system_storage.metrics,
468 &f);
469 if (r < 0)
470 return r;
471
472 r = ordered_hashmap_put(s->user_journals, UID_TO_PTR(uid), f);
473 if (r < 0)
474 return r;
475
476 server_add_acls(f, uid);
477
478 found:
479 *ret = TAKE_PTR(f);
480 return 0;
481 }
482
483 static JournalFile* server_find_journal(Server *s, uid_t uid) {
484 int r;
485
486 assert(s);
487
488 /* A rotate that fails to create the new journal (ENOSPC) leaves the rotated journal as NULL. Unless
489 * we revisit opening, even after space is made available we'll continue to return NULL indefinitely.
490 *
491 * system_journal_open() is a noop if the journals are already open, so we can just call it here to
492 * recover from failed rotates (or anything else that's left the journals as NULL).
493 *
494 * Fixes https://github.com/systemd/systemd/issues/3968 */
495 (void) server_system_journal_open(s, /* flush_requested= */ false, /* relinquish_requested= */ false);
496
497 /* We split up user logs only on /var, not on /run. If the runtime file is open, we write to it
498 * exclusively, in order to guarantee proper order as soon as we flush /run to /var and close the
499 * runtime file. */
500
501 if (s->runtime_journal)
502 return s->runtime_journal;
503
504 /* If we are not in persistent mode, then we need return NULL immediately rather than opening a
505 * persistent journal of any sort.
506 *
507 * Fixes https://github.com/systemd/systemd/issues/20390 */
508 if (!IN_SET(s->storage, STORAGE_AUTO, STORAGE_PERSISTENT))
509 return NULL;
510
511 if (!uid_for_system_journal(uid)) {
512 JournalFile *f = NULL;
513
514 r = server_find_user_journal(s, uid, &f);
515 if (r >= 0)
516 return ASSERT_PTR(f);
517
518 log_warning_errno(r, "Failed to open user journal file, falling back to system journal: %m");
519 }
520
521 return s->system_journal;
522 }
523
524 static int server_do_rotate(
525 Server *s,
526 JournalFile **f,
527 const char* name,
528 bool seal,
529 uint32_t uid) {
530
531 JournalFileFlags file_flags;
532 int r;
533
534 assert(s);
535
536 if (!*f)
537 return -EINVAL;
538
539 file_flags =
540 (s->compress.enabled ? JOURNAL_COMPRESS : 0)|
541 (seal ? JOURNAL_SEAL : 0) |
542 JOURNAL_STRICT_ORDER;
543
544 r = journal_file_rotate(f, s->mmap, file_flags, s->compress.threshold_bytes, s->deferred_closes);
545 if (r < 0) {
546 if (*f)
547 return log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT,
548 "Failed to rotate %s: %m", (*f)->path);
549 else
550 return log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT,
551 "Failed to create new %s journal: %m", name);
552 }
553
554 server_add_acls(*f, uid);
555 return r;
556 }
557
558 static void server_process_deferred_closes(Server *s) {
559 JournalFile *f;
560
561 /* Perform any deferred closes which aren't still offlining. */
562 SET_FOREACH(f, s->deferred_closes) {
563 if (journal_file_is_offlining(f))
564 continue;
565
566 (void) set_remove(s->deferred_closes, f);
567 (void) journal_file_offline_close(f);
568 }
569 }
570
571 static void server_vacuum_deferred_closes(Server *s) {
572 assert(s);
573
574 /* Make some room in the deferred closes list, so that it doesn't grow without bounds */
575 if (set_size(s->deferred_closes) < DEFERRED_CLOSES_MAX)
576 return;
577
578 /* Let's first remove all journal files that might already have completed closing */
579 server_process_deferred_closes(s);
580
581 /* And now, let's close some more until we reach the limit again. */
582 while (set_size(s->deferred_closes) >= DEFERRED_CLOSES_MAX) {
583 JournalFile *f;
584
585 assert_se(f = set_steal_first(s->deferred_closes));
586 journal_file_offline_close(f);
587 }
588 }
589
590 static int server_archive_offline_user_journals(Server *s) {
591 _cleanup_closedir_ DIR *d = NULL;
592 int r;
593
594 assert(s);
595
596 d = opendir(s->system_storage.path);
597 if (!d) {
598 if (errno == ENOENT)
599 return 0;
600
601 return log_ratelimit_error_errno(errno, JOURNAL_LOG_RATELIMIT,
602 "Failed to open %s: %m", s->system_storage.path);
603 }
604
605 for (;;) {
606 _cleanup_free_ char *full = NULL;
607 _cleanup_close_ int fd = -EBADF;
608 struct dirent *de;
609 JournalFile *f;
610 uid_t uid;
611
612 errno = 0;
613 de = readdir_no_dot(d);
614 if (!de) {
615 if (errno != 0)
616 log_ratelimit_warning_errno(errno, JOURNAL_LOG_RATELIMIT,
617 "Failed to enumerate %s, ignoring: %m",
618 s->system_storage.path);
619 break;
620 }
621
622 r = journal_file_parse_uid_from_filename(de->d_name, &uid);
623 if (r < 0) {
624 /* Don't warn if the file is not an online or offline user journal. */
625 if (r != -EREMOTE)
626 log_warning_errno(r, "Failed to parse UID from file name '%s', ignoring: %m", de->d_name);
627 continue;
628 }
629
630 /* Already rotated in the above loop? i.e. is it an open user journal? */
631 if (ordered_hashmap_contains(s->user_journals, UID_TO_PTR(uid)))
632 continue;
633
634 full = path_join(s->system_storage.path, de->d_name);
635 if (!full)
636 return log_oom();
637
638 fd = openat(dirfd(d), de->d_name, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW|O_NONBLOCK);
639 if (fd < 0) {
640 log_ratelimit_full_errno(IN_SET(errno, ELOOP, ENOENT) ? LOG_DEBUG : LOG_WARNING,
641 errno, JOURNAL_LOG_RATELIMIT,
642 "Failed to open journal file '%s' for rotation: %m", full);
643 continue;
644 }
645
646 /* Make some room in the set of deferred close()s */
647 server_vacuum_deferred_closes(s);
648
649 /* Open the file briefly, so that we can archive it */
650 r = journal_file_open(
651 fd,
652 full,
653 O_RDWR,
654 (s->compress.enabled ? JOURNAL_COMPRESS : 0) |
655 (s->seal ? JOURNAL_SEAL : 0), /* strict order does not matter here */
656 0640,
657 s->compress.threshold_bytes,
658 &s->system_storage.metrics,
659 s->mmap,
660 /* template= */ NULL,
661 &f);
662 if (r < 0) {
663 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
664 "Failed to read journal file %s for rotation, trying to move it out of the way: %m",
665 full);
666
667 r = journal_file_dispose(dirfd(d), de->d_name);
668 if (r < 0)
669 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
670 "Failed to move %s out of the way, ignoring: %m",
671 full);
672 else
673 log_debug("Successfully moved %s out of the way.", full);
674
675 continue;
676 }
677
678 TAKE_FD(fd); /* Donated to journal_file_open() */
679
680 journal_file_write_final_tag(f);
681 r = journal_file_archive(f, NULL);
682 if (r < 0)
683 log_debug_errno(r, "Failed to archive journal file '%s', ignoring: %m", full);
684
685 journal_file_initiate_close(TAKE_PTR(f), s->deferred_closes);
686 }
687
688 return 0;
689 }
690
691 void server_rotate(Server *s) {
692 JournalFile *f;
693 void *k;
694 int r;
695
696 log_debug("Rotating...");
697
698 /* First, rotate the system journal (either in its runtime flavour or in its runtime flavour) */
699 (void) server_do_rotate(s, &s->runtime_journal, "runtime", /* seal= */ false, /* uid= */ 0);
700 (void) server_do_rotate(s, &s->system_journal, "system", s->seal, /* uid= */ 0);
701
702 /* Then, rotate all user journals we have open (keeping them open) */
703 ORDERED_HASHMAP_FOREACH_KEY(f, k, s->user_journals) {
704 r = server_do_rotate(s, &f, "user", s->seal, PTR_TO_UID(k));
705 if (r >= 0)
706 ordered_hashmap_replace(s->user_journals, k, f);
707 else if (!f)
708 /* Old file has been closed and deallocated */
709 ordered_hashmap_remove(s->user_journals, k);
710 }
711
712 /* Finally, also rotate all user journals we currently do not have open. (But do so only if we
713 * actually have access to /var, i.e. are not in the log-to-runtime-journal mode). */
714 if (!s->runtime_journal)
715 (void) server_archive_offline_user_journals(s);
716
717 server_process_deferred_closes(s);
718 }
719
720 void server_sync(Server *s) {
721 JournalFile *f;
722 int r;
723
724 if (s->system_journal) {
725 r = journal_file_set_offline(s->system_journal, false);
726 if (r < 0)
727 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
728 "Failed to sync system journal, ignoring: %m");
729 }
730
731 ORDERED_HASHMAP_FOREACH(f, s->user_journals) {
732 r = journal_file_set_offline(f, false);
733 if (r < 0)
734 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
735 "Failed to sync user journal, ignoring: %m");
736 }
737
738 if (s->sync_event_source) {
739 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_OFF);
740 if (r < 0)
741 log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT,
742 "Failed to disable sync timer source: %m");
743 }
744
745 s->sync_scheduled = false;
746 }
747
748 static void server_do_vacuum(Server *s, JournalStorage *storage, bool verbose) {
749
750 int r;
751
752 assert(s);
753 assert(storage);
754
755 (void) cache_space_refresh(s, storage);
756
757 if (verbose)
758 server_space_usage_message(s, storage);
759
760 r = journal_directory_vacuum(storage->path, storage->space.limit,
761 storage->metrics.n_max_files, s->max_retention_usec,
762 &s->oldest_file_usec, verbose);
763 if (r < 0 && r != -ENOENT)
764 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
765 "Failed to vacuum %s, ignoring: %m", storage->path);
766
767 cache_space_invalidate(&storage->space);
768 }
769
770 void server_vacuum(Server *s, bool verbose) {
771 assert(s);
772
773 log_debug("Vacuuming...");
774
775 s->oldest_file_usec = 0;
776
777 if (s->system_journal)
778 server_do_vacuum(s, &s->system_storage, verbose);
779 if (s->runtime_journal)
780 server_do_vacuum(s, &s->runtime_storage, verbose);
781 }
782
783 static void server_cache_machine_id(Server *s) {
784 sd_id128_t id;
785 int r;
786
787 assert(s);
788
789 r = sd_id128_get_machine(&id);
790 if (r < 0)
791 return;
792
793 sd_id128_to_string(id, stpcpy(s->machine_id_field, "_MACHINE_ID="));
794 }
795
796 static void server_cache_boot_id(Server *s) {
797 sd_id128_t id;
798 int r;
799
800 assert(s);
801
802 r = sd_id128_get_boot(&id);
803 if (r < 0)
804 return;
805
806 sd_id128_to_string(id, stpcpy(s->boot_id_field, "_BOOT_ID="));
807 }
808
809 static void server_cache_hostname(Server *s) {
810 _cleanup_free_ char *t = NULL;
811 char *x;
812
813 assert(s);
814
815 t = gethostname_malloc();
816 if (!t)
817 return;
818
819 x = strjoin("_HOSTNAME=", t);
820 if (!x)
821 return;
822
823 free_and_replace(s->hostname_field, x);
824 }
825
826 static bool shall_try_append_again(JournalFile *f, int r) {
827 switch (r) {
828
829 case -E2BIG: /* Hit configured limit */
830 case -EFBIG: /* Hit fs limit */
831 case -EDQUOT: /* Quota limit hit */
832 case -ENOSPC: /* Disk full */
833 log_debug_errno(r, "%s: Allocation limit reached, rotating.", f->path);
834 return true;
835
836 case -EROFS: /* Read-only file system */
837 /* When appending an entry fails if shall_try_append_again returns true, the journal is
838 * rotated. If the FS is read-only, rotation will fail and s->system_journal will be set to
839 * NULL. After that, when find_journal will try to open the journal since s->system_journal
840 * will be NULL, it will open the runtime journal. */
841 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Read-only file system, rotating.", f->path);
842 return true;
843
844 case -EIO: /* I/O error of some kind (mmap) */
845 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT, "%s: IO error, rotating.", f->path);
846 return true;
847
848 case -EHOSTDOWN: /* Other machine */
849 log_ratelimit_info_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Journal file from other machine, rotating.", f->path);
850 return true;
851
852 case -EBUSY: /* Unclean shutdown */
853 log_ratelimit_info_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Unclean shutdown, rotating.", f->path);
854 return true;
855
856 case -EPROTONOSUPPORT: /* Unsupported feature */
857 log_ratelimit_info_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Unsupported feature, rotating.", f->path);
858 return true;
859
860 case -EBADMSG: /* Corrupted */
861 case -ENODATA: /* Truncated */
862 case -ESHUTDOWN: /* Already archived */
863 case -EADDRNOTAVAIL: /* Referenced object offset out of bounds */
864 log_ratelimit_info_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Journal file corrupted, rotating.", f->path);
865 return true;
866
867 case -EIDRM: /* Journal file has been deleted */
868 log_ratelimit_info_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Journal file has been deleted, rotating.", f->path);
869 return true;
870
871 case -EREMCHG: /* Wallclock time (CLOCK_REALTIME) jumped backwards relative to last journal entry */
872 log_ratelimit_info_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Realtime clock jumped backwards relative to last journal entry, rotating.", f->path);
873 return true;
874
875 case -ENOTNAM: /* Monotonic time (CLOCK_MONOTONIC) jumped backwards relative to last journal entry with the same boot ID */
876 log_ratelimit_info_errno(
877 r,
878 JOURNAL_LOG_RATELIMIT,
879 "%s: Monotonic clock jumped backwards relative to last journal entry with the same boot ID, rotating.",
880 f->path);
881 return true;
882
883 case -EILSEQ: /* seqnum ID last used in the file doesn't match the one we'd passed when writing an entry to it */
884 log_ratelimit_info_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Journal file uses a different sequence number ID, rotating.", f->path);
885 return true;
886
887 case -EAFNOSUPPORT:
888 log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Underlying file system does not support memory mapping or another required file system feature.", f->path);
889 return false;
890
891 default:
892 log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Unexpected error while writing to journal file: %m", f->path);
893 return false;
894 }
895 }
896
897 static void server_write_to_journal(
898 Server *s,
899 uid_t uid,
900 const struct iovec *iovec,
901 size_t n,
902 int priority) {
903
904 bool vacuumed = false, rotate = false;
905 struct dual_timestamp ts;
906 JournalFile *f;
907 int r;
908
909 assert(s);
910 assert(iovec);
911 assert(n > 0);
912
913 /* Get the closest, linearized time we have for this log event from the event loop. (Note that we do not use
914 * the source time, and not even the time the event was originally seen, but instead simply the time we started
915 * processing it, as we want strictly linear ordering in what we write out.) */
916 assert_se(sd_event_now(s->event, CLOCK_REALTIME, &ts.realtime) >= 0);
917 assert_se(sd_event_now(s->event, CLOCK_MONOTONIC, &ts.monotonic) >= 0);
918
919 if (ts.realtime < s->last_realtime_clock) {
920 /* When the time jumps backwards, let's immediately rotate. Of course, this should not happen during
921 * regular operation. However, when it does happen, then we should make sure that we start fresh files
922 * to ensure that the entries in the journal files are strictly ordered by time, in order to ensure
923 * bisection works correctly. */
924
925 log_ratelimit_info(JOURNAL_LOG_RATELIMIT, "Time jumped backwards, rotating.");
926 rotate = true;
927 } else {
928
929 f = server_find_journal(s, uid);
930 if (!f)
931 return;
932
933 if (journal_file_rotate_suggested(f, s->max_file_usec, LOG_DEBUG)) {
934 log_debug("%s: Journal header limits reached or header out-of-date, rotating.",
935 f->path);
936 rotate = true;
937 }
938 }
939
940 if (rotate) {
941 server_rotate(s);
942 server_vacuum(s, false);
943 vacuumed = true;
944
945 f = server_find_journal(s, uid);
946 if (!f)
947 return;
948 }
949
950 s->last_realtime_clock = ts.realtime;
951
952 r = journal_file_append_entry(
953 f,
954 &ts,
955 /* boot_id= */ NULL,
956 iovec, n,
957 &s->seqnum->seqnum,
958 &s->seqnum->id,
959 /* ret_object= */ NULL,
960 /* ret_offset= */ NULL);
961 if (r >= 0) {
962 server_schedule_sync(s, priority);
963 return;
964 }
965
966 log_debug_errno(r, "Failed to write entry to %s (%zu items, %zu bytes): %m", f->path, n, iovec_total_size(iovec, n));
967
968 if (!shall_try_append_again(f, r))
969 return;
970 if (vacuumed) {
971 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
972 "Suppressing rotation, as we already rotated immediately before write attempt. Giving up.");
973 return;
974 }
975
976 server_rotate(s);
977 server_vacuum(s, false);
978
979 f = server_find_journal(s, uid);
980 if (!f)
981 return;
982
983 log_debug_errno(r, "Retrying write.");
984 r = journal_file_append_entry(
985 f,
986 &ts,
987 /* boot_id= */ NULL,
988 iovec, n,
989 &s->seqnum->seqnum,
990 &s->seqnum->id,
991 /* ret_object= */ NULL,
992 /* ret_offset= */ NULL);
993 if (r < 0)
994 log_ratelimit_error_errno(r, FAILED_TO_WRITE_ENTRY_RATELIMIT,
995 "Failed to write entry to %s (%zu items, %zu bytes) despite vacuuming, ignoring: %m",
996 f->path, n, iovec_total_size(iovec, n));
997 else
998 server_schedule_sync(s, priority);
999 }
1000
1001 #define IOVEC_ADD_NUMERIC_FIELD(iovec, n, value, type, isset, format, field) \
1002 if (isset(value)) { \
1003 char *k; \
1004 k = newa(char, STRLEN(field "=") + DECIMAL_STR_MAX(type) + 1); \
1005 sprintf(k, field "=" format, value); \
1006 iovec[n++] = IOVEC_MAKE_STRING(k); \
1007 }
1008
1009 #define IOVEC_ADD_STRING_FIELD(iovec, n, value, field) \
1010 if (!isempty(value)) { \
1011 char *k; \
1012 k = strjoina(field "=", value); \
1013 iovec[n++] = IOVEC_MAKE_STRING(k); \
1014 }
1015
1016 #define IOVEC_ADD_ID128_FIELD(iovec, n, value, field) \
1017 if (!sd_id128_is_null(value)) { \
1018 char *k; \
1019 k = newa(char, STRLEN(field "=") + SD_ID128_STRING_MAX); \
1020 sd_id128_to_string(value, stpcpy(k, field "=")); \
1021 iovec[n++] = IOVEC_MAKE_STRING(k); \
1022 }
1023
1024 #define IOVEC_ADD_SIZED_FIELD(iovec, n, value, value_size, field) \
1025 if (value_size > 0) { \
1026 char *k; \
1027 k = newa(char, STRLEN(field "=") + value_size + 1); \
1028 *((char*) mempcpy(stpcpy(k, field "="), value, value_size)) = 0; \
1029 iovec[n++] = IOVEC_MAKE_STRING(k); \
1030 } \
1031
1032 static void server_dispatch_message_real(
1033 Server *s,
1034 struct iovec *iovec, size_t n, size_t m,
1035 const ClientContext *c,
1036 const struct timeval *tv,
1037 int priority,
1038 pid_t object_pid) {
1039
1040 char source_time[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)];
1041 _unused_ _cleanup_free_ char *cmdline1 = NULL, *cmdline2 = NULL;
1042 uid_t journal_uid;
1043 ClientContext *o;
1044
1045 assert(s);
1046 assert(iovec);
1047 assert(n > 0);
1048 assert(n +
1049 N_IOVEC_META_FIELDS +
1050 (pid_is_valid(object_pid) ? N_IOVEC_OBJECT_FIELDS : 0) +
1051 client_context_extra_fields_n_iovec(c) <= m);
1052
1053 if (c) {
1054 IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->pid, pid_t, pid_is_valid, PID_FMT, "_PID");
1055 IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->uid, uid_t, uid_is_valid, UID_FMT, "_UID");
1056 IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->gid, gid_t, gid_is_valid, GID_FMT, "_GID");
1057
1058 IOVEC_ADD_STRING_FIELD(iovec, n, c->comm, "_COMM"); /* At most TASK_COMM_LENGTH (16 bytes) */
1059 IOVEC_ADD_STRING_FIELD(iovec, n, c->exe, "_EXE"); /* A path, so at most PATH_MAX (4096 bytes) */
1060
1061 if (c->cmdline)
1062 /* At most _SC_ARG_MAX (2MB usually), which is too much to put on stack.
1063 * Let's use a heap allocation for this one. */
1064 cmdline1 = set_iovec_string_field(iovec, &n, "_CMDLINE=", c->cmdline);
1065
1066 IOVEC_ADD_STRING_FIELD(iovec, n, c->capeff, "_CAP_EFFECTIVE"); /* Read from /proc/.../status */
1067 IOVEC_ADD_SIZED_FIELD(iovec, n, c->label, c->label_size, "_SELINUX_CONTEXT");
1068 IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->auditid, uint32_t, audit_session_is_valid, "%" PRIu32, "_AUDIT_SESSION");
1069 IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->loginuid, uid_t, uid_is_valid, UID_FMT, "_AUDIT_LOGINUID");
1070
1071 IOVEC_ADD_STRING_FIELD(iovec, n, c->cgroup, "_SYSTEMD_CGROUP"); /* A path */
1072 IOVEC_ADD_STRING_FIELD(iovec, n, c->session, "_SYSTEMD_SESSION");
1073 IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->owner_uid, uid_t, uid_is_valid, UID_FMT, "_SYSTEMD_OWNER_UID");
1074 IOVEC_ADD_STRING_FIELD(iovec, n, c->unit, "_SYSTEMD_UNIT"); /* Unit names are bounded by UNIT_NAME_MAX */
1075 IOVEC_ADD_STRING_FIELD(iovec, n, c->user_unit, "_SYSTEMD_USER_UNIT");
1076 IOVEC_ADD_STRING_FIELD(iovec, n, c->slice, "_SYSTEMD_SLICE");
1077 IOVEC_ADD_STRING_FIELD(iovec, n, c->user_slice, "_SYSTEMD_USER_SLICE");
1078
1079 IOVEC_ADD_ID128_FIELD(iovec, n, c->invocation_id, "_SYSTEMD_INVOCATION_ID");
1080
1081 if (c->extra_fields_n_iovec > 0) {
1082 memcpy(iovec + n, c->extra_fields_iovec, c->extra_fields_n_iovec * sizeof(struct iovec));
1083 n += c->extra_fields_n_iovec;
1084 }
1085 }
1086
1087 assert(n <= m);
1088
1089 if (pid_is_valid(object_pid) && client_context_get(s, object_pid, NULL, NULL, 0, NULL, &o) >= 0) {
1090
1091 IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->pid, pid_t, pid_is_valid, PID_FMT, "OBJECT_PID");
1092 IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->uid, uid_t, uid_is_valid, UID_FMT, "OBJECT_UID");
1093 IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->gid, gid_t, gid_is_valid, GID_FMT, "OBJECT_GID");
1094
1095 /* See above for size limits, only ->cmdline may be large, so use a heap allocation for it. */
1096 IOVEC_ADD_STRING_FIELD(iovec, n, o->comm, "OBJECT_COMM");
1097 IOVEC_ADD_STRING_FIELD(iovec, n, o->exe, "OBJECT_EXE");
1098 if (o->cmdline)
1099 cmdline2 = set_iovec_string_field(iovec, &n, "OBJECT_CMDLINE=", o->cmdline);
1100
1101 IOVEC_ADD_STRING_FIELD(iovec, n, o->capeff, "OBJECT_CAP_EFFECTIVE");
1102 IOVEC_ADD_SIZED_FIELD(iovec, n, o->label, o->label_size, "OBJECT_SELINUX_CONTEXT");
1103 IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->auditid, uint32_t, audit_session_is_valid, "%" PRIu32, "OBJECT_AUDIT_SESSION");
1104 IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->loginuid, uid_t, uid_is_valid, UID_FMT, "OBJECT_AUDIT_LOGINUID");
1105
1106 IOVEC_ADD_STRING_FIELD(iovec, n, o->cgroup, "OBJECT_SYSTEMD_CGROUP");
1107 IOVEC_ADD_STRING_FIELD(iovec, n, o->session, "OBJECT_SYSTEMD_SESSION");
1108 IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->owner_uid, uid_t, uid_is_valid, UID_FMT, "OBJECT_SYSTEMD_OWNER_UID");
1109 IOVEC_ADD_STRING_FIELD(iovec, n, o->unit, "OBJECT_SYSTEMD_UNIT");
1110 IOVEC_ADD_STRING_FIELD(iovec, n, o->user_unit, "OBJECT_SYSTEMD_USER_UNIT");
1111 IOVEC_ADD_STRING_FIELD(iovec, n, o->slice, "OBJECT_SYSTEMD_SLICE");
1112 IOVEC_ADD_STRING_FIELD(iovec, n, o->user_slice, "OBJECT_SYSTEMD_USER_SLICE");
1113
1114 IOVEC_ADD_ID128_FIELD(iovec, n, o->invocation_id, "OBJECT_SYSTEMD_INVOCATION_ID=");
1115 }
1116
1117 assert(n <= m);
1118
1119 if (tv) {
1120 sprintf(source_time, "_SOURCE_REALTIME_TIMESTAMP=" USEC_FMT, timeval_load(tv));
1121 iovec[n++] = IOVEC_MAKE_STRING(source_time);
1122 }
1123
1124 /* Note that strictly speaking storing the boot id here is
1125 * redundant since the entry includes this in-line
1126 * anyway. However, we need this indexed, too. */
1127 if (!isempty(s->boot_id_field))
1128 iovec[n++] = IOVEC_MAKE_STRING(s->boot_id_field);
1129
1130 if (!isempty(s->machine_id_field))
1131 iovec[n++] = IOVEC_MAKE_STRING(s->machine_id_field);
1132
1133 if (!isempty(s->hostname_field))
1134 iovec[n++] = IOVEC_MAKE_STRING(s->hostname_field);
1135
1136 if (!isempty(s->namespace_field))
1137 iovec[n++] = IOVEC_MAKE_STRING(s->namespace_field);
1138
1139 iovec[n++] = in_initrd() ? IOVEC_MAKE_STRING("_RUNTIME_SCOPE=initrd") : IOVEC_MAKE_STRING("_RUNTIME_SCOPE=system");
1140 assert(n <= m);
1141
1142 if (s->split_mode == SPLIT_UID && c && uid_is_valid(c->uid))
1143 /* Split up strictly by (non-root) UID */
1144 journal_uid = c->uid;
1145 else if (s->split_mode == SPLIT_LOGIN && c && c->uid > 0 && uid_is_valid(c->owner_uid))
1146 /* Split up by login UIDs. We do this only if the
1147 * realuid is not root, in order not to accidentally
1148 * leak privileged information to the user that is
1149 * logged by a privileged process that is part of an
1150 * unprivileged session. */
1151 journal_uid = c->owner_uid;
1152 else
1153 journal_uid = 0;
1154
1155 server_write_to_journal(s, journal_uid, iovec, n, priority);
1156 }
1157
1158 void server_driver_message(Server *s, pid_t object_pid, const char *message_id, const char *format, ...) {
1159
1160 struct iovec *iovec;
1161 size_t n = 0, k, m;
1162 va_list ap;
1163 int r;
1164
1165 assert(s);
1166 assert(format);
1167
1168 m = N_IOVEC_META_FIELDS + 5 + N_IOVEC_PAYLOAD_FIELDS + client_context_extra_fields_n_iovec(s->my_context) + N_IOVEC_OBJECT_FIELDS;
1169 iovec = newa(struct iovec, m);
1170
1171 assert_cc(3 == LOG_FAC(LOG_DAEMON));
1172 iovec[n++] = IOVEC_MAKE_STRING("SYSLOG_FACILITY=3");
1173 iovec[n++] = IOVEC_MAKE_STRING("SYSLOG_IDENTIFIER=systemd-journald");
1174
1175 iovec[n++] = IOVEC_MAKE_STRING("_TRANSPORT=driver");
1176 assert_cc(6 == LOG_INFO);
1177 iovec[n++] = IOVEC_MAKE_STRING("PRIORITY=6");
1178
1179 if (message_id)
1180 iovec[n++] = IOVEC_MAKE_STRING(message_id);
1181 k = n;
1182
1183 va_start(ap, format);
1184 r = log_format_iovec(iovec, m, &n, false, 0, format, ap);
1185 /* Error handling below */
1186 va_end(ap);
1187
1188 if (r >= 0)
1189 server_dispatch_message_real(s, iovec, n, m, s->my_context, /* tv= */ NULL, LOG_INFO, object_pid);
1190
1191 while (k < n)
1192 free(iovec[k++].iov_base);
1193
1194 if (r < 0) {
1195 /* We failed to format the message. Emit a warning instead. */
1196 char buf[LINE_MAX];
1197
1198 errno = -r;
1199 xsprintf(buf, "MESSAGE=Entry printing failed: %m");
1200
1201 n = 3;
1202 iovec[n++] = IOVEC_MAKE_STRING("PRIORITY=4");
1203 iovec[n++] = IOVEC_MAKE_STRING(buf);
1204 server_dispatch_message_real(s, iovec, n, m, s->my_context, /* tv= */ NULL, LOG_INFO, object_pid);
1205 }
1206 }
1207
1208 void server_dispatch_message(
1209 Server *s,
1210 struct iovec *iovec, size_t n, size_t m,
1211 ClientContext *c,
1212 const struct timeval *tv,
1213 int priority,
1214 pid_t object_pid) {
1215
1216 uint64_t available = 0;
1217 int rl;
1218
1219 assert(s);
1220 assert(iovec || n == 0);
1221
1222 if (n == 0)
1223 return;
1224
1225 if (LOG_PRI(priority) > s->max_level_store)
1226 return;
1227
1228 /* Stop early in case the information will not be stored
1229 * in a journal. */
1230 if (s->storage == STORAGE_NONE)
1231 return;
1232
1233 if (c && c->unit) {
1234 (void) server_determine_space(s, &available, /* limit= */ NULL);
1235
1236 rl = journal_ratelimit_test(s->ratelimit, c->unit, c->log_ratelimit_interval, c->log_ratelimit_burst, priority & LOG_PRIMASK, available);
1237 if (rl == 0)
1238 return;
1239
1240 /* Write a suppression message if we suppressed something */
1241 if (rl > 1)
1242 server_driver_message(s, c->pid,
1243 "MESSAGE_ID=" SD_MESSAGE_JOURNAL_DROPPED_STR,
1244 LOG_MESSAGE("Suppressed %i messages from %s", rl - 1, c->unit),
1245 "N_DROPPED=%i", rl - 1,
1246 NULL);
1247 }
1248
1249 server_dispatch_message_real(s, iovec, n, m, c, tv, priority, object_pid);
1250 }
1251
1252 int server_flush_to_var(Server *s, bool require_flag_file) {
1253 sd_journal *j = NULL;
1254 const char *fn;
1255 unsigned n = 0;
1256 usec_t start;
1257 int r, k;
1258
1259 assert(s);
1260
1261 if (!IN_SET(s->storage, STORAGE_AUTO, STORAGE_PERSISTENT))
1262 return 0;
1263
1264 if (s->namespace) /* Flushing concept does not exist for namespace instances */
1265 return 0;
1266
1267 if (!s->runtime_journal) /* Nothing to flush? */
1268 return 0;
1269
1270 if (require_flag_file && !server_flushed_flag_is_set(s))
1271 return 0;
1272
1273 (void) server_system_journal_open(s, /* flush_requested=*/ true, /* relinquish_requested= */ false);
1274
1275 if (!s->system_journal)
1276 return 0;
1277
1278 log_debug("Flushing to %s...", s->system_storage.path);
1279
1280 start = now(CLOCK_MONOTONIC);
1281
1282 r = sd_journal_open(&j, SD_JOURNAL_RUNTIME_ONLY);
1283 if (r < 0)
1284 return log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT,
1285 "Failed to read runtime journal: %m");
1286
1287 sd_journal_set_data_threshold(j, 0);
1288
1289 SD_JOURNAL_FOREACH(j) {
1290 Object *o = NULL;
1291 JournalFile *f;
1292
1293 f = j->current_file;
1294 assert(f && f->current_offset > 0);
1295
1296 n++;
1297
1298 r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
1299 if (r < 0) {
1300 log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT, "Can't read entry: %m");
1301 goto finish;
1302 }
1303
1304 r = journal_file_copy_entry(
1305 f,
1306 s->system_journal,
1307 o,
1308 f->current_offset,
1309 &s->seqnum->seqnum,
1310 &s->seqnum->id);
1311 if (r >= 0)
1312 continue;
1313
1314 if (!shall_try_append_again(s->system_journal, r)) {
1315 log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT, "Can't write entry: %m");
1316 goto finish;
1317 }
1318
1319 log_ratelimit_info(JOURNAL_LOG_RATELIMIT, "Rotating system journal.");
1320
1321 server_rotate(s);
1322 server_vacuum(s, false);
1323
1324 if (!s->system_journal) {
1325 log_ratelimit_notice(JOURNAL_LOG_RATELIMIT,
1326 "Didn't flush runtime journal since rotation of system journal wasn't successful.");
1327 r = -EIO;
1328 goto finish;
1329 }
1330
1331 log_debug("Retrying write.");
1332 r = journal_file_copy_entry(
1333 f,
1334 s->system_journal,
1335 o,
1336 f->current_offset,
1337 &s->seqnum->seqnum,
1338 &s->seqnum->id);
1339 if (r < 0) {
1340 log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT, "Can't write entry: %m");
1341 goto finish;
1342 }
1343 }
1344
1345 r = 0;
1346
1347 finish:
1348 if (s->system_journal)
1349 journal_file_post_change(s->system_journal);
1350
1351 s->runtime_journal = journal_file_offline_close(s->runtime_journal);
1352
1353 if (r >= 0)
1354 (void) rm_rf(s->runtime_storage.path, REMOVE_ROOT);
1355
1356 sd_journal_close(j);
1357
1358 server_driver_message(s, 0, NULL,
1359 LOG_MESSAGE("Time spent on flushing to %s is %s for %u entries.",
1360 s->system_storage.path,
1361 FORMAT_TIMESPAN(usec_sub_unsigned(now(CLOCK_MONOTONIC), start), 0),
1362 n),
1363 NULL);
1364
1365 fn = strjoina(s->runtime_directory, "/flushed");
1366 k = touch(fn);
1367 if (k < 0)
1368 log_ratelimit_warning_errno(k, JOURNAL_LOG_RATELIMIT,
1369 "Failed to touch %s, ignoring: %m", fn);
1370
1371 server_refresh_idle_timer(s);
1372 return r;
1373 }
1374
1375 static int server_relinquish_var(Server *s) {
1376 const char *fn;
1377 assert(s);
1378
1379 if (s->storage == STORAGE_NONE)
1380 return 0;
1381
1382 if (s->namespace) /* Concept does not exist for namespaced instances */
1383 return -EOPNOTSUPP;
1384
1385 if (s->runtime_journal && !s->system_journal)
1386 return 0;
1387
1388 log_debug("Relinquishing %s...", s->system_storage.path);
1389
1390 (void) server_system_journal_open(s, /* flush_requested */ false, /* relinquish_requested=*/ true);
1391
1392 s->system_journal = journal_file_offline_close(s->system_journal);
1393 ordered_hashmap_clear_with_destructor(s->user_journals, journal_file_offline_close);
1394 set_clear_with_destructor(s->deferred_closes, journal_file_offline_close);
1395
1396 fn = strjoina(s->runtime_directory, "/flushed");
1397 if (unlink(fn) < 0 && errno != ENOENT)
1398 log_ratelimit_warning_errno(errno, JOURNAL_LOG_RATELIMIT,
1399 "Failed to unlink %s, ignoring: %m", fn);
1400
1401 server_refresh_idle_timer(s);
1402 return 0;
1403 }
1404
1405 int server_process_datagram(
1406 sd_event_source *es,
1407 int fd,
1408 uint32_t revents,
1409 void *userdata) {
1410
1411 size_t label_len = 0, m;
1412 Server *s = ASSERT_PTR(userdata);
1413 struct ucred *ucred = NULL;
1414 struct timeval tv_buf, *tv = NULL;
1415 struct cmsghdr *cmsg;
1416 char *label = NULL;
1417 struct iovec iovec;
1418 ssize_t n;
1419 int *fds = NULL, v = 0;
1420 size_t n_fds = 0;
1421
1422 /* We use NAME_MAX space for the SELinux label here. The kernel currently enforces no limit, but
1423 * according to suggestions from the SELinux people this will change and it will probably be
1424 * identical to NAME_MAX. For now we use that, but this should be updated one day when the final
1425 * limit is known.
1426 *
1427 * Here, we need to explicitly initialize the buffer with zero, as glibc has a bug in
1428 * __convert_scm_timestamps(), which assumes the buffer is initialized. See #20741. */
1429 CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct ucred)) +
1430 CMSG_SPACE_TIMEVAL +
1431 CMSG_SPACE(sizeof(int)) + /* fd */
1432 CMSG_SPACE(NAME_MAX) /* selinux label */) control = {};
1433
1434 union sockaddr_union sa = {};
1435
1436 struct msghdr msghdr = {
1437 .msg_iov = &iovec,
1438 .msg_iovlen = 1,
1439 .msg_control = &control,
1440 .msg_controllen = sizeof(control),
1441 .msg_name = &sa,
1442 .msg_namelen = sizeof(sa),
1443 };
1444
1445 assert(fd == s->native_fd || fd == s->syslog_fd || fd == s->audit_fd);
1446
1447 if (revents != EPOLLIN)
1448 return log_error_errno(SYNTHETIC_ERRNO(EIO),
1449 "Got invalid event from epoll for datagram fd: %" PRIx32,
1450 revents);
1451
1452 /* Try to get the right size, if we can. (Not all sockets support SIOCINQ, hence we just try, but don't rely on
1453 * it.) */
1454 (void) ioctl(fd, SIOCINQ, &v);
1455
1456 /* Fix it up, if it is too small. We use the same fixed value as auditd here. Awful! */
1457 m = PAGE_ALIGN(MAX3((size_t) v + 1,
1458 (size_t) LINE_MAX,
1459 ALIGN(sizeof(struct nlmsghdr)) + ALIGN((size_t) MAX_AUDIT_MESSAGE_LENGTH)) + 1);
1460
1461 if (!GREEDY_REALLOC(s->buffer, m))
1462 return log_oom();
1463
1464 iovec = IOVEC_MAKE(s->buffer, MALLOC_ELEMENTSOF(s->buffer) - 1); /* Leave room for trailing NUL we add later */
1465
1466 n = recvmsg_safe(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
1467 if (n < 0) {
1468 if (ERRNO_IS_TRANSIENT(n))
1469 return 0;
1470 if (n == -EXFULL) {
1471 log_ratelimit_warning(JOURNAL_LOG_RATELIMIT,
1472 "Got message with truncated control data (too many fds sent?), ignoring.");
1473 return 0;
1474 }
1475 return log_ratelimit_error_errno(n, JOURNAL_LOG_RATELIMIT, "recvmsg() failed: %m");
1476 }
1477
1478 CMSG_FOREACH(cmsg, &msghdr)
1479 if (cmsg->cmsg_level == SOL_SOCKET &&
1480 cmsg->cmsg_type == SCM_CREDENTIALS &&
1481 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
1482 assert(!ucred);
1483 ucred = CMSG_TYPED_DATA(cmsg, struct ucred);
1484 } else if (cmsg->cmsg_level == SOL_SOCKET &&
1485 cmsg->cmsg_type == SCM_SECURITY) {
1486 assert(!label);
1487 label = CMSG_TYPED_DATA(cmsg, char);
1488 label_len = cmsg->cmsg_len - CMSG_LEN(0);
1489 } else if (cmsg->cmsg_level == SOL_SOCKET &&
1490 cmsg->cmsg_type == SCM_TIMESTAMP &&
1491 cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval))) {
1492 assert(!tv);
1493 tv = memcpy(&tv_buf, CMSG_DATA(cmsg), sizeof(struct timeval));
1494 } else if (cmsg->cmsg_level == SOL_SOCKET &&
1495 cmsg->cmsg_type == SCM_RIGHTS) {
1496 assert(!fds);
1497 fds = CMSG_TYPED_DATA(cmsg, int);
1498 n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
1499 }
1500
1501 /* And a trailing NUL, just in case */
1502 s->buffer[n] = 0;
1503
1504 if (fd == s->syslog_fd) {
1505 if (n > 0 && n_fds == 0)
1506 server_process_syslog_message(s, s->buffer, n, ucred, tv, label, label_len);
1507 else if (n_fds > 0)
1508 log_ratelimit_warning(JOURNAL_LOG_RATELIMIT,
1509 "Got file descriptors via syslog socket. Ignoring.");
1510
1511 } else if (fd == s->native_fd) {
1512 if (n > 0 && n_fds == 0)
1513 server_process_native_message(s, s->buffer, n, ucred, tv, label, label_len);
1514 else if (n == 0 && n_fds == 1)
1515 server_process_native_file(s, fds[0], ucred, tv, label, label_len);
1516 else if (n_fds > 0)
1517 log_ratelimit_warning(JOURNAL_LOG_RATELIMIT,
1518 "Got too many file descriptors via native socket. Ignoring.");
1519
1520 } else {
1521 assert(fd == s->audit_fd);
1522
1523 if (n > 0 && n_fds == 0)
1524 server_process_audit_message(s, s->buffer, n, ucred, &sa, msghdr.msg_namelen);
1525 else if (n_fds > 0)
1526 log_ratelimit_warning(JOURNAL_LOG_RATELIMIT,
1527 "Got file descriptors via audit socket. Ignoring.");
1528 }
1529
1530 close_many(fds, n_fds);
1531
1532 server_refresh_idle_timer(s);
1533 return 0;
1534 }
1535
1536 static void server_full_flush(Server *s) {
1537 assert(s);
1538
1539 (void) server_flush_to_var(s, false);
1540 server_sync(s);
1541 server_vacuum(s, false);
1542
1543 server_space_usage_message(s, NULL);
1544
1545 server_refresh_idle_timer(s);
1546 }
1547
1548 static int dispatch_sigusr1(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1549 Server *s = ASSERT_PTR(userdata);
1550
1551 if (s->namespace) {
1552 log_error("Received SIGUSR1 signal from PID %u, but flushing runtime journals not supported for namespaced instances.", si->ssi_pid);
1553 return 0;
1554 }
1555
1556 log_info("Received SIGUSR1 signal from PID %u, as request to flush runtime journal.", si->ssi_pid);
1557 server_full_flush(s);
1558
1559 return 0;
1560 }
1561
1562 static void server_full_rotate(Server *s) {
1563 const char *fn;
1564 int r;
1565
1566 assert(s);
1567
1568 server_rotate(s);
1569 server_vacuum(s, true);
1570
1571 if (s->system_journal)
1572 patch_min_use(&s->system_storage);
1573 if (s->runtime_journal)
1574 patch_min_use(&s->runtime_storage);
1575
1576 /* Let clients know when the most recent rotation happened. */
1577 fn = strjoina(s->runtime_directory, "/rotated");
1578 r = write_timestamp_file_atomic(fn, now(CLOCK_MONOTONIC));
1579 if (r < 0)
1580 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
1581 "Failed to write %s, ignoring: %m", fn);
1582 }
1583
1584 static int dispatch_sigusr2(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1585 Server *s = ASSERT_PTR(userdata);
1586
1587 log_info("Received SIGUSR2 signal from PID %u, as request to rotate journal, rotating.", si->ssi_pid);
1588 server_full_rotate(s);
1589
1590 return 0;
1591 }
1592
1593 static int dispatch_sigterm(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1594 _cleanup_(sd_event_source_disable_unrefp) sd_event_source *news = NULL;
1595 Server *s = ASSERT_PTR(userdata);
1596 int r;
1597
1598 log_received_signal(LOG_INFO, si);
1599
1600 (void) sd_event_source_set_enabled(es, SD_EVENT_OFF); /* Make sure this handler is called at most once */
1601
1602 /* So on one hand we want to ensure that SIGTERMs are definitely handled in appropriate, bounded
1603 * time. On the other hand we want that everything pending is first comprehensively processed and
1604 * written to disk. These goals are incompatible, hence we try to find a middle ground: we'll process
1605 * SIGTERM with high priority, but from the handler (this one right here) we'll install two new event
1606 * sources: one low priority idle one that will issue the exit once everything else is processed (and
1607 * which is hopefully the regular, clean codepath); and one high priority timer that acts as safety
1608 * net: if our idle handler isn't run within 10s, we'll exit anyway.
1609 *
1610 * TLDR: we'll exit either when everything is processed, or after 10s max, depending on what happens
1611 * first.
1612 *
1613 * Note that exiting before the idle event is hit doesn't typically mean that we lose any data, as
1614 * messages will remain queued in the sockets they came in from, and thus can be processed when we
1615 * start up next – unless we are going down for the final system shutdown, in which case everything
1616 * is lost. */
1617
1618 r = sd_event_add_defer(s->event, &news, NULL, NULL); /* NULL handler means → exit when triggered */
1619 if (r < 0) {
1620 log_error_errno(r, "Failed to allocate exit idle event handler: %m");
1621 goto fail;
1622 }
1623
1624 (void) sd_event_source_set_description(news, "exit-idle");
1625
1626 /* Run everything relevant before this. */
1627 r = sd_event_source_set_priority(news, SD_EVENT_PRIORITY_NORMAL+20);
1628 if (r < 0) {
1629 log_error_errno(r, "Failed to adjust priority of exit idle event handler: %m");
1630 goto fail;
1631 }
1632
1633 /* Give up ownership, so that this event source is freed automatically when the event loop is freed. */
1634 r = sd_event_source_set_floating(news, true);
1635 if (r < 0) {
1636 log_error_errno(r, "Failed to make exit idle event handler floating: %m");
1637 goto fail;
1638 }
1639
1640 news = sd_event_source_unref(news);
1641
1642 r = sd_event_add_time_relative(s->event, &news, CLOCK_MONOTONIC, 10 * USEC_PER_SEC, 0, NULL, NULL);
1643 if (r < 0) {
1644 log_error_errno(r, "Failed to allocate exit timeout event handler: %m");
1645 goto fail;
1646 }
1647
1648 (void) sd_event_source_set_description(news, "exit-timeout");
1649
1650 r = sd_event_source_set_priority(news, SD_EVENT_PRIORITY_IMPORTANT-20); /* This is a safety net, with highest priority */
1651 if (r < 0) {
1652 log_error_errno(r, "Failed to adjust priority of exit timeout event handler: %m");
1653 goto fail;
1654 }
1655
1656 r = sd_event_source_set_floating(news, true);
1657 if (r < 0) {
1658 log_error_errno(r, "Failed to make exit timeout event handler floating: %m");
1659 goto fail;
1660 }
1661
1662 news = sd_event_source_unref(news);
1663
1664 log_debug("Exit event sources are now pending.");
1665 return 0;
1666
1667 fail:
1668 sd_event_exit(s->event, 0);
1669 return 0;
1670 }
1671
1672 static void server_full_sync(Server *s) {
1673 const char *fn;
1674 int r;
1675
1676 assert(s);
1677
1678 server_sync(s);
1679
1680 /* Let clients know when the most recent sync happened. */
1681 fn = strjoina(s->runtime_directory, "/synced");
1682 r = write_timestamp_file_atomic(fn, now(CLOCK_MONOTONIC));
1683 if (r < 0)
1684 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
1685 "Failed to write %s, ignoring: %m", fn);
1686
1687 return;
1688 }
1689
1690 static int dispatch_sigrtmin1(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1691 Server *s = ASSERT_PTR(userdata);
1692
1693 log_debug("Received SIGRTMIN1 signal from PID %u, as request to sync.", si->ssi_pid);
1694 server_full_sync(s);
1695
1696 return 0;
1697 }
1698
1699 static int server_setup_signals(Server *s) {
1700 int r;
1701
1702 assert(s);
1703
1704 assert_se(sigprocmask_many(SIG_SETMASK, NULL, SIGINT, SIGTERM, SIGUSR1, SIGUSR2, SIGRTMIN+1, SIGRTMIN+18, -1) >= 0);
1705
1706 r = sd_event_add_signal(s->event, &s->sigusr1_event_source, SIGUSR1, dispatch_sigusr1, s);
1707 if (r < 0)
1708 return r;
1709
1710 r = sd_event_add_signal(s->event, &s->sigusr2_event_source, SIGUSR2, dispatch_sigusr2, s);
1711 if (r < 0)
1712 return r;
1713
1714 r = sd_event_add_signal(s->event, &s->sigterm_event_source, SIGTERM, dispatch_sigterm, s);
1715 if (r < 0)
1716 return r;
1717
1718 /* Let's process SIGTERM early, so that we definitely react to it */
1719 r = sd_event_source_set_priority(s->sigterm_event_source, SD_EVENT_PRIORITY_IMPORTANT-10);
1720 if (r < 0)
1721 return r;
1722
1723 /* When journald is invoked on the terminal (when debugging), it's useful if C-c is handled
1724 * equivalent to SIGTERM. */
1725 r = sd_event_add_signal(s->event, &s->sigint_event_source, SIGINT, dispatch_sigterm, s);
1726 if (r < 0)
1727 return r;
1728
1729 r = sd_event_source_set_priority(s->sigint_event_source, SD_EVENT_PRIORITY_IMPORTANT-10);
1730 if (r < 0)
1731 return r;
1732
1733 /* SIGRTMIN+1 causes an immediate sync. We process this very late, so that everything else queued at
1734 * this point is really written to disk. Clients can watch /run/systemd/journal/synced with inotify
1735 * until its mtime changes to see when a sync happened. */
1736 r = sd_event_add_signal(s->event, &s->sigrtmin1_event_source, SIGRTMIN+1, dispatch_sigrtmin1, s);
1737 if (r < 0)
1738 return r;
1739
1740 r = sd_event_source_set_priority(s->sigrtmin1_event_source, SD_EVENT_PRIORITY_NORMAL+15);
1741 if (r < 0)
1742 return r;
1743
1744 r = sd_event_add_signal(s->event, NULL, SIGRTMIN+18, sigrtmin18_handler, &s->sigrtmin18_info);
1745 if (r < 0)
1746 return r;
1747
1748 return 0;
1749 }
1750
1751 static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
1752 Server *s = ASSERT_PTR(data);
1753 int r;
1754
1755 if (proc_cmdline_key_streq(key, "systemd.journald.forward_to_syslog")) {
1756
1757 r = value ? parse_boolean(value) : true;
1758 if (r < 0)
1759 log_warning("Failed to parse forward to syslog switch \"%s\". Ignoring.", value);
1760 else
1761 s->forward_to_syslog = r;
1762
1763 } else if (proc_cmdline_key_streq(key, "systemd.journald.forward_to_kmsg")) {
1764
1765 r = value ? parse_boolean(value) : true;
1766 if (r < 0)
1767 log_warning("Failed to parse forward to kmsg switch \"%s\". Ignoring.", value);
1768 else
1769 s->forward_to_kmsg = r;
1770
1771 } else if (proc_cmdline_key_streq(key, "systemd.journald.forward_to_console")) {
1772
1773 r = value ? parse_boolean(value) : true;
1774 if (r < 0)
1775 log_warning("Failed to parse forward to console switch \"%s\". Ignoring.", value);
1776 else
1777 s->forward_to_console = r;
1778
1779 } else if (proc_cmdline_key_streq(key, "systemd.journald.forward_to_wall")) {
1780
1781 r = value ? parse_boolean(value) : true;
1782 if (r < 0)
1783 log_warning("Failed to parse forward to wall switch \"%s\". Ignoring.", value);
1784 else
1785 s->forward_to_wall = r;
1786
1787 } else if (proc_cmdline_key_streq(key, "systemd.journald.max_level_console")) {
1788
1789 if (proc_cmdline_value_missing(key, value))
1790 return 0;
1791
1792 r = log_level_from_string(value);
1793 if (r < 0)
1794 log_warning("Failed to parse max level console value \"%s\". Ignoring.", value);
1795 else
1796 s->max_level_console = r;
1797
1798 } else if (proc_cmdline_key_streq(key, "systemd.journald.max_level_store")) {
1799
1800 if (proc_cmdline_value_missing(key, value))
1801 return 0;
1802
1803 r = log_level_from_string(value);
1804 if (r < 0)
1805 log_warning("Failed to parse max level store value \"%s\". Ignoring.", value);
1806 else
1807 s->max_level_store = r;
1808
1809 } else if (proc_cmdline_key_streq(key, "systemd.journald.max_level_syslog")) {
1810
1811 if (proc_cmdline_value_missing(key, value))
1812 return 0;
1813
1814 r = log_level_from_string(value);
1815 if (r < 0)
1816 log_warning("Failed to parse max level syslog value \"%s\". Ignoring.", value);
1817 else
1818 s->max_level_syslog = r;
1819
1820 } else if (proc_cmdline_key_streq(key, "systemd.journald.max_level_kmsg")) {
1821
1822 if (proc_cmdline_value_missing(key, value))
1823 return 0;
1824
1825 r = log_level_from_string(value);
1826 if (r < 0)
1827 log_warning("Failed to parse max level kmsg value \"%s\". Ignoring.", value);
1828 else
1829 s->max_level_kmsg = r;
1830
1831 } else if (proc_cmdline_key_streq(key, "systemd.journald.max_level_wall")) {
1832
1833 if (proc_cmdline_value_missing(key, value))
1834 return 0;
1835
1836 r = log_level_from_string(value);
1837 if (r < 0)
1838 log_warning("Failed to parse max level wall value \"%s\". Ignoring.", value);
1839 else
1840 s->max_level_wall = r;
1841
1842 } else if (startswith(key, "systemd.journald"))
1843 log_warning("Unknown journald kernel command line option \"%s\". Ignoring.", key);
1844
1845 /* do not warn about state here, since probably systemd already did */
1846 return 0;
1847 }
1848
1849 static int server_parse_config_file(Server *s) {
1850 const char *conf_file = "journald.conf";
1851
1852 assert(s);
1853
1854 if (s->namespace)
1855 conf_file = strjoina("journald@", s->namespace, ".conf");
1856
1857 return config_parse_config_file(conf_file, "Journal\0",
1858 config_item_perf_lookup, journald_gperf_lookup,
1859 CONFIG_PARSE_WARN, s);
1860 }
1861
1862 static int server_dispatch_sync(sd_event_source *es, usec_t t, void *userdata) {
1863 Server *s = ASSERT_PTR(userdata);
1864
1865 server_sync(s);
1866 return 0;
1867 }
1868
1869 int server_schedule_sync(Server *s, int priority) {
1870 int r;
1871
1872 assert(s);
1873
1874 if (priority <= LOG_CRIT) {
1875 /* Immediately sync to disk when this is of priority CRIT, ALERT, EMERG */
1876 server_sync(s);
1877 return 0;
1878 }
1879
1880 if (!s->event || sd_event_get_state(s->event) == SD_EVENT_FINISHED) {
1881 /* Shutting down the server? Let's sync immediately. */
1882 server_sync(s);
1883 return 0;
1884 }
1885
1886 if (s->sync_scheduled)
1887 return 0;
1888
1889 if (s->sync_interval_usec > 0) {
1890
1891 if (!s->sync_event_source) {
1892 r = sd_event_add_time_relative(
1893 s->event,
1894 &s->sync_event_source,
1895 CLOCK_MONOTONIC,
1896 s->sync_interval_usec, 0,
1897 server_dispatch_sync, s);
1898 if (r < 0)
1899 return r;
1900
1901 r = sd_event_source_set_priority(s->sync_event_source, SD_EVENT_PRIORITY_IMPORTANT);
1902 } else {
1903 r = sd_event_source_set_time_relative(s->sync_event_source, s->sync_interval_usec);
1904 if (r < 0)
1905 return r;
1906
1907 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_ONESHOT);
1908 }
1909 if (r < 0)
1910 return r;
1911
1912 s->sync_scheduled = true;
1913 }
1914
1915 return 0;
1916 }
1917
1918 static int dispatch_hostname_change(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
1919 Server *s = ASSERT_PTR(userdata);
1920
1921 server_cache_hostname(s);
1922 return 0;
1923 }
1924
1925 static int server_open_hostname(Server *s) {
1926 int r;
1927
1928 assert(s);
1929
1930 s->hostname_fd = open("/proc/sys/kernel/hostname",
1931 O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
1932 if (s->hostname_fd < 0)
1933 return log_error_errno(errno, "Failed to open /proc/sys/kernel/hostname: %m");
1934
1935 r = sd_event_add_io(s->event, &s->hostname_event_source, s->hostname_fd, 0, dispatch_hostname_change, s);
1936 if (r < 0) {
1937 /* kernels prior to 3.2 don't support polling this file. Ignore
1938 * the failure. */
1939 if (r == -EPERM) {
1940 log_warning_errno(r, "Failed to register hostname fd in event loop, ignoring: %m");
1941 s->hostname_fd = safe_close(s->hostname_fd);
1942 return 0;
1943 }
1944
1945 return log_error_errno(r, "Failed to register hostname fd in event loop: %m");
1946 }
1947
1948 r = sd_event_source_set_priority(s->hostname_event_source, SD_EVENT_PRIORITY_IMPORTANT-10);
1949 if (r < 0)
1950 return log_error_errno(r, "Failed to adjust priority of hostname event source: %m");
1951
1952 return 0;
1953 }
1954
1955 static int dispatch_notify_event(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
1956 Server *s = ASSERT_PTR(userdata);
1957 int r;
1958
1959 assert(s->notify_event_source == es);
1960 assert(s->notify_fd == fd);
1961
1962 /* The $NOTIFY_SOCKET is writable again, now send exactly one
1963 * message on it. Either it's the watchdog event, the initial
1964 * READY=1 event or an stdout stream event. If there's nothing
1965 * to write anymore, turn our event source off. The next time
1966 * there's something to send it will be turned on again. */
1967
1968 if (!s->sent_notify_ready) {
1969 static const char p[] = "READY=1\n"
1970 "STATUS=Processing requests...";
1971
1972 if (send(s->notify_fd, p, strlen(p), MSG_DONTWAIT) < 0) {
1973 if (errno == EAGAIN)
1974 return 0;
1975
1976 return log_error_errno(errno, "Failed to send READY=1 notification message: %m");
1977 }
1978
1979 s->sent_notify_ready = true;
1980 log_debug("Sent READY=1 notification.");
1981
1982 } else if (s->send_watchdog) {
1983 static const char p[] = "WATCHDOG=1";
1984
1985 if (send(s->notify_fd, p, strlen(p), MSG_DONTWAIT) < 0) {
1986 if (errno == EAGAIN)
1987 return 0;
1988
1989 return log_error_errno(errno, "Failed to send WATCHDOG=1 notification message: %m");
1990 }
1991
1992 s->send_watchdog = false;
1993 log_debug("Sent WATCHDOG=1 notification.");
1994
1995 } else if (s->stdout_streams_notify_queue)
1996 /* Dispatch one stream notification event */
1997 stdout_stream_send_notify(s->stdout_streams_notify_queue);
1998
1999 /* Leave us enabled if there's still more to do. */
2000 if (s->send_watchdog || s->stdout_streams_notify_queue)
2001 return 0;
2002
2003 /* There was nothing to do anymore, let's turn ourselves off. */
2004 r = sd_event_source_set_enabled(es, SD_EVENT_OFF);
2005 if (r < 0)
2006 return log_error_errno(r, "Failed to turn off notify event source: %m");
2007
2008 return 0;
2009 }
2010
2011 static int dispatch_watchdog(sd_event_source *es, uint64_t usec, void *userdata) {
2012 Server *s = ASSERT_PTR(userdata);
2013 int r;
2014
2015 s->send_watchdog = true;
2016
2017 r = sd_event_source_set_enabled(s->notify_event_source, SD_EVENT_ON);
2018 if (r < 0)
2019 log_warning_errno(r, "Failed to turn on notify event source: %m");
2020
2021 r = sd_event_source_set_time(s->watchdog_event_source, usec + s->watchdog_usec / 2);
2022 if (r < 0)
2023 return log_error_errno(r, "Failed to restart watchdog event source: %m");
2024
2025 r = sd_event_source_set_enabled(s->watchdog_event_source, SD_EVENT_ON);
2026 if (r < 0)
2027 return log_error_errno(r, "Failed to enable watchdog event source: %m");
2028
2029 return 0;
2030 }
2031
2032 static int server_connect_notify(Server *s) {
2033 union sockaddr_union sa;
2034 socklen_t sa_len;
2035 const char *e;
2036 int r;
2037
2038 assert(s);
2039 assert(s->notify_fd < 0);
2040 assert(!s->notify_event_source);
2041
2042 /*
2043 * So here's the problem: we'd like to send notification messages to PID 1, but we cannot do that via
2044 * sd_notify(), since that's synchronous, and we might end up blocking on it. Specifically: given
2045 * that PID 1 might block on dbus-daemon during IPC, and dbus-daemon is logging to us, and might
2046 * hence block on us, we might end up in a deadlock if we block on sending PID 1 notification
2047 * messages — by generating a full blocking circle. To avoid this, let's create a non-blocking
2048 * socket, and connect it to the notification socket, and then wait for POLLOUT before we send
2049 * anything. This should efficiently avoid any deadlocks, as we'll never block on PID 1, hence PID 1
2050 * can safely block on dbus-daemon which can safely block on us again.
2051 *
2052 * Don't think that this issue is real? It is, see: https://github.com/systemd/systemd/issues/1505
2053 */
2054
2055 e = getenv("NOTIFY_SOCKET");
2056 if (!e)
2057 return 0;
2058
2059 r = sockaddr_un_set_path(&sa.un, e);
2060 if (r < 0)
2061 return log_error_errno(r, "NOTIFY_SOCKET set to invalid value '%s': %m", e);
2062 sa_len = r;
2063
2064 s->notify_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
2065 if (s->notify_fd < 0)
2066 return log_error_errno(errno, "Failed to create notify socket: %m");
2067
2068 (void) fd_inc_sndbuf(s->notify_fd, NOTIFY_SNDBUF_SIZE);
2069
2070 r = connect(s->notify_fd, &sa.sa, sa_len);
2071 if (r < 0)
2072 return log_error_errno(errno, "Failed to connect to notify socket: %m");
2073
2074 r = sd_event_add_io(s->event, &s->notify_event_source, s->notify_fd, EPOLLOUT, dispatch_notify_event, s);
2075 if (r < 0)
2076 return log_error_errno(r, "Failed to watch notification socket: %m");
2077
2078 if (sd_watchdog_enabled(false, &s->watchdog_usec) > 0) {
2079 s->send_watchdog = true;
2080
2081 r = sd_event_add_time_relative(s->event, &s->watchdog_event_source, CLOCK_MONOTONIC, s->watchdog_usec/2, s->watchdog_usec/4, dispatch_watchdog, s);
2082 if (r < 0)
2083 return log_error_errno(r, "Failed to add watchdog time event: %m");
2084 }
2085
2086 /* This should fire pretty soon, which we'll use to send the READY=1 event. */
2087
2088 return 0;
2089 }
2090
2091 static int synchronize_second_half(sd_event_source *event_source, void *userdata) {
2092 Varlink *link = ASSERT_PTR(userdata);
2093 Server *s;
2094 int r;
2095
2096 assert_se(s = varlink_get_userdata(link));
2097
2098 /* This is the "second half" of the Synchronize() varlink method. This function is called as deferred
2099 * event source at a low priority to ensure the synchronization completes after all queued log
2100 * messages are processed. */
2101 server_full_sync(s);
2102
2103 /* Let's get rid of the event source now, by marking it as non-floating again. It then has no ref
2104 * anymore and is immediately destroyed after we return from this function, i.e. from this event
2105 * source handler at the end. */
2106 r = sd_event_source_set_floating(event_source, false);
2107 if (r < 0)
2108 return log_error_errno(r, "Failed to mark event source as non-floating: %m");
2109
2110 return varlink_reply(link, NULL);
2111 }
2112
2113 static void synchronize_destroy(void *userdata) {
2114 varlink_unref(userdata);
2115 }
2116
2117 static int vl_method_synchronize(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) {
2118 _cleanup_(sd_event_source_unrefp) sd_event_source *event_source = NULL;
2119 Server *s = ASSERT_PTR(userdata);
2120 int r;
2121
2122 assert(link);
2123
2124 if (json_variant_elements(parameters) > 0)
2125 return varlink_error_invalid_parameter(link, parameters);
2126
2127 log_info("Received client request to sync journal.");
2128
2129 /* We don't do the main work now, but instead enqueue a deferred event loop job which will do
2130 * it. That job is scheduled at low priority, so that we return from this method call only after all
2131 * queued but not processed log messages are written to disk, so that this method call returning can
2132 * be used as nice synchronization point. */
2133 r = sd_event_add_defer(s->event, &event_source, synchronize_second_half, link);
2134 if (r < 0)
2135 return log_error_errno(r, "Failed to allocate defer event source: %m");
2136
2137 r = sd_event_source_set_destroy_callback(event_source, synchronize_destroy);
2138 if (r < 0)
2139 return log_error_errno(r, "Failed to set event source destroy callback: %m");
2140
2141 varlink_ref(link); /* The varlink object is now left to the destroy callback to unref */
2142
2143 r = sd_event_source_set_priority(event_source, SD_EVENT_PRIORITY_NORMAL+15);
2144 if (r < 0)
2145 return log_error_errno(r, "Failed to set defer event source priority: %m");
2146
2147 /* Give up ownership of this event source. It will now be destroyed along with event loop itself,
2148 * unless it destroys itself earlier. */
2149 r = sd_event_source_set_floating(event_source, true);
2150 if (r < 0)
2151 return log_error_errno(r, "Failed to mark event source as floating: %m");
2152
2153 (void) sd_event_source_set_description(event_source, "deferred-sync");
2154
2155 return 0;
2156 }
2157
2158 static int vl_method_rotate(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) {
2159 Server *s = ASSERT_PTR(userdata);
2160
2161 assert(link);
2162
2163 if (json_variant_elements(parameters) > 0)
2164 return varlink_error_invalid_parameter(link, parameters);
2165
2166 log_info("Received client request to rotate journal, rotating.");
2167 server_full_rotate(s);
2168
2169 return varlink_reply(link, NULL);
2170 }
2171
2172 static int vl_method_flush_to_var(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) {
2173 Server *s = ASSERT_PTR(userdata);
2174
2175 assert(link);
2176
2177 if (json_variant_elements(parameters) > 0)
2178 return varlink_error_invalid_parameter(link, parameters);
2179 if (s->namespace)
2180 return varlink_error(link, "io.systemd.Journal.NotSupportedByNamespaces", NULL);
2181
2182 log_info("Received client request to flush runtime journal.");
2183 server_full_flush(s);
2184
2185 return varlink_reply(link, NULL);
2186 }
2187
2188 static int vl_method_relinquish_var(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) {
2189 Server *s = ASSERT_PTR(userdata);
2190
2191 assert(link);
2192
2193 if (json_variant_elements(parameters) > 0)
2194 return varlink_error_invalid_parameter(link, parameters);
2195 if (s->namespace)
2196 return varlink_error(link, "io.systemd.Journal.NotSupportedByNamespaces", NULL);
2197
2198 log_info("Received client request to relinquish %s access.", s->system_storage.path);
2199 server_relinquish_var(s);
2200
2201 return varlink_reply(link, NULL);
2202 }
2203
2204 static int vl_connect(VarlinkServer *server, Varlink *link, void *userdata) {
2205 Server *s = ASSERT_PTR(userdata);
2206
2207 assert(server);
2208 assert(link);
2209
2210 (void) server_start_or_stop_idle_timer(s); /* maybe we are no longer idle */
2211
2212 return 0;
2213 }
2214
2215 static void vl_disconnect(VarlinkServer *server, Varlink *link, void *userdata) {
2216 Server *s = ASSERT_PTR(userdata);
2217
2218 assert(server);
2219 assert(link);
2220
2221 (void) server_start_or_stop_idle_timer(s); /* maybe we are idle now */
2222 }
2223
2224 static int server_open_varlink(Server *s, const char *socket, int fd) {
2225 int r;
2226
2227 assert(s);
2228
2229 r = varlink_server_new(&s->varlink_server, VARLINK_SERVER_ROOT_ONLY|VARLINK_SERVER_INHERIT_USERDATA);
2230 if (r < 0)
2231 return r;
2232
2233 varlink_server_set_userdata(s->varlink_server, s);
2234
2235 r = varlink_server_add_interface(s->varlink_server, &vl_interface_io_systemd_Journal);
2236 if (r < 0)
2237 return log_error_errno(r, "Failed to add Journal interface to varlink server: %m");
2238
2239 r = varlink_server_bind_method_many(
2240 s->varlink_server,
2241 "io.systemd.Journal.Synchronize", vl_method_synchronize,
2242 "io.systemd.Journal.Rotate", vl_method_rotate,
2243 "io.systemd.Journal.FlushToVar", vl_method_flush_to_var,
2244 "io.systemd.Journal.RelinquishVar", vl_method_relinquish_var);
2245 if (r < 0)
2246 return r;
2247
2248 r = varlink_server_bind_connect(s->varlink_server, vl_connect);
2249 if (r < 0)
2250 return r;
2251
2252 r = varlink_server_bind_disconnect(s->varlink_server, vl_disconnect);
2253 if (r < 0)
2254 return r;
2255
2256 if (fd < 0)
2257 r = varlink_server_listen_address(s->varlink_server, socket, 0600);
2258 else
2259 r = varlink_server_listen_fd(s->varlink_server, fd);
2260 if (r < 0)
2261 return r;
2262
2263 r = varlink_server_attach_event(s->varlink_server, s->event, SD_EVENT_PRIORITY_NORMAL);
2264 if (r < 0)
2265 return r;
2266
2267 return 0;
2268 }
2269
2270 int server_map_seqnum_file(
2271 Server *s,
2272 const char *fname,
2273 size_t size,
2274 void **ret) {
2275
2276 _cleanup_free_ char *fn = NULL;
2277 _cleanup_close_ int fd = -EBADF;
2278 uint64_t *p;
2279 int r;
2280
2281 assert(s);
2282 assert(fname);
2283 assert(size > 0);
2284 assert(ret);
2285
2286 fn = path_join(s->runtime_directory, fname);
2287 if (!fn)
2288 return -ENOMEM;
2289
2290 fd = open(fn, O_RDWR|O_CREAT|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0644);
2291 if (fd < 0)
2292 return -errno;
2293
2294 r = posix_fallocate_loop(fd, 0, size);
2295 if (r < 0)
2296 return r;
2297
2298 p = mmap(NULL, size, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
2299 if (p == MAP_FAILED)
2300 return -errno;
2301
2302 *ret = p;
2303 return 0;
2304 }
2305
2306 void server_unmap_seqnum_file(void *p, size_t size) {
2307 assert(size > 0);
2308
2309 if (!p)
2310 return;
2311
2312 assert_se(munmap(p, size) >= 0);
2313 }
2314
2315 static bool server_is_idle(Server *s) {
2316 assert(s);
2317
2318 /* The server for the main namespace is never idle */
2319 if (!s->namespace)
2320 return false;
2321
2322 /* If a retention maximum is set larger than the idle time we need to be running to enforce it, hence
2323 * turn off the idle logic. */
2324 if (s->max_retention_usec > IDLE_TIMEOUT_USEC)
2325 return false;
2326
2327 /* We aren't idle if we have a varlink client */
2328 if (varlink_server_current_connections(s->varlink_server) > 0)
2329 return false;
2330
2331 /* If we have stdout streams we aren't idle */
2332 if (s->n_stdout_streams > 0)
2333 return false;
2334
2335 return true;
2336 }
2337
2338 static int server_idle_handler(sd_event_source *source, uint64_t usec, void *userdata) {
2339 Server *s = ASSERT_PTR(userdata);
2340
2341 assert(source);
2342
2343 log_debug("Server is idle, exiting.");
2344 sd_event_exit(s->event, 0);
2345 return 0;
2346 }
2347
2348 int server_start_or_stop_idle_timer(Server *s) {
2349 _cleanup_(sd_event_source_unrefp) sd_event_source *source = NULL;
2350 int r;
2351
2352 assert(s);
2353
2354 if (!server_is_idle(s)) {
2355 s->idle_event_source = sd_event_source_disable_unref(s->idle_event_source);
2356 return 0;
2357 }
2358
2359 if (s->idle_event_source)
2360 return 1;
2361
2362 r = sd_event_add_time_relative(s->event, &source, CLOCK_MONOTONIC, IDLE_TIMEOUT_USEC, 0, server_idle_handler, s);
2363 if (r < 0)
2364 return log_error_errno(r, "Failed to allocate idle timer: %m");
2365
2366 r = sd_event_source_set_priority(source, SD_EVENT_PRIORITY_IDLE);
2367 if (r < 0)
2368 return log_error_errno(r, "Failed to set idle timer priority: %m");
2369
2370 (void) sd_event_source_set_description(source, "idle-timer");
2371
2372 s->idle_event_source = TAKE_PTR(source);
2373 return 1;
2374 }
2375
2376 int server_refresh_idle_timer(Server *s) {
2377 int r;
2378
2379 assert(s);
2380
2381 if (!s->idle_event_source)
2382 return 0;
2383
2384 r = sd_event_source_set_time_relative(s->idle_event_source, IDLE_TIMEOUT_USEC);
2385 if (r < 0)
2386 return log_error_errno(r, "Failed to refresh idle timer: %m");
2387
2388 return 1;
2389 }
2390
2391 static int server_set_namespace(Server *s, const char *namespace) {
2392 assert(s);
2393
2394 if (!namespace)
2395 return 0;
2396
2397 if (!log_namespace_name_valid(namespace))
2398 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Specified namespace name not valid, refusing: %s", namespace);
2399
2400 s->namespace = strdup(namespace);
2401 if (!s->namespace)
2402 return log_oom();
2403
2404 s->namespace_field = strjoin("_NAMESPACE=", namespace);
2405 if (!s->namespace_field)
2406 return log_oom();
2407
2408 return 1;
2409 }
2410
2411 static int server_memory_pressure(sd_event_source *es, void *userdata) {
2412 Server *s = ASSERT_PTR(userdata);
2413
2414 log_info("Under memory pressure, flushing caches.");
2415
2416 /* Flushed the cached info we might have about client processes */
2417 client_context_flush_regular(s);
2418
2419 /* Let's also close all user files (but keep the system/runtime one open) */
2420 for (;;) {
2421 JournalFile *first = ordered_hashmap_steal_first(s->user_journals);
2422
2423 if (!first)
2424 break;
2425
2426 (void) journal_file_offline_close(first);
2427 }
2428
2429 sd_event_trim_memory();
2430
2431 return 0;
2432 }
2433
2434 static int server_setup_memory_pressure(Server *s) {
2435 int r;
2436
2437 assert(s);
2438
2439 r = sd_event_add_memory_pressure(s->event, NULL, server_memory_pressure, s);
2440 if (r < 0)
2441 log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) || ERRNO_IS_PRIVILEGE(r) || (r == -EHOSTDOWN) ? LOG_DEBUG : LOG_NOTICE, r,
2442 "Failed to install memory pressure event source, ignoring: %m");
2443
2444 return 0;
2445 }
2446
2447 int server_new(Server **ret) {
2448 _cleanup_(server_freep) Server *s = NULL;
2449
2450 assert(ret);
2451
2452 s = new(Server, 1);
2453 if (!s)
2454 return -ENOMEM;
2455
2456 *s = (Server) {
2457 .syslog_fd = -EBADF,
2458 .native_fd = -EBADF,
2459 .stdout_fd = -EBADF,
2460 .dev_kmsg_fd = -EBADF,
2461 .audit_fd = -EBADF,
2462 .hostname_fd = -EBADF,
2463 .notify_fd = -EBADF,
2464
2465 .compress.enabled = true,
2466 .compress.threshold_bytes = UINT64_MAX,
2467 .seal = true,
2468
2469 .set_audit = true,
2470
2471 .watchdog_usec = USEC_INFINITY,
2472
2473 .sync_interval_usec = DEFAULT_SYNC_INTERVAL_USEC,
2474 .sync_scheduled = false,
2475
2476 .ratelimit_interval = DEFAULT_RATE_LIMIT_INTERVAL,
2477 .ratelimit_burst = DEFAULT_RATE_LIMIT_BURST,
2478
2479 .forward_to_wall = true,
2480
2481 .max_file_usec = DEFAULT_MAX_FILE_USEC,
2482
2483 .max_level_store = LOG_DEBUG,
2484 .max_level_syslog = LOG_DEBUG,
2485 .max_level_kmsg = LOG_NOTICE,
2486 .max_level_console = LOG_INFO,
2487 .max_level_wall = LOG_EMERG,
2488
2489 .line_max = DEFAULT_LINE_MAX,
2490
2491 .runtime_storage.name = "Runtime Journal",
2492 .system_storage.name = "System Journal",
2493
2494 .kmsg_own_ratelimit = {
2495 .interval = DEFAULT_KMSG_OWN_INTERVAL,
2496 .burst = DEFAULT_KMSG_OWN_BURST,
2497 },
2498
2499 .sigrtmin18_info.memory_pressure_handler = server_memory_pressure,
2500 .sigrtmin18_info.memory_pressure_userdata = s,
2501 };
2502
2503 *ret = TAKE_PTR(s);
2504 return 0;
2505 }
2506
2507 int server_init(Server *s, const char *namespace) {
2508 const char *native_socket, *syslog_socket, *stdout_socket, *varlink_socket, *e;
2509 _cleanup_fdset_free_ FDSet *fds = NULL;
2510 int n, r, fd, varlink_fd = -EBADF;
2511 bool no_sockets;
2512
2513 assert(s);
2514
2515 r = server_set_namespace(s, namespace);
2516 if (r < 0)
2517 return r;
2518
2519 /* By default, only read from /dev/kmsg if are the main namespace */
2520 s->read_kmsg = !s->namespace;
2521 s->storage = s->namespace ? STORAGE_PERSISTENT : STORAGE_AUTO;
2522
2523 journal_reset_metrics(&s->system_storage.metrics);
2524 journal_reset_metrics(&s->runtime_storage.metrics);
2525
2526 server_parse_config_file(s);
2527
2528 if (!s->namespace) {
2529 /* Parse kernel command line, but only if we are not a namespace instance */
2530 r = proc_cmdline_parse(parse_proc_cmdline_item, s, PROC_CMDLINE_STRIP_RD_PREFIX);
2531 if (r < 0)
2532 log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
2533 }
2534
2535 if (!!s->ratelimit_interval != !!s->ratelimit_burst) { /* One set to 0 and the other not? */
2536 log_debug("Setting both rate limit interval and burst from "USEC_FMT",%u to 0,0",
2537 s->ratelimit_interval, s->ratelimit_burst);
2538 s->ratelimit_interval = s->ratelimit_burst = 0;
2539 }
2540
2541 e = getenv("RUNTIME_DIRECTORY");
2542 if (e)
2543 s->runtime_directory = strdup(e);
2544 else if (s->namespace)
2545 s->runtime_directory = strjoin("/run/systemd/journal.", s->namespace);
2546 else
2547 s->runtime_directory = strdup("/run/systemd/journal");
2548 if (!s->runtime_directory)
2549 return log_oom();
2550
2551 (void) mkdir_p(s->runtime_directory, 0755);
2552
2553 s->user_journals = ordered_hashmap_new(NULL);
2554 if (!s->user_journals)
2555 return log_oom();
2556
2557 s->mmap = mmap_cache_new();
2558 if (!s->mmap)
2559 return log_oom();
2560
2561 s->deferred_closes = set_new(NULL);
2562 if (!s->deferred_closes)
2563 return log_oom();
2564
2565 r = sd_event_default(&s->event);
2566 if (r < 0)
2567 return log_error_errno(r, "Failed to create event loop: %m");
2568
2569 n = sd_listen_fds(true);
2570 if (n < 0)
2571 return log_error_errno(n, "Failed to read listening file descriptors from environment: %m");
2572
2573 native_socket = strjoina(s->runtime_directory, "/socket");
2574 stdout_socket = strjoina(s->runtime_directory, "/stdout");
2575 syslog_socket = strjoina(s->runtime_directory, "/dev-log");
2576 varlink_socket = strjoina(s->runtime_directory, "/io.systemd.journal");
2577
2578 for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
2579
2580 if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, native_socket, 0) > 0) {
2581
2582 if (s->native_fd >= 0)
2583 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
2584 "Too many native sockets passed.");
2585
2586 s->native_fd = fd;
2587
2588 } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, stdout_socket, 0) > 0) {
2589
2590 if (s->stdout_fd >= 0)
2591 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
2592 "Too many stdout sockets passed.");
2593
2594 s->stdout_fd = fd;
2595
2596 } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, syslog_socket, 0) > 0) {
2597
2598 if (s->syslog_fd >= 0)
2599 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
2600 "Too many /dev/log sockets passed.");
2601
2602 s->syslog_fd = fd;
2603
2604 } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, varlink_socket, 0) > 0) {
2605
2606 if (varlink_fd >= 0)
2607 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
2608 "Too many varlink sockets passed.");
2609
2610 varlink_fd = fd;
2611 } else if (sd_is_socket(fd, AF_NETLINK, SOCK_RAW, -1) > 0) {
2612
2613 if (s->audit_fd >= 0)
2614 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
2615 "Too many audit sockets passed.");
2616
2617 s->audit_fd = fd;
2618
2619 } else {
2620
2621 if (!fds) {
2622 fds = fdset_new();
2623 if (!fds)
2624 return log_oom();
2625 }
2626
2627 r = fdset_put(fds, fd);
2628 if (r < 0)
2629 return log_oom();
2630 }
2631 }
2632
2633 /* Try to restore streams, but don't bother if this fails */
2634 (void) server_restore_streams(s, fds);
2635
2636 if (fdset_size(fds) > 0) {
2637 log_warning("%u unknown file descriptors passed, closing.", fdset_size(fds));
2638 fds = fdset_free(fds);
2639 }
2640
2641 no_sockets = s->native_fd < 0 && s->stdout_fd < 0 && s->syslog_fd < 0 && s->audit_fd < 0 && varlink_fd < 0;
2642
2643 /* always open stdout, syslog, native, and kmsg sockets */
2644
2645 /* systemd-journald.socket: /run/systemd/journal/stdout */
2646 r = server_open_stdout_socket(s, stdout_socket);
2647 if (r < 0)
2648 return r;
2649
2650 /* systemd-journald-dev-log.socket: /run/systemd/journal/dev-log */
2651 r = server_open_syslog_socket(s, syslog_socket);
2652 if (r < 0)
2653 return r;
2654
2655 /* systemd-journald.socket: /run/systemd/journal/socket */
2656 r = server_open_native_socket(s, native_socket);
2657 if (r < 0)
2658 return r;
2659
2660 /* /dev/kmsg */
2661 r = server_open_dev_kmsg(s);
2662 if (r < 0)
2663 return r;
2664
2665 /* Unless we got *some* sockets and not audit, open audit socket */
2666 if (s->audit_fd >= 0 || no_sockets) {
2667 log_info("Collecting audit messages is enabled.");
2668
2669 r = server_open_audit(s);
2670 if (r < 0)
2671 return r;
2672 } else
2673 log_info("Collecting audit messages is disabled.");
2674
2675 r = server_open_varlink(s, varlink_socket, varlink_fd);
2676 if (r < 0)
2677 return r;
2678
2679 r = server_map_seqnum_file(s, "seqnum", sizeof(SeqnumData), (void**) &s->seqnum);
2680 if (r < 0)
2681 return log_error_errno(r, "Failed to map main seqnum file: %m");
2682
2683 r = server_open_kernel_seqnum(s);
2684 if (r < 0)
2685 return r;
2686
2687 r = server_open_hostname(s);
2688 if (r < 0)
2689 return r;
2690
2691 r = server_setup_signals(s);
2692 if (r < 0)
2693 return r;
2694
2695 r = server_setup_memory_pressure(s);
2696 if (r < 0)
2697 return r;
2698
2699 s->ratelimit = journal_ratelimit_new();
2700 if (!s->ratelimit)
2701 return log_oom();
2702
2703 r = cg_get_root_path(&s->cgroup_root);
2704 if (r < 0)
2705 return log_error_errno(r, "Failed to acquire cgroup root path: %m");
2706
2707 server_cache_hostname(s);
2708 server_cache_boot_id(s);
2709 server_cache_machine_id(s);
2710
2711 if (s->namespace)
2712 s->runtime_storage.path = strjoin("/run/log/journal/", SERVER_MACHINE_ID(s), ".", s->namespace);
2713 else
2714 s->runtime_storage.path = strjoin("/run/log/journal/", SERVER_MACHINE_ID(s));
2715 if (!s->runtime_storage.path)
2716 return log_oom();
2717
2718 e = getenv("LOGS_DIRECTORY");
2719 if (e)
2720 s->system_storage.path = strdup(e);
2721 else if (s->namespace)
2722 s->system_storage.path = strjoin("/var/log/journal/", SERVER_MACHINE_ID(s), ".", s->namespace);
2723 else
2724 s->system_storage.path = strjoin("/var/log/journal/", SERVER_MACHINE_ID(s));
2725 if (!s->system_storage.path)
2726 return log_oom();
2727
2728 (void) server_connect_notify(s);
2729
2730 (void) client_context_acquire_default(s);
2731
2732 r = server_system_journal_open(s, /* flush_requested= */ false, /* relinquish_requested= */ false);
2733 if (r < 0)
2734 return r;
2735
2736 server_start_or_stop_idle_timer(s);
2737
2738 return 0;
2739 }
2740
2741 void server_maybe_append_tags(Server *s) {
2742 #if HAVE_GCRYPT
2743 JournalFile *f;
2744 usec_t n;
2745
2746 n = now(CLOCK_REALTIME);
2747
2748 if (s->system_journal)
2749 journal_file_maybe_append_tag(s->system_journal, n);
2750
2751 ORDERED_HASHMAP_FOREACH(f, s->user_journals)
2752 journal_file_maybe_append_tag(f, n);
2753 #endif
2754 }
2755
2756 Server* server_free(Server *s) {
2757 if (!s)
2758 return NULL;
2759
2760 free(s->namespace);
2761 free(s->namespace_field);
2762
2763 set_free_with_destructor(s->deferred_closes, journal_file_offline_close);
2764
2765 while (s->stdout_streams)
2766 stdout_stream_free(s->stdout_streams);
2767
2768 client_context_flush_all(s);
2769
2770 (void) journal_file_offline_close(s->system_journal);
2771 (void) journal_file_offline_close(s->runtime_journal);
2772
2773 ordered_hashmap_free_with_destructor(s->user_journals, journal_file_offline_close);
2774
2775 varlink_server_unref(s->varlink_server);
2776
2777 sd_event_source_unref(s->syslog_event_source);
2778 sd_event_source_unref(s->native_event_source);
2779 sd_event_source_unref(s->stdout_event_source);
2780 sd_event_source_unref(s->dev_kmsg_event_source);
2781 sd_event_source_unref(s->audit_event_source);
2782 sd_event_source_unref(s->sync_event_source);
2783 sd_event_source_unref(s->sigusr1_event_source);
2784 sd_event_source_unref(s->sigusr2_event_source);
2785 sd_event_source_unref(s->sigterm_event_source);
2786 sd_event_source_unref(s->sigint_event_source);
2787 sd_event_source_unref(s->sigrtmin1_event_source);
2788 sd_event_source_unref(s->hostname_event_source);
2789 sd_event_source_unref(s->notify_event_source);
2790 sd_event_source_unref(s->watchdog_event_source);
2791 sd_event_source_unref(s->idle_event_source);
2792 sd_event_unref(s->event);
2793
2794 safe_close(s->syslog_fd);
2795 safe_close(s->native_fd);
2796 safe_close(s->stdout_fd);
2797 safe_close(s->dev_kmsg_fd);
2798 safe_close(s->audit_fd);
2799 safe_close(s->hostname_fd);
2800 safe_close(s->notify_fd);
2801
2802 if (s->ratelimit)
2803 journal_ratelimit_free(s->ratelimit);
2804
2805 server_unmap_seqnum_file(s->seqnum, sizeof(*s->seqnum));
2806 server_unmap_seqnum_file(s->kernel_seqnum, sizeof(*s->kernel_seqnum));
2807
2808 free(s->buffer);
2809 free(s->tty_path);
2810 free(s->cgroup_root);
2811 free(s->hostname_field);
2812 free(s->runtime_storage.path);
2813 free(s->system_storage.path);
2814 free(s->runtime_directory);
2815
2816 mmap_cache_unref(s->mmap);
2817
2818 return mfree(s);
2819 }
2820
2821 static const char* const storage_table[_STORAGE_MAX] = {
2822 [STORAGE_AUTO] = "auto",
2823 [STORAGE_VOLATILE] = "volatile",
2824 [STORAGE_PERSISTENT] = "persistent",
2825 [STORAGE_NONE] = "none"
2826 };
2827
2828 DEFINE_STRING_TABLE_LOOKUP(storage, Storage);
2829 DEFINE_CONFIG_PARSE_ENUM(config_parse_storage, storage, Storage, "Failed to parse storage setting");
2830
2831 static const char* const split_mode_table[_SPLIT_MAX] = {
2832 [SPLIT_LOGIN] = "login",
2833 [SPLIT_UID] = "uid",
2834 [SPLIT_NONE] = "none",
2835 };
2836
2837 DEFINE_STRING_TABLE_LOOKUP(split_mode, SplitMode);
2838 DEFINE_CONFIG_PARSE_ENUM(config_parse_split_mode, split_mode, SplitMode, "Failed to parse split mode setting");
2839
2840 int config_parse_line_max(
2841 const char* unit,
2842 const char *filename,
2843 unsigned line,
2844 const char *section,
2845 unsigned section_line,
2846 const char *lvalue,
2847 int ltype,
2848 const char *rvalue,
2849 void *data,
2850 void *userdata) {
2851
2852 size_t *sz = ASSERT_PTR(data);
2853 int r;
2854
2855 assert(filename);
2856 assert(lvalue);
2857 assert(rvalue);
2858
2859 if (isempty(rvalue))
2860 /* Empty assignment means default */
2861 *sz = DEFAULT_LINE_MAX;
2862 else {
2863 uint64_t v;
2864
2865 r = parse_size(rvalue, 1024, &v);
2866 if (r < 0) {
2867 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse LineMax= value, ignoring: %s", rvalue);
2868 return 0;
2869 }
2870
2871 if (v < 79) {
2872 /* Why specify 79 here as minimum line length? Simply, because the most common traditional
2873 * terminal size is 80ch, and it might make sense to break one character before the natural
2874 * line break would occur on that. */
2875 log_syntax(unit, LOG_WARNING, filename, line, 0, "LineMax= too small, clamping to 79: %s", rvalue);
2876 *sz = 79;
2877 } else if (v > (uint64_t) (SSIZE_MAX-1)) {
2878 /* So, why specify SSIZE_MAX-1 here? Because that's one below the largest size value read()
2879 * can return, and we need one extra byte for the trailing NUL byte. Of course IRL such large
2880 * memory allocations will fail anyway, hence this limit is mostly theoretical anyway, as we'll
2881 * fail much earlier anyway. */
2882 log_syntax(unit, LOG_WARNING, filename, line, 0, "LineMax= too large, clamping to %" PRIu64 ": %s", (uint64_t) (SSIZE_MAX-1), rvalue);
2883 *sz = SSIZE_MAX-1;
2884 } else
2885 *sz = (size_t) v;
2886 }
2887
2888 return 0;
2889 }
2890
2891 int config_parse_compress(
2892 const char* unit,
2893 const char *filename,
2894 unsigned line,
2895 const char *section,
2896 unsigned section_line,
2897 const char *lvalue,
2898 int ltype,
2899 const char *rvalue,
2900 void *data,
2901 void *userdata) {
2902
2903 JournalCompressOptions* compress = data;
2904 int r;
2905
2906 if (isempty(rvalue)) {
2907 compress->enabled = true;
2908 compress->threshold_bytes = UINT64_MAX;
2909 } else if (streq(rvalue, "1")) {
2910 log_syntax(unit, LOG_WARNING, filename, line, 0,
2911 "Compress= ambiguously specified as 1, enabling compression with default threshold");
2912 compress->enabled = true;
2913 } else if (streq(rvalue, "0")) {
2914 log_syntax(unit, LOG_WARNING, filename, line, 0,
2915 "Compress= ambiguously specified as 0, disabling compression");
2916 compress->enabled = false;
2917 } else {
2918 r = parse_boolean(rvalue);
2919 if (r < 0) {
2920 r = parse_size(rvalue, 1024, &compress->threshold_bytes);
2921 if (r < 0)
2922 log_syntax(unit, LOG_WARNING, filename, line, r,
2923 "Failed to parse Compress= value, ignoring: %s", rvalue);
2924 else
2925 compress->enabled = true;
2926 } else
2927 compress->enabled = r;
2928 }
2929
2930 return 0;
2931 }
Unnamed repository; edit this file 'description' to name the repository.