]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/journal/journald-server.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bug #944: Deletion of unnecessary checks before a few calls of systemd functions
[thirdparty/systemd.git] / src / journal / journald-server.c
CommitLineData
d025f1e4
ZJS		 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3/***
4 This file is part of systemd.
5
6 Copyright 2011 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
22#include <sys/signalfd.h>
23#include <sys/ioctl.h>
24#include <linux/sockios.h>
25#include <sys/statvfs.h>
26#include <sys/mman.h>
27
24882e06
LP		 28#ifdef HAVE_SELINUX
29#include <selinux/selinux.h>
30#endif
31
d025f1e4 32#include <libudev.h>
d025f1e4 33
74df0fca
LP		 34#include "sd-journal.h"
35#include "sd-messages.h"
36#include "sd-daemon.h"
d025f1e4 37#include "mkdir.h"
c6878637 38#include "rm-rf.h"
d025f1e4
ZJS		 39#include "hashmap.h"
40#include "journal-file.h"
41#include "socket-util.h"
42#include "cgroup-util.h"
d025f1e4
ZJS		 43#include "missing.h"
44#include "conf-parser.h"
74df0fca 45#include "selinux-util.h"
958b66ea
LP		 46#include "acl-util.h"
47#include "formats-util.h"
48#include "process-util.h"
49#include "hostname-util.h"
24882e06 50#include "signal-util.h"
d025f1e4
ZJS		 51#include "journal-internal.h"
52#include "journal-vacuum.h"
53#include "journal-authenticate.h"
d025f1e4
ZJS		 54#include "journald-rate-limit.h"
55#include "journald-kmsg.h"
56#include "journald-syslog.h"
57#include "journald-stream.h"
d025f1e4 58#include "journald-native.h"
875c2e22 59#include "journald-audit.h"
74df0fca 60#include "journald-server.h"
d025f1e4 61
d025f1e4
ZJS		 62#define USER_JOURNALS_MAX 1024
63
26687bf8 64#define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
7f1ad696
LP		 65#define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC)
66#define DEFAULT_RATE_LIMIT_BURST 1000
e150e820 67#define DEFAULT_MAX_FILE_USEC USEC_PER_MONTH
d025f1e4
ZJS		 68
69#define RECHECK_AVAILABLE_SPACE_USEC (30*USEC_PER_SEC)
70
2c5859af 71static const char* const storage_table[_STORAGE_MAX] = {
d025f1e4
ZJS		 72 [STORAGE_AUTO] = "auto",
73 [STORAGE_VOLATILE] = "volatile",
74 [STORAGE_PERSISTENT] = "persistent",
75 [STORAGE_NONE] = "none"
76};
77
78DEFINE_STRING_TABLE_LOOKUP(storage, Storage);
79DEFINE_CONFIG_PARSE_ENUM(config_parse_storage, storage, Storage, "Failed to parse storage setting");
80
2c5859af
DM		 81static const char* const split_mode_table[_SPLIT_MAX] = {
82 [SPLIT_LOGIN] = "login",
d025f1e4 83 [SPLIT_UID] = "uid",
2c5859af 84 [SPLIT_NONE] = "none",
d025f1e4
ZJS		 85};
86
87DEFINE_STRING_TABLE_LOOKUP(split_mode, SplitMode);
88DEFINE_CONFIG_PARSE_ENUM(config_parse_split_mode, split_mode, SplitMode, "Failed to parse split mode setting");
89
670b110c 90static uint64_t available_space(Server *s, bool verbose) {
db91ea32 91 char ids[33];
7fd1b19b 92 _cleanup_free_ char *p = NULL;
d025f1e4
ZJS		 93 sd_id128_t machine;
94 struct statvfs ss;
670b110c 95 uint64_t sum = 0, ss_avail = 0, avail = 0;
d025f1e4 96 int r;
7fd1b19b 97 _cleanup_closedir_ DIR *d = NULL;
d025f1e4 98 usec_t ts;
670b110c 99 const char *f;
d025f1e4
ZJS		 100 JournalMetrics *m;
101
102 ts = now(CLOCK_MONOTONIC);
103
670b110c
ZJS		 104 if (s->cached_available_space_timestamp + RECHECK_AVAILABLE_SPACE_USEC > ts
105 && !verbose)
d025f1e4
ZJS		 106 return s->cached_available_space;
107
108 r = sd_id128_get_machine(&machine);
109 if (r < 0)
110 return 0;
111
112 if (s->system_journal) {
113 f = "/var/log/journal/";
114 m = &s->system_metrics;
115 } else {
116 f = "/run/log/journal/";
117 m = &s->runtime_metrics;
118 }
119
120 assert(m);
121
122 p = strappend(f, sd_id128_to_string(machine, ids));
123 if (!p)
124 return 0;
125
126 d = opendir(p);
d025f1e4
ZJS		 127 if (!d)
128 return 0;
129
130 if (fstatvfs(dirfd(d), &ss) < 0)
db91ea32 131 return 0;
d025f1e4
ZJS		 132
133 for (;;) {
134 struct stat st;
135 struct dirent *de;
d025f1e4 136
0371ca0d
FW		 137 errno = 0;
138 de = readdir(d);
139 if (!de && errno != 0)
140 return 0;
d025f1e4
ZJS		 141
142 if (!de)
143 break;
144
145 if (!endswith(de->d_name, ".journal") &&
146 !endswith(de->d_name, ".journal~"))
147 continue;
148
149 if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0)
150 continue;
151
152 if (!S_ISREG(st.st_mode))
153 continue;
154
155 sum += (uint64_t) st.st_blocks * 512UL;
156 }
157
d025f1e4
ZJS		 158 ss_avail = ss.f_bsize * ss.f_bavail;
159
348ced90
ZJS		 160 /* If we reached a high mark, we will always allow this much
161 * again, unless usage goes above max_use. This watermark
162 * value is cached so that we don't give up space on pressure,
163 * but hover below the maximum usage. */
164
165 if (m->use < sum)
166 m->use = sum;
167
168 avail = LESS_BY(ss_avail, m->keep_free);
169
170 s->cached_available_space = LESS_BY(MIN(m->max_use, avail), sum);
d025f1e4
ZJS		 171 s->cached_available_space_timestamp = ts;
172
670b110c
ZJS		 173 if (verbose) {
174 char fb1[FORMAT_BYTES_MAX], fb2[FORMAT_BYTES_MAX], fb3[FORMAT_BYTES_MAX],
175 fb4[FORMAT_BYTES_MAX], fb5[FORMAT_BYTES_MAX];
176
177 server_driver_message(s, SD_MESSAGE_JOURNAL_USAGE,
da2e288b
LP		 178 "%s is currently using %s.\n"
179 "Maximum allowed usage is set to %s.\n"
180 "Leaving at least %s free (of currently available %s of space).\n"
181 "Enforced usage limit is thus %s.",
182 s->system_journal ? "Permanent journal (/var/log/journal/)" : "Runtime journal (/run/log/journal/)",
670b110c
ZJS		 183 format_bytes(fb1, sizeof(fb1), sum),
184 format_bytes(fb2, sizeof(fb2), m->max_use),
185 format_bytes(fb3, sizeof(fb3), m->keep_free),
186 format_bytes(fb4, sizeof(fb4), ss_avail),
348ced90 187 format_bytes(fb5, sizeof(fb5), s->cached_available_space + sum));
670b110c
ZJS		 188 }
189
190 return s->cached_available_space;
d025f1e4
ZJS		 191}
192
d025f1e4
ZJS		 193void server_fix_perms(Server *s, JournalFile *f, uid_t uid) {
194 int r;
195#ifdef HAVE_ACL
196 acl_t acl;
197 acl_entry_t entry;
198 acl_permset_t permset;
199#endif
200
201 assert(f);
202
4608af43 203 r = fchmod(f->fd, 0640);
d025f1e4 204 if (r < 0)
da927ba9 205 log_warning_errno(r, "Failed to fix access mode on %s, ignoring: %m", f->path);
d025f1e4
ZJS		 206
207#ifdef HAVE_ACL
34c10968 208 if (uid <= SYSTEM_UID_MAX)
d025f1e4
ZJS		 209 return;
210
211 acl = acl_get_fd(f->fd);
212 if (!acl) {
56f64d95 213 log_warning_errno(errno, "Failed to read ACL on %s, ignoring: %m", f->path);
d025f1e4
ZJS		 214 return;
215 }
216
217 r = acl_find_uid(acl, uid, &entry);
218 if (r <= 0) {
219
220 if (acl_create_entry(&acl, &entry) < 0 ||
221 acl_set_tag_type(entry, ACL_USER) < 0 ||
222 acl_set_qualifier(entry, &uid) < 0) {
56f64d95 223 log_warning_errno(errno, "Failed to patch ACL on %s, ignoring: %m", f->path);
d025f1e4
ZJS		 224 goto finish;
225 }
226 }
227
23ad4dd8
JAS		 228 /* We do not recalculate the mask unconditionally here,
229 * so that the fchmod() mask above stays intact. */
d025f1e4 230 if (acl_get_permset(entry, &permset) < 0 ||
23ad4dd8
JAS		 231 acl_add_perm(permset, ACL_READ) < 0 ||
232 calc_acl_mask_if_needed(&acl) < 0) {
56f64d95 233 log_warning_errno(errno, "Failed to patch ACL on %s, ignoring: %m", f->path);
d025f1e4
ZJS		 234 goto finish;
235 }
236
237 if (acl_set_fd(f->fd, acl) < 0)
56f64d95 238 log_warning_errno(errno, "Failed to set ACL on %s, ignoring: %m", f->path);
d025f1e4
ZJS		 239
240finish:
241 acl_free(acl);
242#endif
243}
244
245static JournalFile* find_journal(Server *s, uid_t uid) {
ed375beb 246 _cleanup_free_ char *p = NULL;
d025f1e4
ZJS		 247 int r;
248 JournalFile *f;
249 sd_id128_t machine;
250
251 assert(s);
252
253 /* We split up user logs only on /var, not on /run. If the
254 * runtime file is open, we write to it exclusively, in order
255 * to guarantee proper order as soon as we flush /run to
256 * /var and close the runtime file. */
257
258 if (s->runtime_journal)
259 return s->runtime_journal;
260
f7dc3ab9 261 if (uid <= SYSTEM_UID_MAX)
d025f1e4
ZJS		 262 return s->system_journal;
263
264 r = sd_id128_get_machine(&machine);
265 if (r < 0)
266 return s->system_journal;
267
43cf8388 268 f = ordered_hashmap_get(s->user_journals, UINT32_TO_PTR(uid));
d025f1e4
ZJS		 269 if (f)
270 return f;
271
de0671ee
ZJS		 272 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/user-"UID_FMT".journal",
273 SD_ID128_FORMAT_VAL(machine), uid) < 0)
d025f1e4
ZJS		 274 return s->system_journal;
275
43cf8388 276 while (ordered_hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
d025f1e4 277 /* Too many open? Then let's close one */
43cf8388 278 f = ordered_hashmap_steal_first(s->user_journals);
d025f1e4
ZJS		 279 assert(f);
280 journal_file_close(f);
281 }
282
cbd67177 283 r = journal_file_open_reliably(p, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &f);
d025f1e4
ZJS		 284 if (r < 0)
285 return s->system_journal;
286
287 server_fix_perms(s, f, uid);
288
43cf8388 289 r = ordered_hashmap_put(s->user_journals, UINT32_TO_PTR(uid), f);
d025f1e4
ZJS		 290 if (r < 0) {
291 journal_file_close(f);
292 return s->system_journal;
293 }
294
295 return f;
296}
297
ea69bd41
LP		 298static int do_rotate(
299 Server *s,
300 JournalFile **f,
301 const char* name,
302 bool seal,
303 uint32_t uid) {
304
fc55baee
ZJS		 305 int r;
306 assert(s);
307
308 if (!*f)
309 return -EINVAL;
310
311 r = journal_file_rotate(f, s->compress, seal);
312 if (r < 0)
313 if (*f)
ea69bd41 314 log_error_errno(r, "Failed to rotate %s: %m", (*f)->path);
fc55baee 315 else
ea69bd41 316 log_error_errno(r, "Failed to create new %s journal: %m", name);
fc55baee
ZJS		 317 else
318 server_fix_perms(s, *f, uid);
2678031a 319
fc55baee
ZJS		 320 return r;
321}
322
d025f1e4
ZJS		 323void server_rotate(Server *s) {
324 JournalFile *f;
325 void *k;
326 Iterator i;
327 int r;
328
329 log_debug("Rotating...");
330
fc55baee
ZJS		 331 do_rotate(s, &s->runtime_journal, "runtime", false, 0);
332 do_rotate(s, &s->system_journal, "system", s->seal, 0);
d025f1e4 333
43cf8388 334 ORDERED_HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
fc55baee
ZJS		 335 r = do_rotate(s, &f, "user", s->seal, PTR_TO_UINT32(k));
336 if (r >= 0)
43cf8388 337 ordered_hashmap_replace(s->user_journals, k, f);
fc55baee
ZJS		 338 else if (!f)
339 /* Old file has been closed and deallocated */
43cf8388 340 ordered_hashmap_remove(s->user_journals, k);
d025f1e4
ZJS		 341 }
342}
343
26687bf8
OS		 344void server_sync(Server *s) {
345 JournalFile *f;
346 void *k;
347 Iterator i;
348 int r;
349
26687bf8
OS		 350 if (s->system_journal) {
351 r = journal_file_set_offline(s->system_journal);
352 if (r < 0)
da927ba9 353 log_error_errno(r, "Failed to sync system journal: %m");
26687bf8
OS		 354 }
355
43cf8388 356 ORDERED_HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
26687bf8
OS		 357 r = journal_file_set_offline(f);
358 if (r < 0)
da927ba9 359 log_error_errno(r, "Failed to sync user journal: %m");
26687bf8
OS		 360 }
361
f9a810be
LP		 362 if (s->sync_event_source) {
363 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_OFF);
364 if (r < 0)
da927ba9 365 log_error_errno(r, "Failed to disable sync timer source: %m");
f9a810be 366 }
26687bf8
OS		 367
368 s->sync_scheduled = false;
369}
370
ea69bd41
LP		 371static void do_vacuum(
372 Server *s,
373 const char *id,
374 JournalFile *f,
375 const char* path,
376 JournalMetrics *metrics) {
377
378 const char *p;
63c8666b
ZJS		 379 int r;
380
381 if (!f)
382 return;
383
63c372cb 384 p = strjoina(path, id);
dbd2a83f 385 r = journal_directory_vacuum(p, metrics->max_use, s->max_retention_usec, &s->oldest_file_usec, false);
63c8666b 386 if (r < 0 && r != -ENOENT)
da927ba9 387 log_error_errno(r, "Failed to vacuum %s: %m", p);
63c8666b
ZJS		 388}
389
d025f1e4 390void server_vacuum(Server *s) {
d025f1e4
ZJS		 391 char ids[33];
392 sd_id128_t machine;
393 int r;
394
395 log_debug("Vacuuming...");
396
397 s->oldest_file_usec = 0;
398
399 r = sd_id128_get_machine(&machine);
400 if (r < 0) {
da927ba9 401 log_error_errno(r, "Failed to get machine ID: %m");
d025f1e4
ZJS		 402 return;
403 }
d025f1e4
ZJS		 404 sd_id128_to_string(machine, ids);
405
63c8666b
ZJS		 406 do_vacuum(s, ids, s->system_journal, "/var/log/journal/", &s->system_metrics);
407 do_vacuum(s, ids, s->runtime_journal, "/run/log/journal/", &s->runtime_metrics);
d025f1e4
ZJS		 408
409 s->cached_available_space_timestamp = 0;
410}
411
0c24bb23
LP		 412static void server_cache_machine_id(Server *s) {
413 sd_id128_t id;
414 int r;
415
416 assert(s);
417
418 r = sd_id128_get_machine(&id);
419 if (r < 0)
420 return;
421
422 sd_id128_to_string(id, stpcpy(s->machine_id_field, "_MACHINE_ID="));
423}
424
425static void server_cache_boot_id(Server *s) {
426 sd_id128_t id;
427 int r;
428
429 assert(s);
430
431 r = sd_id128_get_boot(&id);
432 if (r < 0)
433 return;
434
435 sd_id128_to_string(id, stpcpy(s->boot_id_field, "_BOOT_ID="));
436}
437
438static void server_cache_hostname(Server *s) {
439 _cleanup_free_ char *t = NULL;
440 char *x;
441
442 assert(s);
443
444 t = gethostname_malloc();
445 if (!t)
446 return;
447
448 x = strappend("_HOSTNAME=", t);
449 if (!x)
450 return;
451
452 free(s->hostname_field);
453 s->hostname_field = x;
454}
455
8531ae70 456static bool shall_try_append_again(JournalFile *f, int r) {
d025f1e4
ZJS		 457
458 /* -E2BIG Hit configured limit
459 -EFBIG Hit fs limit
460 -EDQUOT Quota limit hit
461 -ENOSPC Disk full
fa6ac760 462 -EIO I/O error of some kind (mmap)
d025f1e4
ZJS		 463 -EHOSTDOWN Other machine
464 -EBUSY Unclean shutdown
465 -EPROTONOSUPPORT Unsupported feature
466 -EBADMSG Corrupted
467 -ENODATA Truncated
2678031a
LP		 468 -ESHUTDOWN Already archived
469 -EIDRM Journal file has been deleted */
d025f1e4
ZJS		 470
471 if (r == -E2BIG || r == -EFBIG || r == -EDQUOT || r == -ENOSPC)
472 log_debug("%s: Allocation limit reached, rotating.", f->path);
473 else if (r == -EHOSTDOWN)
474 log_info("%s: Journal file from other machine, rotating.", f->path);
475 else if (r == -EBUSY)
476 log_info("%s: Unclean shutdown, rotating.", f->path);
477 else if (r == -EPROTONOSUPPORT)
478 log_info("%s: Unsupported feature, rotating.", f->path);
479 else if (r == -EBADMSG || r == -ENODATA || r == ESHUTDOWN)
480 log_warning("%s: Journal file corrupted, rotating.", f->path);
fa6ac760
LP		 481 else if (r == -EIO)
482 log_warning("%s: IO error, rotating.", f->path);
2678031a
LP		 483 else if (r == -EIDRM)
484 log_warning("%s: Journal file has been deleted, rotating.", f->path);
d025f1e4
ZJS		 485 else
486 return false;
487
488 return true;
489}
490
d07f7b9e 491static void write_to_journal(Server *s, uid_t uid, struct iovec *iovec, unsigned n, int priority) {
d025f1e4
ZJS		 492 JournalFile *f;
493 bool vacuumed = false;
494 int r;
495
496 assert(s);
497 assert(iovec);
498 assert(n > 0);
499
500 f = find_journal(s, uid);
501 if (!f)
502 return;
503
504 if (journal_file_rotate_suggested(f, s->max_file_usec)) {
505 log_debug("%s: Journal header limits reached or header out-of-date, rotating.", f->path);
506 server_rotate(s);
507 server_vacuum(s);
508 vacuumed = true;
509
510 f = find_journal(s, uid);
511 if (!f)
512 return;
513 }
514
515 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
26687bf8 516 if (r >= 0) {
d07f7b9e 517 server_schedule_sync(s, priority);
d025f1e4 518 return;
26687bf8 519 }
d025f1e4
ZJS		 520
521 if (vacuumed || !shall_try_append_again(f, r)) {
8266e1c0 522 log_error_errno(r, "Failed to write entry (%d items, %zu bytes), ignoring: %m", n, IOVEC_TOTAL_SIZE(iovec, n));
d025f1e4
ZJS		 523 return;
524 }
525
526 server_rotate(s);
527 server_vacuum(s);
528
529 f = find_journal(s, uid);
530 if (!f)
531 return;
532
533 log_debug("Retrying write.");
534 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
8266e1c0
LP		 535 if (r < 0)
536 log_error_errno(r, "Failed to write entry (%d items, %zu bytes) despite vacuuming, ignoring: %m", n, IOVEC_TOTAL_SIZE(iovec, n));
537 else
d07f7b9e 538 server_schedule_sync(s, priority);
d025f1e4
ZJS		 539}
540
541static void dispatch_message_real(
542 Server *s,
543 struct iovec *iovec, unsigned n, unsigned m,
3b3154df
LP		 544 const struct ucred *ucred,
545 const struct timeval *tv,
d025f1e4 546 const char *label, size_t label_len,
968f3196 547 const char *unit_id,
d07f7b9e 548 int priority,
968f3196 549 pid_t object_pid) {
d025f1e4 550
968f3196 551 char pid[sizeof("_PID=") + DECIMAL_STR_MAX(pid_t)],
ae018d9b
LP		 552 uid[sizeof("_UID=") + DECIMAL_STR_MAX(uid_t)],
553 gid[sizeof("_GID=") + DECIMAL_STR_MAX(gid_t)],
554 owner_uid[sizeof("_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)],
d3789917 555 source_time[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)],
968f3196
ZJS		 556 o_uid[sizeof("OBJECT_UID=") + DECIMAL_STR_MAX(uid_t)],
557 o_gid[sizeof("OBJECT_GID=") + DECIMAL_STR_MAX(gid_t)],
558 o_owner_uid[sizeof("OBJECT_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)];
559 uid_t object_uid;
560 gid_t object_gid;
968f3196 561 char *x;
d025f1e4 562 int r;
ae018d9b 563 char *t, *c;
82499507
LP		 564 uid_t realuid = 0, owner = 0, journal_uid;
565 bool owner_valid = false;
ae018d9b 566#ifdef HAVE_AUDIT
968f3196
ZJS		 567 char audit_session[sizeof("_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
568 audit_loginuid[sizeof("_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)],
569 o_audit_session[sizeof("OBJECT_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
570 o_audit_loginuid[sizeof("OBJECT_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)];
ae018d9b
LP		 571
572 uint32_t audit;
573 uid_t loginuid;
574#endif
d025f1e4
ZJS		 575
576 assert(s);
577 assert(iovec);
578 assert(n > 0);
968f3196 579 assert(n + N_IOVEC_META_FIELDS + (object_pid ? N_IOVEC_OBJECT_FIELDS : 0) <= m);
d025f1e4
ZJS		 580
581 if (ucred) {
d025f1e4
ZJS		 582 realuid = ucred->uid;
583
de0671ee 584 sprintf(pid, "_PID="PID_FMT, ucred->pid);
c2457105 585 IOVEC_SET_STRING(iovec[n++], pid);
d025f1e4 586
de0671ee 587 sprintf(uid, "_UID="UID_FMT, ucred->uid);
c2457105 588 IOVEC_SET_STRING(iovec[n++], uid);
d025f1e4 589
de0671ee 590 sprintf(gid, "_GID="GID_FMT, ucred->gid);
c2457105 591 IOVEC_SET_STRING(iovec[n++], gid);
d025f1e4
ZJS		 592
593 r = get_process_comm(ucred->pid, &t);
594 if (r >= 0) {
63c372cb 595 x = strjoina("_COMM=", t);
d025f1e4 596 free(t);
968f3196 597 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4
ZJS		 598 }
599
600 r = get_process_exe(ucred->pid, &t);
601 if (r >= 0) {
63c372cb 602 x = strjoina("_EXE=", t);
d025f1e4 603 free(t);
968f3196 604 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4
ZJS		 605 }
606
9bdbc2e2 607 r = get_process_cmdline(ucred->pid, 0, false, &t);
d025f1e4 608 if (r >= 0) {
63c372cb 609 x = strjoina("_CMDLINE=", t);
d025f1e4 610 free(t);
3a832116
SL		 611 IOVEC_SET_STRING(iovec[n++], x);
612 }
613
614 r = get_process_capeff(ucred->pid, &t);
615 if (r >= 0) {
63c372cb 616 x = strjoina("_CAP_EFFECTIVE=", t);
3a832116 617 free(t);
968f3196 618 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4
ZJS		 619 }
620
0a20e3c1 621#ifdef HAVE_AUDIT
d025f1e4 622 r = audit_session_from_pid(ucred->pid, &audit);
ae018d9b 623 if (r >= 0) {
de0671ee 624 sprintf(audit_session, "_AUDIT_SESSION=%"PRIu32, audit);
ae018d9b
LP		 625 IOVEC_SET_STRING(iovec[n++], audit_session);
626 }
d025f1e4
ZJS		 627
628 r = audit_loginuid_from_pid(ucred->pid, &loginuid);
7027ff61 629 if (r >= 0) {
de0671ee 630 sprintf(audit_loginuid, "_AUDIT_LOGINUID="UID_FMT, loginuid);
ae018d9b 631 IOVEC_SET_STRING(iovec[n++], audit_loginuid);
d025f1e4 632 }
ae018d9b 633#endif
d025f1e4 634
e9174f29 635 r = cg_pid_get_path_shifted(ucred->pid, s->cgroup_root, &c);
7027ff61 636 if (r >= 0) {
968f3196
ZJS		 637 char *session = NULL;
638
63c372cb 639 x = strjoina("_SYSTEMD_CGROUP=", c);
968f3196 640 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4 641
ae018d9b
LP		 642 r = cg_path_get_session(c, &t);
643 if (r >= 0) {
63c372cb 644 session = strjoina("_SYSTEMD_SESSION=", t);
ae018d9b 645 free(t);
d025f1e4 646 IOVEC_SET_STRING(iovec[n++], session);
ae018d9b
LP		 647 }
648
649 if (cg_path_get_owner_uid(c, &owner) >= 0) {
650 owner_valid = true;
d025f1e4 651
de0671ee 652 sprintf(owner_uid, "_SYSTEMD_OWNER_UID="UID_FMT, owner);
d025f1e4 653 IOVEC_SET_STRING(iovec[n++], owner_uid);
ae018d9b 654 }
d025f1e4 655
ae018d9b 656 if (cg_path_get_unit(c, &t) >= 0) {
63c372cb 657 x = strjoina("_SYSTEMD_UNIT=", t);
ae018d9b 658 free(t);
19cace37
LP		 659 IOVEC_SET_STRING(iovec[n++], x);
660 } else if (unit_id && !session) {
63c372cb 661 x = strjoina("_SYSTEMD_UNIT=", unit_id);
19cace37
LP		 662 IOVEC_SET_STRING(iovec[n++], x);
663 }
664
665 if (cg_path_get_user_unit(c, &t) >= 0) {
63c372cb 666 x = strjoina("_SYSTEMD_USER_UNIT=", t);
ae018d9b 667 free(t);
968f3196 668 IOVEC_SET_STRING(iovec[n++], x);
19cace37 669 } else if (unit_id && session) {
63c372cb 670 x = strjoina("_SYSTEMD_USER_UNIT=", unit_id);
19cace37
LP		 671 IOVEC_SET_STRING(iovec[n++], x);
672 }
ae018d9b 673
0a244b8e 674 if (cg_path_get_slice(c, &t) >= 0) {
63c372cb 675 x = strjoina("_SYSTEMD_SLICE=", t);
0a244b8e
LP		 676 free(t);
677 IOVEC_SET_STRING(iovec[n++], x);
678 }
679
ae018d9b 680 free(c);
2d43b190 681 } else if (unit_id) {
63c372cb 682 x = strjoina("_SYSTEMD_UNIT=", unit_id);
2d43b190 683 IOVEC_SET_STRING(iovec[n++], x);
ef1673d1 684 }
d025f1e4 685
d025f1e4 686#ifdef HAVE_SELINUX
6baa7db0 687 if (mac_selinux_use()) {
d682b3a7 688 if (label) {
f8294e41 689 x = alloca(strlen("_SELINUX_CONTEXT=") + label_len + 1);
ae018d9b 690
d682b3a7
LP		 691 *((char*) mempcpy(stpcpy(x, "_SELINUX_CONTEXT="), label, label_len)) = 0;
692 IOVEC_SET_STRING(iovec[n++], x);
693 } else {
694 security_context_t con;
d025f1e4 695
d682b3a7 696 if (getpidcon(ucred->pid, &con) >= 0) {
63c372cb 697 x = strjoina("_SELINUX_CONTEXT=", con);
e7ff4e7f 698
d682b3a7
LP		 699 freecon(con);
700 IOVEC_SET_STRING(iovec[n++], x);
701 }
d025f1e4
ZJS		 702 }
703 }
704#endif
705 }
968f3196
ZJS		 706 assert(n <= m);
707
708 if (object_pid) {
709 r = get_process_uid(object_pid, &object_uid);
710 if (r >= 0) {
de0671ee 711 sprintf(o_uid, "OBJECT_UID="UID_FMT, object_uid);
968f3196
ZJS		 712 IOVEC_SET_STRING(iovec[n++], o_uid);
713 }
714
715 r = get_process_gid(object_pid, &object_gid);
716 if (r >= 0) {
de0671ee 717 sprintf(o_gid, "OBJECT_GID="GID_FMT, object_gid);
968f3196
ZJS		 718 IOVEC_SET_STRING(iovec[n++], o_gid);
719 }
720
721 r = get_process_comm(object_pid, &t);
722 if (r >= 0) {
63c372cb 723 x = strjoina("OBJECT_COMM=", t);
968f3196
ZJS		 724 free(t);
725 IOVEC_SET_STRING(iovec[n++], x);
726 }
727
728 r = get_process_exe(object_pid, &t);
729 if (r >= 0) {
63c372cb 730 x = strjoina("OBJECT_EXE=", t);
968f3196
ZJS		 731 free(t);
732 IOVEC_SET_STRING(iovec[n++], x);
733 }
734
735 r = get_process_cmdline(object_pid, 0, false, &t);
736 if (r >= 0) {
63c372cb 737 x = strjoina("OBJECT_CMDLINE=", t);
968f3196
ZJS		 738 free(t);
739 IOVEC_SET_STRING(iovec[n++], x);
740 }
741
742#ifdef HAVE_AUDIT
743 r = audit_session_from_pid(object_pid, &audit);
744 if (r >= 0) {
de0671ee 745 sprintf(o_audit_session, "OBJECT_AUDIT_SESSION=%"PRIu32, audit);
968f3196
ZJS		 746 IOVEC_SET_STRING(iovec[n++], o_audit_session);
747 }
748
749 r = audit_loginuid_from_pid(object_pid, &loginuid);
750 if (r >= 0) {
de0671ee 751 sprintf(o_audit_loginuid, "OBJECT_AUDIT_LOGINUID="UID_FMT, loginuid);
968f3196
ZJS		 752 IOVEC_SET_STRING(iovec[n++], o_audit_loginuid);
753 }
754#endif
755
e9174f29 756 r = cg_pid_get_path_shifted(object_pid, s->cgroup_root, &c);
968f3196 757 if (r >= 0) {
63c372cb 758 x = strjoina("OBJECT_SYSTEMD_CGROUP=", c);
968f3196
ZJS		 759 IOVEC_SET_STRING(iovec[n++], x);
760
761 r = cg_path_get_session(c, &t);
762 if (r >= 0) {
63c372cb 763 x = strjoina("OBJECT_SYSTEMD_SESSION=", t);
968f3196
ZJS		 764 free(t);
765 IOVEC_SET_STRING(iovec[n++], x);
766 }
767
768 if (cg_path_get_owner_uid(c, &owner) >= 0) {
de0671ee 769 sprintf(o_owner_uid, "OBJECT_SYSTEMD_OWNER_UID="UID_FMT, owner);
968f3196
ZJS		 770 IOVEC_SET_STRING(iovec[n++], o_owner_uid);
771 }
772
773 if (cg_path_get_unit(c, &t) >= 0) {
63c372cb 774 x = strjoina("OBJECT_SYSTEMD_UNIT=", t);
968f3196 775 free(t);
19cace37
LP		 776 IOVEC_SET_STRING(iovec[n++], x);
777 }
778
779 if (cg_path_get_user_unit(c, &t) >= 0) {
63c372cb 780 x = strjoina("OBJECT_SYSTEMD_USER_UNIT=", t);
968f3196 781 free(t);
968f3196 782 IOVEC_SET_STRING(iovec[n++], x);
19cace37 783 }
968f3196
ZJS		 784
785 free(c);
786 }
787 }
788 assert(n <= m);
d025f1e4
ZJS		 789
790 if (tv) {
ae018d9b 791 sprintf(source_time, "_SOURCE_REALTIME_TIMESTAMP=%llu", (unsigned long long) timeval_load(tv));
a5693989 792 IOVEC_SET_STRING(iovec[n++], source_time);
d025f1e4
ZJS		 793 }
794
795 /* Note that strictly speaking storing the boot id here is
796 * redundant since the entry includes this in-line
797 * anyway. However, we need this indexed, too. */
0c24bb23
LP		 798 if (!isempty(s->boot_id_field))
799 IOVEC_SET_STRING(iovec[n++], s->boot_id_field);
d025f1e4 800
0c24bb23
LP		 801 if (!isempty(s->machine_id_field))
802 IOVEC_SET_STRING(iovec[n++], s->machine_id_field);
d025f1e4 803
0c24bb23
LP		 804 if (!isempty(s->hostname_field))
805 IOVEC_SET_STRING(iovec[n++], s->hostname_field);
d025f1e4
ZJS		 806
807 assert(n <= m);
808
da499392 809 if (s->split_mode == SPLIT_UID && realuid > 0)
40adcda8 810 /* Split up strictly by any UID */
759c945a 811 journal_uid = realuid;
82499507 812 else if (s->split_mode == SPLIT_LOGIN && realuid > 0 && owner_valid && owner > 0)
edc3797f
LP		 813 /* Split up by login UIDs. We do this only if the
814 * realuid is not root, in order not to accidentally
815 * leak privileged information to the user that is
816 * logged by a privileged process that is part of an
7517e174 817 * unprivileged session. */
8a0889df 818 journal_uid = owner;
da499392
KS		 819 else
820 journal_uid = 0;
759c945a 821
d07f7b9e 822 write_to_journal(s, journal_uid, iovec, n, priority);
d025f1e4
ZJS		 823}
824
825void server_driver_message(Server *s, sd_id128_t message_id, const char *format, ...) {
826 char mid[11 + 32 + 1];
827 char buffer[16 + LINE_MAX + 1];
828 struct iovec iovec[N_IOVEC_META_FIELDS + 4];
829 int n = 0;
830 va_list ap;
b92bea5d 831 struct ucred ucred = {};
d025f1e4
ZJS		 832
833 assert(s);
834 assert(format);
835
836 IOVEC_SET_STRING(iovec[n++], "PRIORITY=6");
837 IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=driver");
838
839 memcpy(buffer, "MESSAGE=", 8);
840 va_start(ap, format);
841 vsnprintf(buffer + 8, sizeof(buffer) - 8, format, ap);
842 va_end(ap);
d025f1e4
ZJS		 843 IOVEC_SET_STRING(iovec[n++], buffer);
844
845 if (!sd_id128_equal(message_id, SD_ID128_NULL)) {
e2cc6eca 846 snprintf(mid, sizeof(mid), LOG_MESSAGE_ID(message_id));
d025f1e4
ZJS		 847 IOVEC_SET_STRING(iovec[n++], mid);
848 }
849
d025f1e4
ZJS		 850 ucred.pid = getpid();
851 ucred.uid = getuid();
852 ucred.gid = getgid();
853
d07f7b9e 854 dispatch_message_real(s, iovec, n, ELEMENTSOF(iovec), &ucred, NULL, NULL, 0, NULL, LOG_INFO, 0);
d025f1e4
ZJS		 855}
856
857void server_dispatch_message(
858 Server *s,
859 struct iovec *iovec, unsigned n, unsigned m,
3b3154df
LP		 860 const struct ucred *ucred,
861 const struct timeval *tv,
d025f1e4
ZJS		 862 const char *label, size_t label_len,
863 const char *unit_id,
968f3196
ZJS		 864 int priority,
865 pid_t object_pid) {
d025f1e4 866
7027ff61 867 int rl, r;
7fd1b19b 868 _cleanup_free_ char *path = NULL;
db91ea32 869 char *c;
d025f1e4
ZJS		 870
871 assert(s);
872 assert(iovec || n == 0);
873
874 if (n == 0)
875 return;
876
877 if (LOG_PRI(priority) > s->max_level_store)
878 return;
879
2f5df74a
HHPF		 880 /* Stop early in case the information will not be stored
881 * in a journal. */
882 if (s->storage == STORAGE_NONE)
883 return;
884
d025f1e4
ZJS		 885 if (!ucred)
886 goto finish;
887
e9174f29 888 r = cg_pid_get_path_shifted(ucred->pid, s->cgroup_root, &path);
7027ff61 889 if (r < 0)
d025f1e4
ZJS		 890 goto finish;
891
892 /* example: /user/lennart/3/foobar
893 * /system/dbus.service/foobar
894 *
895 * So let's cut of everything past the third /, since that is
896 * where user directories start */
897
898 c = strchr(path, '/');
899 if (c) {
900 c = strchr(c+1, '/');
901 if (c) {
902 c = strchr(c+1, '/');
903 if (c)
904 *c = 0;
905 }
906 }
907
db91ea32 908 rl = journal_rate_limit_test(s->rate_limit, path,
670b110c 909 priority & LOG_PRIMASK, available_space(s, false));
d025f1e4 910
db91ea32 911 if (rl == 0)
d025f1e4 912 return;
d025f1e4
ZJS		 913
914 /* Write a suppression message if we suppressed something */
915 if (rl > 1)
db91ea32
ZJS		 916 server_driver_message(s, SD_MESSAGE_JOURNAL_DROPPED,
917 "Suppressed %u messages from %s", rl - 1, path);
d025f1e4
ZJS		 918
919finish:
d07f7b9e 920 dispatch_message_real(s, iovec, n, m, ucred, tv, label, label_len, unit_id, priority, object_pid);
d025f1e4
ZJS		 921}
922
923
caa2f4c0 924static int system_journal_open(Server *s, bool flush_requested) {
d025f1e4
ZJS		 925 int r;
926 char *fn;
927 sd_id128_t machine;
928 char ids[33];
929
930 r = sd_id128_get_machine(&machine);
23bbb0de
MS		 931 if (r < 0)
932 return log_error_errno(r, "Failed to get machine id: %m");
d025f1e4
ZJS		 933
934 sd_id128_to_string(machine, ids);
935
936 if (!s->system_journal &&
937 (s->storage == STORAGE_PERSISTENT || s->storage == STORAGE_AUTO) &&
caa2f4c0
ZJS		 938 (flush_requested
939 || access("/run/systemd/journal/flushed", F_OK) >= 0)) {
d025f1e4
ZJS		 940
941 /* If in auto mode: first try to create the machine
942 * path, but not the prefix.
943 *
944 * If in persistent mode: create /var/log/journal and
945 * the machine path */
946
947 if (s->storage == STORAGE_PERSISTENT)
ac892057 948 (void) mkdir_p("/var/log/journal/", 0755);
d025f1e4 949
63c372cb 950 fn = strjoina("/var/log/journal/", ids);
d025f1e4 951 (void) mkdir(fn, 0755);
d025f1e4 952
63c372cb 953 fn = strjoina(fn, "/system.journal");
d025f1e4 954 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &s->system_journal);
d025f1e4 955
670b110c 956 if (r >= 0)
d025f1e4 957 server_fix_perms(s, s->system_journal, 0);
433dd100
LN		 958 else if (r < 0) {
959 if (r != -ENOENT && r != -EROFS)
da927ba9 960 log_warning_errno(r, "Failed to open system journal: %m");
e40ec7ae 961
433dd100
LN		 962 r = 0;
963 }
d025f1e4
ZJS		 964 }
965
966 if (!s->runtime_journal &&
967 (s->storage != STORAGE_NONE)) {
968
969 fn = strjoin("/run/log/journal/", ids, "/system.journal", NULL);
970 if (!fn)
971 return -ENOMEM;
972
973 if (s->system_journal) {
974
975 /* Try to open the runtime journal, but only
976 * if it already exists, so that we can flush
977 * it into the system journal */
978
979 r = journal_file_open(fn, O_RDWR, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
980 free(fn);
981
982 if (r < 0) {
983 if (r != -ENOENT)
da927ba9 984 log_warning_errno(r, "Failed to open runtime journal: %m");
d025f1e4
ZJS		 985
986 r = 0;
987 }
988
989 } else {
990
991 /* OK, we really need the runtime journal, so create
992 * it if necessary. */
993
fc1d70af
LP		 994 (void) mkdir("/run/log", 0755);
995 (void) mkdir("/run/log/journal", 0755);
996 (void) mkdir_parents(fn, 0750);
997
d025f1e4
ZJS		 998 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
999 free(fn);
1000
23bbb0de
MS		 1001 if (r < 0)
1002 return log_error_errno(r, "Failed to open runtime journal: %m");
d025f1e4
ZJS		 1003 }
1004
670b110c 1005 if (s->runtime_journal)
d025f1e4 1006 server_fix_perms(s, s->runtime_journal, 0);
d025f1e4
ZJS		 1007 }
1008
670b110c
ZJS		 1009 available_space(s, true);
1010
d025f1e4
ZJS		 1011 return r;
1012}
1013
1014int server_flush_to_var(Server *s) {
d025f1e4
ZJS		 1015 sd_id128_t machine;
1016 sd_journal *j = NULL;
fbb63411
LP		 1017 char ts[FORMAT_TIMESPAN_MAX];
1018 usec_t start;
1019 unsigned n = 0;
1020 int r;
d025f1e4
ZJS		 1021
1022 assert(s);
1023
1024 if (s->storage != STORAGE_AUTO &&
1025 s->storage != STORAGE_PERSISTENT)
1026 return 0;
1027
1028 if (!s->runtime_journal)
1029 return 0;
1030
caa2f4c0 1031 system_journal_open(s, true);
d025f1e4
ZJS		 1032
1033 if (!s->system_journal)
1034 return 0;
1035
1036 log_debug("Flushing to /var...");
1037
fbb63411
LP		 1038 start = now(CLOCK_MONOTONIC);
1039
d025f1e4 1040 r = sd_id128_get_machine(&machine);
00a16861 1041 if (r < 0)
d025f1e4 1042 return r;
d025f1e4
ZJS		 1043
1044 r = sd_journal_open(&j, SD_JOURNAL_RUNTIME_ONLY);
23bbb0de
MS		 1045 if (r < 0)
1046 return log_error_errno(r, "Failed to read runtime journal: %m");
d025f1e4 1047
93b73b06
LP		 1048 sd_journal_set_data_threshold(j, 0);
1049
d025f1e4
ZJS		 1050 SD_JOURNAL_FOREACH(j) {
1051 Object *o = NULL;
1052 JournalFile *f;
1053
1054 f = j->current_file;
1055 assert(f && f->current_offset > 0);
1056
fbb63411
LP		 1057 n++;
1058
d025f1e4
ZJS		 1059 r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
1060 if (r < 0) {
da927ba9 1061 log_error_errno(r, "Can't read entry: %m");
d025f1e4
ZJS		 1062 goto finish;
1063 }
1064
1065 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
1066 if (r >= 0)
1067 continue;
1068
1069 if (!shall_try_append_again(s->system_journal, r)) {
da927ba9 1070 log_error_errno(r, "Can't write entry: %m");
d025f1e4
ZJS		 1071 goto finish;
1072 }
1073
1074 server_rotate(s);
1075 server_vacuum(s);
1076
253f59df
LP		 1077 if (!s->system_journal) {
1078 log_notice("Didn't flush runtime journal since rotation of system journal wasn't successful.");
1079 r = -EIO;
1080 goto finish;
1081 }
1082
d025f1e4
ZJS		 1083 log_debug("Retrying write.");
1084 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
1085 if (r < 0) {
da927ba9 1086 log_error_errno(r, "Can't write entry: %m");
d025f1e4
ZJS		 1087 goto finish;
1088 }
1089 }
1090
1091finish:
1092 journal_file_post_change(s->system_journal);
1093
1094 journal_file_close(s->runtime_journal);
1095 s->runtime_journal = NULL;
1096
1097 if (r >= 0)
c6878637 1098 (void) rm_rf("/run/log/journal", REMOVE_ROOT);
d025f1e4 1099
763c7aa2 1100 sd_journal_close(j);
d025f1e4 1101
fbb63411
LP		 1102 server_driver_message(s, SD_ID128_NULL, "Time spent on flushing to /var is %s for %u entries.", format_timespan(ts, sizeof(ts), now(CLOCK_MONOTONIC) - start, 0), n);
1103
d025f1e4
ZJS		 1104 return r;
1105}
1106
8531ae70 1107int server_process_datagram(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
f9a810be 1108 Server *s = userdata;
a315ac4e
LP		 1109 struct ucred *ucred = NULL;
1110 struct timeval *tv = NULL;
1111 struct cmsghdr *cmsg;
1112 char *label = NULL;
1113 size_t label_len = 0, m;
1114 struct iovec iovec;
1115 ssize_t n;
1116 int *fds = NULL, v = 0;
1117 unsigned n_fds = 0;
1118
1119 union {
1120 struct cmsghdr cmsghdr;
1121
1122 /* We use NAME_MAX space for the SELinux label
1123 * here. The kernel currently enforces no
1124 * limit, but according to suggestions from
1125 * the SELinux people this will change and it
1126 * will probably be identical to NAME_MAX. For
1127 * now we use that, but this should be updated
1128 * one day when the final limit is known. */
1129 uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
1130 CMSG_SPACE(sizeof(struct timeval)) +
1131 CMSG_SPACE(sizeof(int)) + /* fd */
1132 CMSG_SPACE(NAME_MAX)]; /* selinux label */
1133 } control = {};
1134
1135 union sockaddr_union sa = {};
1136
1137 struct msghdr msghdr = {
1138 .msg_iov = &iovec,
1139 .msg_iovlen = 1,
1140 .msg_control = &control,
1141 .msg_controllen = sizeof(control),
1142 .msg_name = &sa,
1143 .msg_namelen = sizeof(sa),
1144 };
f9a810be 1145
d025f1e4 1146 assert(s);
875c2e22 1147 assert(fd == s->native_fd || fd == s->syslog_fd || fd == s->audit_fd);
f9a810be
LP		 1148
1149 if (revents != EPOLLIN) {
1150 log_error("Got invalid event from epoll for datagram fd: %"PRIx32, revents);
1151 return -EIO;
1152 }
1153
a315ac4e
LP		 1154 /* Try to get the right size, if we can. (Not all
1155 * sockets support SIOCINQ, hence we just try, but
1156 * don't rely on it. */
1157 (void) ioctl(fd, SIOCINQ, &v);
d025f1e4 1158
a315ac4e
LP		 1159 /* Fix it up, if it is too small. We use the same fixed value as auditd here. Awful! */
1160 m = PAGE_ALIGN(MAX3((size_t) v + 1,
1161 (size_t) LINE_MAX,
1162 ALIGN(sizeof(struct nlmsghdr)) + ALIGN((size_t) MAX_AUDIT_MESSAGE_LENGTH)) + 1);
d025f1e4 1163
a315ac4e
LP		 1164 if (!GREEDY_REALLOC(s->buffer, s->buffer_size, m))
1165 return log_oom();
875c2e22 1166
a315ac4e
LP		 1167 iovec.iov_base = s->buffer;
1168 iovec.iov_len = s->buffer_size - 1; /* Leave room for trailing NUL we add later */
d025f1e4 1169
a315ac4e
LP		 1170 n = recvmsg(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
1171 if (n < 0) {
1172 if (errno == EINTR || errno == EAGAIN)
1173 return 0;
875c2e22 1174
a315ac4e
LP		 1175 return log_error_errno(errno, "recvmsg() failed: %m");
1176 }
875c2e22 1177
a315ac4e
LP		 1178 CMSG_FOREACH(cmsg, &msghdr) {
1179
1180 if (cmsg->cmsg_level == SOL_SOCKET &&
1181 cmsg->cmsg_type == SCM_CREDENTIALS &&
1182 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
1183 ucred = (struct ucred*) CMSG_DATA(cmsg);
1184 else if (cmsg->cmsg_level == SOL_SOCKET &&
1185 cmsg->cmsg_type == SCM_SECURITY) {
1186 label = (char*) CMSG_DATA(cmsg);
1187 label_len = cmsg->cmsg_len - CMSG_LEN(0);
1188 } else if (cmsg->cmsg_level == SOL_SOCKET &&
1189 cmsg->cmsg_type == SO_TIMESTAMP &&
1190 cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval)))
1191 tv = (struct timeval*) CMSG_DATA(cmsg);
1192 else if (cmsg->cmsg_level == SOL_SOCKET &&
1193 cmsg->cmsg_type == SCM_RIGHTS) {
1194 fds = (int*) CMSG_DATA(cmsg);
1195 n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
d025f1e4 1196 }
a315ac4e 1197 }
d025f1e4 1198
a315ac4e
LP		 1199 /* And a trailing NUL, just in case */
1200 s->buffer[n] = 0;
1201
1202 if (fd == s->syslog_fd) {
1203 if (n > 0 && n_fds == 0)
1204 server_process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len);
1205 else if (n_fds > 0)
1206 log_warning("Got file descriptors via syslog socket. Ignoring.");
1207
1208 } else if (fd == s->native_fd) {
1209 if (n > 0 && n_fds == 0)
1210 server_process_native_message(s, s->buffer, n, ucred, tv, label, label_len);
1211 else if (n == 0 && n_fds == 1)
1212 server_process_native_file(s, fds[0], ucred, tv, label, label_len);
1213 else if (n_fds > 0)
1214 log_warning("Got too many file descriptors via native socket. Ignoring.");
1215
1216 } else {
1217 assert(fd == s->audit_fd);
1218
1219 if (n > 0 && n_fds == 0)
1220 server_process_audit_message(s, s->buffer, n, ucred, &sa, msghdr.msg_namelen);
1221 else if (n_fds > 0)
1222 log_warning("Got file descriptors via audit socket. Ignoring.");
f9a810be 1223 }
a315ac4e
LP		 1224
1225 close_many(fds, n_fds);
1226 return 0;
f9a810be 1227}
d025f1e4 1228
f9a810be
LP		 1229static int dispatch_sigusr1(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1230 Server *s = userdata;
d025f1e4 1231
f9a810be 1232 assert(s);
d025f1e4 1233
f9a810be 1234 log_info("Received request to flush runtime journal from PID %"PRIu32, si->ssi_pid);
d025f1e4 1235
f9a810be
LP		 1236 server_flush_to_var(s);
1237 server_sync(s);
3bfd4e0c 1238 server_vacuum(s);
d025f1e4 1239
74055aa7
LP		 1240 touch("/run/systemd/journal/flushed");
1241
f9a810be
LP		 1242 return 0;
1243}
d025f1e4 1244
f9a810be
LP		 1245static int dispatch_sigusr2(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1246 Server *s = userdata;
d025f1e4 1247
f9a810be 1248 assert(s);
d025f1e4 1249
f9a810be
LP		 1250 log_info("Received request to rotate journal from PID %"PRIu32, si->ssi_pid);
1251 server_rotate(s);
1252 server_vacuum(s);
d025f1e4 1253
f9a810be
LP		 1254 return 0;
1255}
d025f1e4 1256
f9a810be
LP		 1257static int dispatch_sigterm(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1258 Server *s = userdata;
d025f1e4 1259
f9a810be 1260 assert(s);
d025f1e4 1261
4daf54a8 1262 log_received_signal(LOG_INFO, si);
d025f1e4 1263
6203e07a 1264 sd_event_exit(s->event, 0);
d025f1e4
ZJS		 1265 return 0;
1266}
1267
f9a810be 1268static int setup_signals(Server *s) {
f9a810be 1269 int r;
d025f1e4
ZJS		 1270
1271 assert(s);
1272
72c0a2c2 1273 assert(sigprocmask_many(SIG_SETMASK, NULL, SIGINT, SIGTERM, SIGUSR1, SIGUSR2, -1) >= 0);
d025f1e4 1274
151b9b96 1275 r = sd_event_add_signal(s->event, &s->sigusr1_event_source, SIGUSR1, dispatch_sigusr1, s);
f9a810be
LP		 1276 if (r < 0)
1277 return r;
1278
151b9b96 1279 r = sd_event_add_signal(s->event, &s->sigusr2_event_source, SIGUSR2, dispatch_sigusr2, s);
f9a810be
LP		 1280 if (r < 0)
1281 return r;
d025f1e4 1282
151b9b96 1283 r = sd_event_add_signal(s->event, &s->sigterm_event_source, SIGTERM, dispatch_sigterm, s);
f9a810be
LP		 1284 if (r < 0)
1285 return r;
d025f1e4 1286
151b9b96 1287 r = sd_event_add_signal(s->event, &s->sigint_event_source, SIGINT, dispatch_sigterm, s);
f9a810be
LP		 1288 if (r < 0)
1289 return r;
d025f1e4
ZJS		 1290
1291 return 0;
1292}
1293
1294static int server_parse_proc_cmdline(Server *s) {
7fd1b19b 1295 _cleanup_free_ char *line = NULL;
a2a5291b 1296 const char *w, *state;
d025f1e4 1297 size_t l;
74df0fca 1298 int r;
d025f1e4 1299
74df0fca 1300 r = proc_cmdline(&line);
b5884878 1301 if (r < 0) {
da927ba9 1302 log_warning_errno(r, "Failed to read /proc/cmdline, ignoring: %m");
d025f1e4 1303 return 0;
b5884878 1304 }
d025f1e4
ZJS		 1305
1306 FOREACH_WORD_QUOTED(w, l, line, state) {
7fd1b19b 1307 _cleanup_free_ char *word;
d025f1e4
ZJS		 1308
1309 word = strndup(w, l);
db91ea32
ZJS		 1310 if (!word)
1311 return -ENOMEM;
d025f1e4
ZJS		 1312
1313 if (startswith(word, "systemd.journald.forward_to_syslog=")) {
1314 r = parse_boolean(word + 35);
1315 if (r < 0)
1316 log_warning("Failed to parse forward to syslog switch %s. Ignoring.", word + 35);
1317 else
1318 s->forward_to_syslog = r;
1319 } else if (startswith(word, "systemd.journald.forward_to_kmsg=")) {
1320 r = parse_boolean(word + 33);
1321 if (r < 0)
1322 log_warning("Failed to parse forward to kmsg switch %s. Ignoring.", word + 33);
1323 else
1324 s->forward_to_kmsg = r;
1325 } else if (startswith(word, "systemd.journald.forward_to_console=")) {
1326 r = parse_boolean(word + 36);
1327 if (r < 0)
1328 log_warning("Failed to parse forward to console switch %s. Ignoring.", word + 36);
1329 else
1330 s->forward_to_console = r;
40b71e89
ST		 1331 } else if (startswith(word, "systemd.journald.forward_to_wall=")) {
1332 r = parse_boolean(word + 33);
1333 if (r < 0)
1334 log_warning("Failed to parse forward to wall switch %s. Ignoring.", word + 33);
1335 else
1336 s->forward_to_wall = r;
d025f1e4
ZJS		 1337 } else if (startswith(word, "systemd.journald"))
1338 log_warning("Invalid systemd.journald parameter. Ignoring.");
d025f1e4 1339 }
b2fadec6 1340 /* do not warn about state here, since probably systemd already did */
d025f1e4 1341
db91ea32 1342 return 0;
d025f1e4
ZJS		 1343}
1344
1345static int server_parse_config_file(Server *s) {
d025f1e4
ZJS		 1346 assert(s);
1347
a9edaeff
JT		 1348 return config_parse_many("/etc/systemd/journald.conf",
1349 CONF_DIRS_NULSTR("systemd/journald.conf"),
1350 "Journal\0",
1351 config_item_perf_lookup, journald_gperf_lookup,
1352 false, s);
d025f1e4
ZJS		 1353}
1354
f9a810be
LP		 1355static int server_dispatch_sync(sd_event_source *es, usec_t t, void *userdata) {
1356 Server *s = userdata;
26687bf8
OS		 1357
1358 assert(s);
1359
f9a810be 1360 server_sync(s);
26687bf8
OS		 1361 return 0;
1362}
1363
d07f7b9e 1364int server_schedule_sync(Server *s, int priority) {
26687bf8
OS		 1365 int r;
1366
26687bf8
OS		 1367 assert(s);
1368
d07f7b9e
LP		 1369 if (priority <= LOG_CRIT) {
1370 /* Immediately sync to disk when this is of priority CRIT, ALERT, EMERG */
1371 server_sync(s);
1372 return 0;
1373 }
1374
26687bf8
OS		 1375 if (s->sync_scheduled)
1376 return 0;
1377
f9a810be
LP		 1378 if (s->sync_interval_usec > 0) {
1379 usec_t when;
ca267016 1380
6a0f1f6d 1381 r = sd_event_now(s->event, CLOCK_MONOTONIC, &when);
f9a810be
LP		 1382 if (r < 0)
1383 return r;
26687bf8 1384
f9a810be
LP		 1385 when += s->sync_interval_usec;
1386
1387 if (!s->sync_event_source) {
6a0f1f6d
LP		 1388 r = sd_event_add_time(
1389 s->event,
1390 &s->sync_event_source,
1391 CLOCK_MONOTONIC,
1392 when, 0,
1393 server_dispatch_sync, s);
f9a810be
LP		 1394 if (r < 0)
1395 return r;
1396
1397 r = sd_event_source_set_priority(s->sync_event_source, SD_EVENT_PRIORITY_IMPORTANT);
1398 } else {
1399 r = sd_event_source_set_time(s->sync_event_source, when);
1400 if (r < 0)
1401 return r;
1402
1403 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_ONESHOT);
1404 }
26687bf8 1405 if (r < 0)
f9a810be 1406 return r;
26687bf8 1407
f9a810be
LP		 1408 s->sync_scheduled = true;
1409 }
26687bf8
OS		 1410
1411 return 0;
1412}
1413
0c24bb23
LP		 1414static int dispatch_hostname_change(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
1415 Server *s = userdata;
1416
1417 assert(s);
1418
1419 server_cache_hostname(s);
1420 return 0;
1421}
1422
1423static int server_open_hostname(Server *s) {
1424 int r;
1425
1426 assert(s);
1427
1428 s->hostname_fd = open("/proc/sys/kernel/hostname", O_RDONLY|O_CLOEXEC|O_NDELAY|O_NOCTTY);
4a62c710
MS		 1429 if (s->hostname_fd < 0)
1430 return log_error_errno(errno, "Failed to open /proc/sys/kernel/hostname: %m");
0c24bb23 1431
151b9b96 1432 r = sd_event_add_io(s->event, &s->hostname_event_source, s->hostname_fd, 0, dispatch_hostname_change, s);
0c24bb23 1433 if (r < 0) {
28def94c
DR		 1434 /* kernels prior to 3.2 don't support polling this file. Ignore
1435 * the failure. */
1436 if (r == -EPERM) {
1437 log_warning("Failed to register hostname fd in event loop: %s. Ignoring.",
1438 strerror(-r));
03e334a1 1439 s->hostname_fd = safe_close(s->hostname_fd);
28def94c
DR		 1440 return 0;
1441 }
1442
23bbb0de 1443 return log_error_errno(r, "Failed to register hostname fd in event loop: %m");
0c24bb23
LP		 1444 }
1445
1446 r = sd_event_source_set_priority(s->hostname_event_source, SD_EVENT_PRIORITY_IMPORTANT-10);
23bbb0de
MS		 1447 if (r < 0)
1448 return log_error_errno(r, "Failed to adjust priority of host name event source: %m");
0c24bb23
LP		 1449
1450 return 0;
1451}
1452
d025f1e4 1453int server_init(Server *s) {
13790add 1454 _cleanup_fdset_free_ FDSet *fds = NULL;
d025f1e4
ZJS		 1455 int n, r, fd;
1456
1457 assert(s);
1458
1459 zero(*s);
875c2e22 1460 s->syslog_fd = s->native_fd = s->stdout_fd = s->dev_kmsg_fd = s->audit_fd = s->hostname_fd = -1;
d025f1e4
ZJS		 1461 s->compress = true;
1462 s->seal = true;
1463
26687bf8
OS		 1464 s->sync_interval_usec = DEFAULT_SYNC_INTERVAL_USEC;
1465 s->sync_scheduled = false;
1466
d025f1e4
ZJS		 1467 s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL;
1468 s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST;
1469
40b71e89 1470 s->forward_to_wall = true;
d025f1e4 1471
e150e820
MB		 1472 s->max_file_usec = DEFAULT_MAX_FILE_USEC;
1473
d025f1e4
ZJS		 1474 s->max_level_store = LOG_DEBUG;
1475 s->max_level_syslog = LOG_DEBUG;
1476 s->max_level_kmsg = LOG_NOTICE;
1477 s->max_level_console = LOG_INFO;
40b71e89 1478 s->max_level_wall = LOG_EMERG;
d025f1e4
ZJS		 1479
1480 memset(&s->system_metrics, 0xFF, sizeof(s->system_metrics));
1481 memset(&s->runtime_metrics, 0xFF, sizeof(s->runtime_metrics));
1482
1483 server_parse_config_file(s);
1484 server_parse_proc_cmdline(s);
d288f79f 1485 if (!!s->rate_limit_interval ^ !!s->rate_limit_burst) {
b1389b0d
ZJS		 1486 log_debug("Setting both rate limit interval and burst from "USEC_FMT",%u to 0,0",
1487 s->rate_limit_interval, s->rate_limit_burst);
d288f79f
ZJS		 1488 s->rate_limit_interval = s->rate_limit_burst = 0;
1489 }
d025f1e4
ZJS		 1490
1491 mkdir_p("/run/systemd/journal", 0755);
1492
43cf8388 1493 s->user_journals = ordered_hashmap_new(NULL);
d025f1e4
ZJS		 1494 if (!s->user_journals)
1495 return log_oom();
1496
1497 s->mmap = mmap_cache_new();
1498 if (!s->mmap)
1499 return log_oom();
1500
f9a810be 1501 r = sd_event_default(&s->event);
23bbb0de
MS		 1502 if (r < 0)
1503 return log_error_errno(r, "Failed to create event loop: %m");
d025f1e4 1504
f9a810be
LP		 1505 sd_event_set_watchdog(s->event, true);
1506
d025f1e4 1507 n = sd_listen_fds(true);
23bbb0de
MS		 1508 if (n < 0)
1509 return log_error_errno(n, "Failed to read listening file descriptors from environment: %m");
d025f1e4
ZJS		 1510
1511 for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
1512
1513 if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/socket", 0) > 0) {
1514
1515 if (s->native_fd >= 0) {
1516 log_error("Too many native sockets passed.");
1517 return -EINVAL;
1518 }
1519
1520 s->native_fd = fd;
1521
1522 } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, "/run/systemd/journal/stdout", 0) > 0) {
1523
1524 if (s->stdout_fd >= 0) {
1525 log_error("Too many stdout sockets passed.");
1526 return -EINVAL;
1527 }
1528
1529 s->stdout_fd = fd;
1530
03ee5c38
LP		 1531 } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0 ||
1532 sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/dev-log", 0) > 0) {
d025f1e4
ZJS		 1533
1534 if (s->syslog_fd >= 0) {
1535 log_error("Too many /dev/log sockets passed.");
1536 return -EINVAL;
1537 }
1538
1539 s->syslog_fd = fd;
1540
875c2e22
LP		 1541 } else if (sd_is_socket(fd, AF_NETLINK, SOCK_RAW, -1) > 0) {
1542
1543 if (s->audit_fd >= 0) {
1544 log_error("Too many audit sockets passed.");
1545 return -EINVAL;
1546 }
1547
1548 s->audit_fd = fd;
1549
4ec3cd73 1550 } else {
4ec3cd73 1551
13790add
LP		 1552 if (!fds) {
1553 fds = fdset_new();
1554 if (!fds)
1555 return log_oom();
1556 }
4ec3cd73 1557
13790add
LP		 1558 r = fdset_put(fds, fd);
1559 if (r < 0)
1560 return log_oom();
4ec3cd73 1561 }
d025f1e4
ZJS		 1562 }
1563
13790add 1564 r = server_open_stdout_socket(s, fds);
d025f1e4
ZJS		 1565 if (r < 0)
1566 return r;
1567
13790add
LP		 1568 if (fdset_size(fds) > 0) {
1569 log_warning("%u unknown file descriptors passed, closing.", fdset_size(fds));
1570 fds = fdset_free(fds);
1571 }
1572
1573 r = server_open_syslog_socket(s);
d025f1e4
ZJS		 1574 if (r < 0)
1575 return r;
1576
13790add 1577 r = server_open_native_socket(s);
d025f1e4
ZJS		 1578 if (r < 0)
1579 return r;
1580
1581 r = server_open_dev_kmsg(s);
1582 if (r < 0)
1583 return r;
1584
875c2e22
LP		 1585 r = server_open_audit(s);
1586 if (r < 0)
1587 return r;
1588
d025f1e4
ZJS		 1589 r = server_open_kernel_seqnum(s);
1590 if (r < 0)
1591 return r;
1592
0c24bb23
LP		 1593 r = server_open_hostname(s);
1594 if (r < 0)
1595 return r;
1596
f9a810be 1597 r = setup_signals(s);
d025f1e4
ZJS		 1598 if (r < 0)
1599 return r;
1600
1601 s->udev = udev_new();
1602 if (!s->udev)
1603 return -ENOMEM;
1604
f9a810be 1605 s->rate_limit = journal_rate_limit_new(s->rate_limit_interval, s->rate_limit_burst);
d025f1e4
ZJS		 1606 if (!s->rate_limit)
1607 return -ENOMEM;
1608
e9174f29
LP		 1609 r = cg_get_root_path(&s->cgroup_root);
1610 if (r < 0)
1611 return r;
1612
0c24bb23
LP		 1613 server_cache_hostname(s);
1614 server_cache_boot_id(s);
1615 server_cache_machine_id(s);
1616
caa2f4c0 1617 r = system_journal_open(s, false);
d025f1e4
ZJS		 1618 if (r < 0)
1619 return r;
1620
1621 return 0;
1622}
1623
1624void server_maybe_append_tags(Server *s) {
1625#ifdef HAVE_GCRYPT
1626 JournalFile *f;
1627 Iterator i;
1628 usec_t n;
1629
1630 n = now(CLOCK_REALTIME);
1631
1632 if (s->system_journal)
1633 journal_file_maybe_append_tag(s->system_journal, n);
1634
43cf8388 1635 ORDERED_HASHMAP_FOREACH(f, s->user_journals, i)
d025f1e4
ZJS		 1636 journal_file_maybe_append_tag(f, n);
1637#endif
1638}
1639
1640void server_done(Server *s) {
1641 JournalFile *f;
1642 assert(s);
1643
1644 while (s->stdout_streams)
1645 stdout_stream_free(s->stdout_streams);
1646
1647 if (s->system_journal)
1648 journal_file_close(s->system_journal);
1649
1650 if (s->runtime_journal)
1651 journal_file_close(s->runtime_journal);
1652
43cf8388 1653 while ((f = ordered_hashmap_steal_first(s->user_journals)))
d025f1e4
ZJS		 1654 journal_file_close(f);
1655
43cf8388 1656 ordered_hashmap_free(s->user_journals);
d025f1e4 1657
f9a810be
LP		 1658 sd_event_source_unref(s->syslog_event_source);
1659 sd_event_source_unref(s->native_event_source);
1660 sd_event_source_unref(s->stdout_event_source);
1661 sd_event_source_unref(s->dev_kmsg_event_source);
875c2e22 1662 sd_event_source_unref(s->audit_event_source);
f9a810be
LP		 1663 sd_event_source_unref(s->sync_event_source);
1664 sd_event_source_unref(s->sigusr1_event_source);
1665 sd_event_source_unref(s->sigusr2_event_source);
1666 sd_event_source_unref(s->sigterm_event_source);
1667 sd_event_source_unref(s->sigint_event_source);
0c24bb23 1668 sd_event_source_unref(s->hostname_event_source);
f9a810be 1669 sd_event_unref(s->event);
d025f1e4 1670
03e334a1
LP		 1671 safe_close(s->syslog_fd);
1672 safe_close(s->native_fd);
1673 safe_close(s->stdout_fd);
1674 safe_close(s->dev_kmsg_fd);
875c2e22 1675 safe_close(s->audit_fd);
03e334a1 1676 safe_close(s->hostname_fd);
0c24bb23 1677
d025f1e4
ZJS		 1678 if (s->rate_limit)
1679 journal_rate_limit_free(s->rate_limit);
1680
1681 if (s->kernel_seqnum)
1682 munmap(s->kernel_seqnum, sizeof(uint64_t));
1683
1684 free(s->buffer);
1685 free(s->tty_path);
e9174f29 1686 free(s->cgroup_root);
99d0966e 1687 free(s->hostname_field);
d025f1e4
ZJS		 1688
1689 if (s->mmap)
1690 mmap_cache_unref(s->mmap);
1691
3e044c49 1692 udev_unref(s->udev);
d025f1e4 1693}
Unnamed repository; edit this file 'description' to name the repository.