]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/journal/journald-server.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
journal-file-util: drop unused template argument for journal_file_open_reliably()
[thirdparty/systemd.git] / src / journal / journald-server.c
CommitLineData
db9ecf05 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
d025f1e4 2
349cc4a5 3#if HAVE_SELINUX
24882e06
LP		 4#include <selinux/selinux.h>
5#endif
8580d1f7
LP		 6#include <sys/ioctl.h>
7#include <sys/mman.h>
8#include <sys/signalfd.h>
9#include <sys/statvfs.h>
07630cea 10#include <linux/sockios.h>
24882e06 11
8580d1f7 12#include "sd-daemon.h"
74df0fca
LP		 13#include "sd-journal.h"
14#include "sd-messages.h"
8580d1f7
LP		 15
16#include "acl-util.h"
b5efdb8a 17#include "alloc-util.h"
430f0182 18#include "audit-util.h"
d025f1e4 19#include "cgroup-util.h"
d025f1e4 20#include "conf-parser.h"
a0956174 21#include "dirent-util.h"
0dec689b 22#include "extract-word.h"
3ffd4af2 23#include "fd-util.h"
33d52ab9 24#include "fileio.h"
f97b34a6 25#include "format-util.h"
f4f15635 26#include "fs-util.h"
8580d1f7 27#include "hashmap.h"
958b66ea 28#include "hostname-util.h"
4b58153d 29#include "id128-util.h"
baa6a42d 30#include "initrd-util.h"
bd1ae178 31#include "iovec-util.h"
8580d1f7 32#include "journal-authenticate.h"
1e094703 33#include "journal-file-util.h"
d025f1e4
ZJS		 34#include "journal-internal.h"
35#include "journal-vacuum.h"
8580d1f7 36#include "journald-audit.h"
22e3a02b 37#include "journald-context.h"
d025f1e4 38#include "journald-kmsg.h"
d025f1e4 39#include "journald-native.h"
8580d1f7 40#include "journald-rate-limit.h"
3ffd4af2 41#include "journald-server.h"
8580d1f7
LP		 42#include "journald-stream.h"
43#include "journald-syslog.h"
4b58153d 44#include "log.h"
f5947a5e 45#include "missing_audit.h"
07630cea 46#include "mkdir.h"
6bedfcbb 47#include "parse-util.h"
b1852c48 48#include "path-util.h"
4e731273 49#include "proc-cmdline.h"
07630cea
LP		 50#include "process-util.h"
51#include "rm-rf.h"
52#include "selinux-util.h"
53#include "signal-util.h"
54#include "socket-util.h"
32917e33 55#include "stdio-util.h"
8b43440b 56#include "string-table.h"
07630cea 57#include "string-util.h"
863a5610 58#include "syslog-util.h"
8e1ac16b 59#include "uid-classification.h"
22e3a02b 60#include "user-util.h"
abef4a7b 61#include "varlink-io.systemd.Journal.h"
d025f1e4 62
d025f1e4
ZJS		 63#define USER_JOURNALS_MAX 1024
64
26687bf8 65#define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
7f1ad696 66#define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC)
3de8ff5a 67#define DEFAULT_RATE_LIMIT_BURST 10000
e150e820 68#define DEFAULT_MAX_FILE_USEC USEC_PER_MONTH
d025f1e4 69
9c416180
DDM		 70#define DEFAULT_KMSG_OWN_INTERVAL (5 * USEC_PER_SEC)
71#define DEFAULT_KMSG_OWN_BURST 50
72
8580d1f7 73#define RECHECK_SPACE_USEC (30*USEC_PER_SEC)
d025f1e4 74
e22aa3d3
LP		 75#define NOTIFY_SNDBUF_SIZE (8*1024*1024)
76
7a24f3bf
VC		 77/* The period to insert between posting changes for coalescing */
78#define POST_CHANGE_TIMER_INTERVAL_USEC (250*USEC_PER_MSEC)
79
ec20fe5f
LP		 80/* Pick a good default that is likely to fit into AF_UNIX and AF_INET SOCK_DGRAM datagrams, and even leaves some room
81 * for a bit of additional metadata. */
82#define DEFAULT_LINE_MAX (48*1024)
83
a33687b7
LP		 84#define DEFERRED_CLOSES_MAX (4096)
85
65c398c0
LP		 86#define IDLE_TIMEOUT_USEC (30*USEC_PER_SEC)
87
7d1e61ca 88#define FAILED_TO_WRITE_ENTRY_RATELIMIT ((const RateLimit) { .interval = 1 * USEC_PER_SEC, .burst = 1 })
0f06e64c 89
9540782d 90static int server_determine_path_usage(
4f603103
LP		 91 Server *s,
92 const char *path,
93 uint64_t *ret_used,
94 uint64_t *ret_free) {
95
e0ed6db9 96 _cleanup_closedir_ DIR *d = NULL;
e0ed6db9 97 struct statvfs ss;
e0ed6db9 98
4f603103
LP		 99 assert(s);
100 assert(path);
e0ed6db9
FB		 101 assert(ret_used);
102 assert(ret_free);
103
266a4700 104 d = opendir(path);
e0ed6db9 105 if (!d)
8522691d 106 return log_ratelimit_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR,
d9799ea2 107 errno, JOURNAL_LOG_RATELIMIT, "Failed to open %s: %m", path);
e0ed6db9
FB		 108
109 if (fstatvfs(dirfd(d), &ss) < 0)
d9799ea2 110 return log_ratelimit_error_errno(errno, JOURNAL_LOG_RATELIMIT,
8522691d 111 "Failed to fstatvfs(%s): %m", path);
e0ed6db9
FB		 112
113 *ret_free = ss.f_bsize * ss.f_bavail;
114 *ret_used = 0;
115 FOREACH_DIRENT_ALL(de, d, break) {
116 struct stat st;
117
118 if (!endswith(de->d_name, ".journal") &&
119 !endswith(de->d_name, ".journal~"))
120 continue;
121
122 if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
f9fbac8b 123 log_debug_errno(errno, "Failed to stat %s/%s, ignoring: %m", path, de->d_name);
e0ed6db9
FB		 124 continue;
125 }
126
127 if (!S_ISREG(st.st_mode))
128 continue;
129
130 *ret_used += (uint64_t) st.st_blocks * 512UL;
131 }
132
133 return 0;
134}
135
a0edc477 136static void cache_space_invalidate(JournalStorageSpace *space) {
67319249 137 zero(*space);
a0edc477
FB		 138}
139
57f443a6 140static int cache_space_refresh(Server *s, JournalStorage *storage) {
23aba343 141 JournalStorageSpace *space;
266a4700 142 JournalMetrics *metrics;
23aba343 143 uint64_t vfs_used, vfs_avail, avail;
d025f1e4 144 usec_t ts;
e0ed6db9 145 int r;
d025f1e4 146
8580d1f7 147 assert(s);
266a4700 148
266a4700 149 metrics = &storage->metrics;
23aba343 150 space = &storage->space;
d025f1e4 151
8580d1f7 152 ts = now(CLOCK_MONOTONIC);
d025f1e4 153
496db330 154 if (space->timestamp != 0 && usec_add(space->timestamp, RECHECK_SPACE_USEC) > ts)
d025f1e4
ZJS		 155 return 0;
156
9540782d 157 r = server_determine_path_usage(s, storage->path, &vfs_used, &vfs_avail);
e0ed6db9
FB		 158 if (r < 0)
159 return r;
d025f1e4 160
23aba343
FB		 161 space->vfs_used = vfs_used;
162 space->vfs_available = vfs_avail;
163
164 avail = LESS_BY(vfs_avail, metrics->keep_free);
165
6d7afa3b 166 space->limit = CLAMP(vfs_used + avail, metrics->min_use, metrics->max_use);
23aba343
FB		 167 space->available = LESS_BY(space->limit, vfs_used);
168 space->timestamp = ts;
8580d1f7
LP		 169 return 1;
170}
171
3a19f215
FB		 172static void patch_min_use(JournalStorage *storage) {
173 assert(storage);
174
175 /* Let's bump the min_use limit to the current usage on disk. We do
176 * this when starting up and first opening the journal files. This way
177 * sudden spikes in disk usage will not cause journald to vacuum files
178 * without bounds. Note that this means that only a restart of journald
179 * will make it reset this value. */
180
181 storage->metrics.min_use = MAX(storage->metrics.min_use, storage->space.vfs_used);
182}
183
b42b9479
LP		 184static JournalStorage* server_current_storage(Server *s) {
185 assert(s);
186
187 return s->system_journal ? &s->system_storage : &s->runtime_storage;
188}
189
9540782d 190static int server_determine_space(Server *s, uint64_t *available, uint64_t *limit) {
266a4700 191 JournalStorage *js;
57f443a6 192 int r;
8580d1f7
LP		 193
194 assert(s);
195
b42b9479 196 js = server_current_storage(s);
57f443a6
FB		 197
198 r = cache_space_refresh(s, js);
199 if (r >= 0) {
200 if (available)
201 *available = js->space.available;
202 if (limit)
203 *limit = js->space.limit;
204 }
205 return r;
d025f1e4
ZJS		 206}
207
cba5629e 208void server_space_usage_message(Server *s, JournalStorage *storage) {
cba5629e
FB		 209 assert(s);
210
211 if (!storage)
b42b9479 212 storage = server_current_storage(s);
cba5629e 213
57f443a6 214 if (cache_space_refresh(s, storage) < 0)
cba5629e
FB		 215 return;
216
2b59bf51
ZJS		 217 const JournalMetrics *metrics = &storage->metrics;
218
13181942
LP		 219 server_driver_message(s, 0,
220 "MESSAGE_ID=" SD_MESSAGE_JOURNAL_USAGE_STR,
cba5629e 221 LOG_MESSAGE("%s (%s) is %s, max %s, %s free.",
f843f85d
YW		 222 storage->name, storage->path,
223 FORMAT_BYTES(storage->space.vfs_used),
224 FORMAT_BYTES(storage->space.limit),
225 FORMAT_BYTES(storage->space.available)),
cba5629e
FB		 226 "JOURNAL_NAME=%s", storage->name,
227 "JOURNAL_PATH=%s", storage->path,
23aba343 228 "CURRENT_USE=%"PRIu64, storage->space.vfs_used,
f843f85d 229 "CURRENT_USE_PRETTY=%s", FORMAT_BYTES(storage->space.vfs_used),
cba5629e 230 "MAX_USE=%"PRIu64, metrics->max_use,
2b59bf51 231 "MAX_USE_PRETTY=%s", FORMAT_BYTES(metrics->max_use),
cba5629e 232 "DISK_KEEP_FREE=%"PRIu64, metrics->keep_free,
2b59bf51 233 "DISK_KEEP_FREE_PRETTY=%s", FORMAT_BYTES(metrics->keep_free),
23aba343 234 "DISK_AVAILABLE=%"PRIu64, storage->space.vfs_available,
2b59bf51 235 "DISK_AVAILABLE_PRETTY=%s", FORMAT_BYTES(storage->space.vfs_available),
cba5629e 236 "LIMIT=%"PRIu64, storage->space.limit,
f843f85d 237 "LIMIT_PRETTY=%s", FORMAT_BYTES(storage->space.limit),
cba5629e 238 "AVAILABLE=%"PRIu64, storage->space.available,
f843f85d 239 "AVAILABLE_PRETTY=%s", FORMAT_BYTES(storage->space.available),
cba5629e
FB		 240 NULL);
241}
242
45c0ecba 243static void server_add_acls(JournalFile *f, uid_t uid) {
d025f1e4
ZJS		 244 assert(f);
245
349cc4a5 246#if HAVE_ACL
567aeb58
ZJS		 247 int r;
248
2fce06b0 249 if (uid_for_system_journal(uid))
d025f1e4
ZJS		 250 return;
251
45c0ecba 252 r = fd_add_uid_acl_permission(f->fd, uid, ACL_READ);
5c3bde3f 253 if (r < 0)
d9799ea2 254 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
45c0ecba 255 "Failed to set ACL on %s, ignoring: %m", f->path);
d025f1e4
ZJS		 256#endif
257}
258
9540782d 259static int server_open_journal(
7a24f3bf
VC		 260 Server *s,
261 bool reliably,
262 const char *fname,
49615dbd 263 int open_flags,
7a24f3bf
VC		 264 bool seal,
265 JournalMetrics *metrics,
45c0ecba 266 JournalFile **ret) {
e8591544 267
45c0ecba 268 _cleanup_(journal_file_offline_closep) JournalFile *f = NULL;
49615dbd 269 JournalFileFlags file_flags;
e8591544 270 int r;
7a24f3bf
VC		 271
272 assert(s);
273 assert(fname);
274 assert(ret);
275
ce92dc27
LP		 276 file_flags =
277 (s->compress.enabled ? JOURNAL_COMPRESS : 0) |
278 (seal ? JOURNAL_SEAL : 0) |
279 JOURNAL_STRICT_ORDER;
49615dbd 280
45c0ecba 281 set_clear_with_destructor(s->deferred_closes, journal_file_offline_close);
5f6b79b7 282
7a24f3bf 283 if (reliably)
45c0ecba 284 r = journal_file_open_reliably(
49615dbd
LP		 285 fname,
286 open_flags,
287 file_flags,
288 0640,
289 s->compress.threshold_bytes,
290 metrics,
291 s->mmap,
49615dbd 292 &f);
7a24f3bf 293 else
45c0ecba 294 r = journal_file_open(
36c6b26c 295 /* fd= */ -EBADF,
49615dbd
LP		 296 fname,
297 open_flags,
298 file_flags,
299 0640,
300 s->compress.threshold_bytes,
301 metrics,
302 s->mmap,
6713ed7a 303 /* template= */ NULL,
49615dbd 304 &f);
7a24f3bf
VC		 305 if (r < 0)
306 return r;
307
45c0ecba 308 r = journal_file_enable_post_change_timer(f, s->event, POST_CHANGE_TIMER_INTERVAL_USEC);
627df1dc 309 if (r < 0)
7a24f3bf 310 return r;
7a24f3bf 311
627df1dc 312 *ret = TAKE_PTR(f);
7a24f3bf
VC		 313 return r;
314}
315
9540782d 316static bool server_flushed_flag_is_set(Server *s) {
b1852c48
LP		 317 const char *fn;
318
319 assert(s);
320
321 /* We don't support the "flushing" concept for namespace instances, we assume them to always have
322 * access to /var */
323 if (s->namespace)
324 return true;
325
326 fn = strjoina(s->runtime_directory, "/flushed");
327 return access(fn, F_OK) >= 0;
6431c7e2
VC		 328}
329
9540782d
LP		 330static int server_system_journal_open(
331 Server *s,
332 bool flush_requested,
333 bool relinquish_requested) {
334
105bdb46
VC		 335 const char *fn;
336 int r = 0;
337
338 if (!s->system_journal &&
f78273c8 339 IN_SET(s->storage, STORAGE_PERSISTENT, STORAGE_AUTO) &&
9540782d 340 (flush_requested || server_flushed_flag_is_set(s)) &&
b4e26d1d 341 !relinquish_requested) {
105bdb46 342
d6f46470 343 /* If in auto mode: first try to create the machine path, but not the prefix.
105bdb46 344 *
d6f46470 345 * If in persistent mode: create /var/log/journal and the machine path */
105bdb46
VC		 346
347 if (s->storage == STORAGE_PERSISTENT)
d6f46470 348 (void) mkdir_parents(s->system_storage.path, 0755);
105bdb46 349
266a4700 350 (void) mkdir(s->system_storage.path, 0755);
105bdb46 351
266a4700 352 fn = strjoina(s->system_storage.path, "/system.journal");
9540782d 353 r = server_open_journal(
6713ed7a
LP		 354 s,
355 /* reliably= */ true,
356 fn,
357 O_RDWR|O_CREAT,
358 s->seal,
359 &s->system_storage.metrics,
360 &s->system_journal);
105bdb46
VC		 361 if (r >= 0) {
362 server_add_acls(s->system_journal, 0);
57f443a6 363 (void) cache_space_refresh(s, &s->system_storage);
3a19f215 364 patch_min_use(&s->system_storage);
29bfb683 365 } else {
4c701096 366 if (!IN_SET(r, -ENOENT, -EROFS))
d9799ea2 367 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
8522691d 368 "Failed to open system journal: %m");
105bdb46
VC		 369
370 r = 0;
371 }
929eeb54 372
d6f46470
LP		 373 /* If the runtime journal is open, and we're post-flush, we're recovering from a failed
374 * system journal rotate (ENOSPC) for which the runtime journal was reopened.
929eeb54 375 *
d6f46470
LP		 376 * Perform an implicit flush to var, leaving the runtime journal closed, now that the system
377 * journal is back.
929eeb54 378 */
f78273c8
LP		 379 if (!flush_requested)
380 (void) server_flush_to_var(s, true);
105bdb46
VC		 381 }
382
383 if (!s->runtime_journal &&
384 (s->storage != STORAGE_NONE)) {
385
266a4700 386 fn = strjoina(s->runtime_storage.path, "/system.journal");
105bdb46 387
418a4987 388 if (!s->system_journal || relinquish_requested) {
105bdb46 389
418a4987
DDM		 390 /* OK, we really need the runtime journal, so create it if necessary. */
391
392 (void) mkdir_parents(s->runtime_storage.path, 0755);
393 (void) mkdir(s->runtime_storage.path, 0750);
394
395 r = server_open_journal(
396 s,
397 /* reliably= */ true,
398 fn,
399 O_RDWR|O_CREAT,
400 /* seal= */ false,
401 &s->runtime_storage.metrics,
402 &s->runtime_journal);
403 if (r < 0)
404 return log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
405 "Failed to open runtime journal: %m");
406
407 } else if (!server_flushed_flag_is_set(s)) {
6713ed7a
LP		 408 /* Try to open the runtime journal, but only if it already exists, so that we can
409 * flush it into the system journal */
410
9540782d 411 r = server_open_journal(
6713ed7a
LP		 412 s,
413 /* reliably= */ false,
414 fn,
415 O_RDWR,
416 /* seal= */ false,
417 &s->runtime_storage.metrics,
418 &s->runtime_journal);
105bdb46
VC		 419 if (r < 0) {
420 if (r != -ENOENT)
d9799ea2 421 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
8522691d 422 "Failed to open runtime journal: %m");
105bdb46
VC		 423
424 r = 0;
425 }
105bdb46
VC		 426 }
427
428 if (s->runtime_journal) {
429 server_add_acls(s->runtime_journal, 0);
57f443a6 430 (void) cache_space_refresh(s, &s->runtime_storage);
3a19f215 431 patch_min_use(&s->runtime_storage);
105bdb46
VC		 432 }
433 }
434
435 return r;
436}
437
45c0ecba
YW		 438static int server_find_user_journal(Server *s, uid_t uid, JournalFile **ret) {
439 _cleanup_(journal_file_offline_closep) JournalFile *f = NULL;
ed375beb 440 _cleanup_free_ char *p = NULL;
ab92e15e
FB		 441 int r;
442
443 assert(!uid_for_system_journal(uid));
444
445 f = ordered_hashmap_get(s->user_journals, UID_TO_PTR(uid));
446 if (f)
447 goto found;
448
449 if (asprintf(&p, "%s/user-" UID_FMT ".journal", s->system_storage.path, uid) < 0)
450 return log_oom();
451
452 /* Too many open? Then let's close one (or more) */
453 while (ordered_hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
45c0ecba 454 JournalFile *first;
ab92e15e
FB		 455
456 assert_se(first = ordered_hashmap_steal_first(s->user_journals));
45c0ecba 457 (void) journal_file_offline_close(first);
ab92e15e
FB		 458 }
459
9540782d 460 r = server_open_journal(
6713ed7a
LP		 461 s,
462 /* reliably= */ true,
463 p,
464 O_RDWR|O_CREAT,
465 s->seal,
466 &s->system_storage.metrics,
467 &f);
ab92e15e
FB		 468 if (r < 0)
469 return r;
470
471 r = ordered_hashmap_put(s->user_journals, UID_TO_PTR(uid), f);
472 if (r < 0)
473 return r;
474
475 server_add_acls(f, uid);
476
477found:
478 *ret = TAKE_PTR(f);
479 return 0;
480}
481
45c0ecba 482static JournalFile* server_find_journal(Server *s, uid_t uid) {
46e2348a 483 int r;
d025f1e4
ZJS		 484
485 assert(s);
486
46e2348a
LP		 487 /* A rotate that fails to create the new journal (ENOSPC) leaves the rotated journal as NULL. Unless
488 * we revisit opening, even after space is made available we'll continue to return NULL indefinitely.
105bdb46 489 *
46e2348a
LP		 490 * system_journal_open() is a noop if the journals are already open, so we can just call it here to
491 * recover from failed rotates (or anything else that's left the journals as NULL).
105bdb46
VC		 492 *
493 * Fixes https://github.com/systemd/systemd/issues/3968 */
9540782d 494 (void) server_system_journal_open(s, /* flush_requested= */ false, /* relinquish_requested= */ false);
105bdb46 495
46e2348a
LP		 496 /* We split up user logs only on /var, not on /run. If the runtime file is open, we write to it
497 * exclusively, in order to guarantee proper order as soon as we flush /run to /var and close the
498 * runtime file. */
d025f1e4
ZJS		 499
500 if (s->runtime_journal)
501 return s->runtime_journal;
502
d64441b6
MT		 503 /* If we are not in persistent mode, then we need return NULL immediately rather than opening a
504 * persistent journal of any sort.
505 *
506 * Fixes https://github.com/systemd/systemd/issues/20390 */
507 if (!IN_SET(s->storage, STORAGE_AUTO, STORAGE_PERSISTENT))
508 return NULL;
509
ab92e15e 510 if (!uid_for_system_journal(uid)) {
45c0ecba 511 JournalFile *f = NULL;
d025f1e4 512
9540782d 513 r = server_find_user_journal(s, uid, &f);
ab92e15e
FB		 514 if (r >= 0)
515 return ASSERT_PTR(f);
d025f1e4 516
ab92e15e 517 log_warning_errno(r, "Failed to open user journal file, falling back to system journal: %m");
d0307775 518 }
d025f1e4 519
ab92e15e 520 return s->system_journal;
d025f1e4
ZJS		 521}
522
9540782d 523static int server_do_rotate(
ea69bd41 524 Server *s,
45c0ecba 525 JournalFile **f,
ea69bd41
LP		 526 const char* name,
527 bool seal,
528 uint32_t uid) {
529
49615dbd 530 JournalFileFlags file_flags;
fc55baee 531 int r;
49615dbd 532
fc55baee
ZJS		 533 assert(s);
534
535 if (!*f)
536 return -EINVAL;
537
49615dbd
LP		 538 file_flags =
539 (s->compress.enabled ? JOURNAL_COMPRESS : 0)|
ce92dc27
LP		 540 (seal ? JOURNAL_SEAL : 0) |
541 JOURNAL_STRICT_ORDER;
49615dbd 542
45c0ecba 543 r = journal_file_rotate(f, s->mmap, file_flags, s->compress.threshold_bytes, s->deferred_closes);
bb6b922f 544 if (r < 0) {
fc55baee 545 if (*f)
d9799ea2 546 return log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT,
45c0ecba 547 "Failed to rotate %s: %m", (*f)->path);
fc55baee 548 else
d9799ea2 549 return log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT,
8522691d 550 "Failed to create new %s journal: %m", name);
bb6b922f
YW		 551 }
552
553 server_add_acls(*f, uid);
fc55baee
ZJS		 554 return r;
555}
556
f760d8a8 557static void server_process_deferred_closes(Server *s) {
45c0ecba 558 JournalFile *f;
f760d8a8
LP		 559
560 /* Perform any deferred closes which aren't still offlining. */
90e74a66 561 SET_FOREACH(f, s->deferred_closes) {
45c0ecba 562 if (journal_file_is_offlining(f))
a33687b7
LP		 563 continue;
564
565 (void) set_remove(s->deferred_closes, f);
45c0ecba 566 (void) journal_file_offline_close(f);
a33687b7
LP		 567 }
568}
569
570static void server_vacuum_deferred_closes(Server *s) {
571 assert(s);
572
573 /* Make some room in the deferred closes list, so that it doesn't grow without bounds */
574 if (set_size(s->deferred_closes) < DEFERRED_CLOSES_MAX)
575 return;
576
577 /* Let's first remove all journal files that might already have completed closing */
578 server_process_deferred_closes(s);
579
580 /* And now, let's close some more until we reach the limit again. */
581 while (set_size(s->deferred_closes) >= DEFERRED_CLOSES_MAX) {
45c0ecba 582 JournalFile *f;
a33687b7
LP		 583
584 assert_se(f = set_steal_first(s->deferred_closes));
45c0ecba 585 journal_file_offline_close(f);
a33687b7
LP		 586 }
587}
588
43d287ec 589static int server_archive_offline_user_journals(Server *s) {
4e00337b 590 _cleanup_closedir_ DIR *d = NULL;
a33687b7
LP		 591 int r;
592
593 assert(s);
594
4e00337b
LP		 595 d = opendir(s->system_storage.path);
596 if (!d) {
597 if (errno == ENOENT)
598 return 0;
599
d9799ea2 600 return log_ratelimit_error_errno(errno, JOURNAL_LOG_RATELIMIT,
8522691d 601 "Failed to open %s: %m", s->system_storage.path);
4e00337b
LP		 602 }
603
604 for (;;) {
596c3c7f 605 _cleanup_free_ char *full = NULL;
254d1313 606 _cleanup_close_ int fd = -EBADF;
4e00337b 607 struct dirent *de;
45c0ecba 608 JournalFile *f;
4e00337b
LP		 609 uid_t uid;
610
611 errno = 0;
612 de = readdir_no_dot(d);
613 if (!de) {
614 if (errno != 0)
d9799ea2 615 log_ratelimit_warning_errno(errno, JOURNAL_LOG_RATELIMIT,
8522691d
DDM		 616 "Failed to enumerate %s, ignoring: %m",
617 s->system_storage.path);
4e00337b
LP		 618 break;
619 }
620
596c3c7f 621 r = journal_file_parse_uid_from_filename(de->d_name, &uid);
4e00337b 622 if (r < 0) {
596c3c7f
FB		 623 /* Don't warn if the file is not an online or offline user journal. */
624 if (r != -EREMOTE)
625 log_warning_errno(r, "Failed to parse UID from file name '%s', ignoring: %m", de->d_name);
4e00337b
LP		 626 continue;
627 }
628
629 /* Already rotated in the above loop? i.e. is it an open user journal? */
630 if (ordered_hashmap_contains(s->user_journals, UID_TO_PTR(uid)))
631 continue;
632
633 full = path_join(s->system_storage.path, de->d_name);
634 if (!full)
635 return log_oom();
636
637 fd = openat(dirfd(d), de->d_name, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW|O_NONBLOCK);
638 if (fd < 0) {
8522691d 639 log_ratelimit_full_errno(IN_SET(errno, ELOOP, ENOENT) ? LOG_DEBUG : LOG_WARNING,
d9799ea2 640 errno, JOURNAL_LOG_RATELIMIT,
8522691d 641 "Failed to open journal file '%s' for rotation: %m", full);
4e00337b
LP		 642 continue;
643 }
a33687b7 644
4e00337b
LP		 645 /* Make some room in the set of deferred close()s */
646 server_vacuum_deferred_closes(s);
647
648 /* Open the file briefly, so that we can archive it */
45c0ecba 649 r = journal_file_open(
49615dbd
LP		 650 fd,
651 full,
652 O_RDWR,
653 (s->compress.enabled ? JOURNAL_COMPRESS : 0) |
ce92dc27 654 (s->seal ? JOURNAL_SEAL : 0), /* strict order does not matter here */
49615dbd
LP		 655 0640,
656 s->compress.threshold_bytes,
657 &s->system_storage.metrics,
658 s->mmap,
6713ed7a 659 /* template= */ NULL,
49615dbd 660 &f);
4e00337b 661 if (r < 0) {
d9799ea2 662 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
8522691d
DDM		 663 "Failed to read journal file %s for rotation, trying to move it out of the way: %m",
664 full);
4e00337b
LP		 665
666 r = journal_file_dispose(dirfd(d), de->d_name);
667 if (r < 0)
d9799ea2 668 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
8522691d
DDM		 669 "Failed to move %s out of the way, ignoring: %m",
670 full);
4e00337b 671 else
f9fbac8b 672 log_debug("Successfully moved %s out of the way.", full);
a33687b7 673
4e00337b
LP		 674 continue;
675 }
676
45c0ecba 677 TAKE_FD(fd); /* Donated to journal_file_open() */
4e00337b 678
e375bc5f 679 journal_file_write_final_tag(f);
45c0ecba 680 r = journal_file_archive(f, NULL);
4e00337b 681 if (r < 0)
f9fbac8b 682 log_debug_errno(r, "Failed to archive journal file '%s', ignoring: %m", full);
4e00337b 683
45c0ecba 684 journal_file_initiate_close(TAKE_PTR(f), s->deferred_closes);
4e00337b 685 }
a33687b7
LP		 686
687 return 0;
f760d8a8
LP		 688}
689
d025f1e4 690void server_rotate(Server *s) {
45c0ecba 691 JournalFile *f;
a33687b7 692 void *k;
d025f1e4
ZJS		 693 int r;
694
f9fbac8b 695 log_debug("Rotating...");
d025f1e4 696
a33687b7 697 /* First, rotate the system journal (either in its runtime flavour or in its runtime flavour) */
9540782d
LP		 698 (void) server_do_rotate(s, &s->runtime_journal, "runtime", /* seal= */ false, /* uid= */ 0);
699 (void) server_do_rotate(s, &s->system_journal, "system", s->seal, /* uid= */ 0);
d025f1e4 700
a33687b7 701 /* Then, rotate all user journals we have open (keeping them open) */
90e74a66 702 ORDERED_HASHMAP_FOREACH_KEY(f, k, s->user_journals) {
9540782d 703 r = server_do_rotate(s, &f, "user", s->seal, PTR_TO_UID(k));
fc55baee 704 if (r >= 0)
43cf8388 705 ordered_hashmap_replace(s->user_journals, k, f);
fc55baee
ZJS		 706 else if (!f)
707 /* Old file has been closed and deallocated */
43cf8388 708 ordered_hashmap_remove(s->user_journals, k);
d025f1e4 709 }
b58c888f 710
4e00337b
LP		 711 /* Finally, also rotate all user journals we currently do not have open. (But do so only if we
712 * actually have access to /var, i.e. are not in the log-to-runtime-journal mode). */
713 if (!s->runtime_journal)
43d287ec 714 (void) server_archive_offline_user_journals(s);
a33687b7 715
f760d8a8 716 server_process_deferred_closes(s);
d025f1e4
ZJS		 717}
718
26687bf8 719void server_sync(Server *s) {
45c0ecba 720 JournalFile *f;
26687bf8
OS		 721 int r;
722
26687bf8 723 if (s->system_journal) {
45c0ecba 724 r = journal_file_set_offline(s->system_journal, false);
26687bf8 725 if (r < 0)
d9799ea2 726 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
8522691d 727 "Failed to sync system journal, ignoring: %m");
26687bf8
OS		 728 }
729
90e74a66 730 ORDERED_HASHMAP_FOREACH(f, s->user_journals) {
45c0ecba 731 r = journal_file_set_offline(f, false);
26687bf8 732 if (r < 0)
d9799ea2 733 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
8522691d 734 "Failed to sync user journal, ignoring: %m");
26687bf8
OS		 735 }
736
f9a810be
LP		 737 if (s->sync_event_source) {
738 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_OFF);
739 if (r < 0)
d9799ea2 740 log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT,
8522691d 741 "Failed to disable sync timer source: %m");
f9a810be 742 }
26687bf8
OS		 743
744 s->sync_scheduled = false;
745}
746
9540782d 747static void server_do_vacuum(Server *s, JournalStorage *storage, bool verbose) {
ea69bd41 748
63c8666b
ZJS		 749 int r;
750
8580d1f7 751 assert(s);
266a4700 752 assert(storage);
8580d1f7 753
57f443a6 754 (void) cache_space_refresh(s, storage);
18e758bf
FB		 755
756 if (verbose)
757 server_space_usage_message(s, storage);
8580d1f7 758
57f443a6
FB		 759 r = journal_directory_vacuum(storage->path, storage->space.limit,
760 storage->metrics.n_max_files, s->max_retention_usec,
761 &s->oldest_file_usec, verbose);
63c8666b 762 if (r < 0 && r != -ENOENT)
d9799ea2 763 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
8522691d 764 "Failed to vacuum %s, ignoring: %m", storage->path);
266a4700 765
a0edc477 766 cache_space_invalidate(&storage->space);
63c8666b
ZJS		 767}
768
b278cf2e 769void server_vacuum(Server *s, bool verbose) {
8580d1f7 770 assert(s);
d025f1e4 771
f9fbac8b 772 log_debug("Vacuuming...");
d025f1e4
ZJS		 773
774 s->oldest_file_usec = 0;
775
266a4700 776 if (s->system_journal)
9540782d 777 server_do_vacuum(s, &s->system_storage, verbose);
266a4700 778 if (s->runtime_journal)
9540782d 779 server_do_vacuum(s, &s->runtime_storage, verbose);
d025f1e4
ZJS		 780}
781
0c24bb23
LP		 782static void server_cache_machine_id(Server *s) {
783 sd_id128_t id;
784 int r;
785
786 assert(s);
787
788 r = sd_id128_get_machine(&id);
789 if (r < 0)
790 return;
791
792 sd_id128_to_string(id, stpcpy(s->machine_id_field, "_MACHINE_ID="));
793}
794
795static void server_cache_boot_id(Server *s) {
796 sd_id128_t id;
797 int r;
798
799 assert(s);
800
801 r = sd_id128_get_boot(&id);
802 if (r < 0)
803 return;
804
805 sd_id128_to_string(id, stpcpy(s->boot_id_field, "_BOOT_ID="));
806}
807
808static void server_cache_hostname(Server *s) {
809 _cleanup_free_ char *t = NULL;
810 char *x;
811
812 assert(s);
813
814 t = gethostname_malloc();
815 if (!t)
816 return;
817
b910cc72 818 x = strjoin("_HOSTNAME=", t);
0c24bb23
LP		 819 if (!x)
820 return;
821
99d0d05a 822 free_and_replace(s->hostname_field, x);
0c24bb23
LP		 823}
824
8531ae70 825static bool shall_try_append_again(JournalFile *f, int r) {
79893116 826 switch (r) {
ae739cc1 827
6e1045e5
ZJS		 828 case -E2BIG: /* Hit configured limit */
829 case -EFBIG: /* Hit fs limit */
830 case -EDQUOT: /* Quota limit hit */
831 case -ENOSPC: /* Disk full */
32b0678c 832 log_debug_errno(r, "%s: Allocation limit reached, rotating.", f->path);
6e1045e5 833 return true;
ae739cc1 834
379864f8
RP		 835 case -EROFS: /* Read-only file system */
836 /* When appending an entry fails if shall_try_append_again returns true, the journal is
837 * rotated. If the FS is read-only, rotation will fail and s->system_journal will be set to
838 * NULL. After that, when find_journal will try to open the journal since s->system_journal
839 * will be NULL, it will open the runtime journal. */
32b0678c 840 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Read-only file system, rotating.", f->path);
379864f8
RP		 841 return true;
842
6e1045e5 843 case -EIO: /* I/O error of some kind (mmap) */
32b0678c 844 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT, "%s: IO error, rotating.", f->path);
6e1045e5 845 return true;
ae739cc1 846
6e1045e5 847 case -EHOSTDOWN: /* Other machine */
32b0678c 848 log_ratelimit_info_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Journal file from other machine, rotating.", f->path);
6e1045e5 849 return true;
ae739cc1 850
6e1045e5 851 case -EBUSY: /* Unclean shutdown */
32b0678c 852 log_ratelimit_info_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Unclean shutdown, rotating.", f->path);
6e1045e5 853 return true;
ae739cc1 854
6e1045e5 855 case -EPROTONOSUPPORT: /* Unsupported feature */
32b0678c 856 log_ratelimit_info_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Unsupported feature, rotating.", f->path);
6e1045e5 857 return true;
ae739cc1 858
6e1045e5
ZJS		 859 case -EBADMSG: /* Corrupted */
860 case -ENODATA: /* Truncated */
861 case -ESHUTDOWN: /* Already archived */
5789c609 862 case -EADDRNOTAVAIL: /* Referenced object offset out of bounds */
32b0678c 863 log_ratelimit_info_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Journal file corrupted, rotating.", f->path);
6e1045e5 864 return true;
ae739cc1 865
6e1045e5 866 case -EIDRM: /* Journal file has been deleted */
32b0678c 867 log_ratelimit_info_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Journal file has been deleted, rotating.", f->path);
6e1045e5 868 return true;
ae739cc1 869
ce92dc27 870 case -EREMCHG: /* Wallclock time (CLOCK_REALTIME) jumped backwards relative to last journal entry */
32b0678c 871 log_ratelimit_info_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Realtime clock jumped backwards relative to last journal entry, rotating.", f->path);
ce92dc27
LP		 872 return true;
873
addcecf6 874 case -ENOTNAM: /* Monotonic time (CLOCK_MONOTONIC) jumped backwards relative to last journal entry with the same boot ID */
875 log_ratelimit_info_errno(
876 r,
877 JOURNAL_LOG_RATELIMIT,
878 "%s: Monotonic clock jumped backwards relative to last journal entry with the same boot ID, rotating.",
879 f->path);
1d8d483f 880 return true;
881
e5d60d1b 882 case -EILSEQ: /* seqnum ID last used in the file doesn't match the one we'd passed when writing an entry to it */
32b0678c 883 log_ratelimit_info_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Journal file uses a different sequence number ID, rotating.", f->path);
e5d60d1b
LP		 884 return true;
885
5087825e 886 case -EAFNOSUPPORT:
32b0678c 887 log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Underlying file system does not support memory mapping or another required file system feature.", f->path);
5087825e
LP		 888 return false;
889
6e1045e5 890 default:
d6df3bfb 891 log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Unexpected error while writing to journal file: %m", f->path);
d025f1e4 892 return false;
6e1045e5 893 }
d025f1e4
ZJS		 894}
895
e5d60d1b
LP		 896static void server_write_to_journal(
897 Server *s,
898 uid_t uid,
899 const struct iovec *iovec,
900 size_t n,
901 int priority) {
902
7c070017 903 bool vacuumed = false, rotate = false;
0f972d66 904 struct dual_timestamp ts;
45c0ecba 905 JournalFile *f;
d025f1e4
ZJS		 906 int r;
907
908 assert(s);
909 assert(iovec);
910 assert(n > 0);
911
0f972d66
LP		 912 /* Get the closest, linearized time we have for this log event from the event loop. (Note that we do not use
913 * the source time, and not even the time the event was originally seen, but instead simply the time we started
914 * processing it, as we want strictly linear ordering in what we write out.) */
915 assert_se(sd_event_now(s->event, CLOCK_REALTIME, &ts.realtime) >= 0);
916 assert_se(sd_event_now(s->event, CLOCK_MONOTONIC, &ts.monotonic) >= 0);
917
7c070017
LP		 918 if (ts.realtime < s->last_realtime_clock) {
919 /* When the time jumps backwards, let's immediately rotate. Of course, this should not happen during
920 * regular operation. However, when it does happen, then we should make sure that we start fresh files
921 * to ensure that the entries in the journal files are strictly ordered by time, in order to ensure
922 * bisection works correctly. */
d025f1e4 923
d9799ea2 924 log_ratelimit_info(JOURNAL_LOG_RATELIMIT, "Time jumped backwards, rotating.");
7c070017
LP		 925 rotate = true;
926 } else {
927
9540782d 928 f = server_find_journal(s, uid);
7c070017
LP		 929 if (!f)
930 return;
931
45c0ecba 932 if (journal_file_rotate_suggested(f, s->max_file_usec, LOG_DEBUG)) {
afc47ee2 933 log_debug("%s: Journal header limits reached or header out-of-date, rotating.",
45c0ecba 934 f->path);
7c070017
LP		 935 rotate = true;
936 }
937 }
d025f1e4 938
7c070017 939 if (rotate) {
d025f1e4 940 server_rotate(s);
3a19f215 941 server_vacuum(s, false);
d025f1e4
ZJS		 942 vacuumed = true;
943
9540782d 944 f = server_find_journal(s, uid);
d025f1e4
ZJS		 945 if (!f)
946 return;
947 }
948
7c070017
LP		 949 s->last_realtime_clock = ts.realtime;
950
e5d60d1b 951 r = journal_file_append_entry(
45c0ecba 952 f,
e5d60d1b
LP		 953 &ts,
954 /* boot_id= */ NULL,
955 iovec, n,
956 &s->seqnum->seqnum,
957 &s->seqnum->id,
958 /* ret_object= */ NULL,
959 /* ret_offset= */ NULL);
26687bf8 960 if (r >= 0) {
d07f7b9e 961 server_schedule_sync(s, priority);
d025f1e4 962 return;
26687bf8 963 }
d025f1e4 964
c24e0dbe 965 log_debug_errno(r, "Failed to write entry to %s (%zu items, %zu bytes): %m", f->path, n, iovec_total_size(iovec, n));
0631aabd 966
45c0ecba 967 if (!shall_try_append_again(f, r))
0631aabd
LP		 968 return;
969 if (vacuumed) {
970 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
971 "Suppressing rotation, as we already rotated immediately before write attempt. Giving up.");
d025f1e4
ZJS		 972 return;
973 }
974
975 server_rotate(s);
3a19f215 976 server_vacuum(s, false);
d025f1e4 977
9540782d 978 f = server_find_journal(s, uid);
d025f1e4
ZJS		 979 if (!f)
980 return;
981
f9fbac8b 982 log_debug_errno(r, "Retrying write.");
e5d60d1b 983 r = journal_file_append_entry(
45c0ecba 984 f,
e5d60d1b
LP		 985 &ts,
986 /* boot_id= */ NULL,
987 iovec, n,
988 &s->seqnum->seqnum,
989 &s->seqnum->id,
990 /* ret_object= */ NULL,
991 /* ret_offset= */ NULL);
8266e1c0 992 if (r < 0)
8522691d
DDM		 993 log_ratelimit_error_errno(r, FAILED_TO_WRITE_ENTRY_RATELIMIT,
994 "Failed to write entry to %s (%zu items, %zu bytes) despite vacuuming, ignoring: %m",
c24e0dbe 995 f->path, n, iovec_total_size(iovec, n));
8266e1c0 996 else
d07f7b9e 997 server_schedule_sync(s, priority);
d025f1e4
ZJS		 998}
999
22e3a02b
LP		 1000#define IOVEC_ADD_NUMERIC_FIELD(iovec, n, value, type, isset, format, field) \
1001 if (isset(value)) { \
1002 char *k; \
fbd0b64f 1003 k = newa(char, STRLEN(field "=") + DECIMAL_STR_MAX(type) + 1); \
22e3a02b 1004 sprintf(k, field "=" format, value); \
e6a7ec4b 1005 iovec[n++] = IOVEC_MAKE_STRING(k); \
22e3a02b 1006 }
4b58153d 1007
22e3a02b
LP		 1008#define IOVEC_ADD_STRING_FIELD(iovec, n, value, field) \
1009 if (!isempty(value)) { \
1010 char *k; \
1011 k = strjoina(field "=", value); \
e6a7ec4b 1012 iovec[n++] = IOVEC_MAKE_STRING(k); \
22e3a02b 1013 }
4b58153d 1014
22e3a02b
LP		 1015#define IOVEC_ADD_ID128_FIELD(iovec, n, value, field) \
1016 if (!sd_id128_is_null(value)) { \
1017 char *k; \
fbd0b64f 1018 k = newa(char, STRLEN(field "=") + SD_ID128_STRING_MAX); \
22e3a02b 1019 sd_id128_to_string(value, stpcpy(k, field "=")); \
e6a7ec4b 1020 iovec[n++] = IOVEC_MAKE_STRING(k); \
22e3a02b 1021 }
4b58153d 1022
22e3a02b
LP		 1023#define IOVEC_ADD_SIZED_FIELD(iovec, n, value, value_size, field) \
1024 if (value_size > 0) { \
1025 char *k; \
fbd0b64f 1026 k = newa(char, STRLEN(field "=") + value_size + 1); \
22e3a02b 1027 *((char*) mempcpy(stpcpy(k, field "="), value, value_size)) = 0; \
e6a7ec4b 1028 iovec[n++] = IOVEC_MAKE_STRING(k); \
22e3a02b 1029 } \
4b58153d 1030
9540782d 1031static void server_dispatch_message_real(
d025f1e4 1032 Server *s,
d3070fbd 1033 struct iovec *iovec, size_t n, size_t m,
22e3a02b 1034 const ClientContext *c,
3b3154df 1035 const struct timeval *tv,
d07f7b9e 1036 int priority,
22e3a02b
LP		 1037 pid_t object_pid) {
1038
1039 char source_time[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)];
d7ac0952 1040 _unused_ _cleanup_free_ char *cmdline1 = NULL, *cmdline2 = NULL;
22e3a02b
LP		 1041 uid_t journal_uid;
1042 ClientContext *o;
d025f1e4
ZJS		 1043
1044 assert(s);
1045 assert(iovec);
1046 assert(n > 0);
d3070fbd
LP		 1047 assert(n +
1048 N_IOVEC_META_FIELDS +
1049 (pid_is_valid(object_pid) ? N_IOVEC_OBJECT_FIELDS : 0) +
1050 client_context_extra_fields_n_iovec(c) <= m);
19cace37 1051
22e3a02b
LP		 1052 if (c) {
1053 IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->pid, pid_t, pid_is_valid, PID_FMT, "_PID");
1054 IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->uid, uid_t, uid_is_valid, UID_FMT, "_UID");
1055 IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->gid, gid_t, gid_is_valid, GID_FMT, "_GID");
4b58153d 1056
084eeb86
ZJS		 1057 IOVEC_ADD_STRING_FIELD(iovec, n, c->comm, "_COMM"); /* At most TASK_COMM_LENGTH (16 bytes) */
1058 IOVEC_ADD_STRING_FIELD(iovec, n, c->exe, "_EXE"); /* A path, so at most PATH_MAX (4096 bytes) */
d025f1e4 1059
084eeb86
ZJS		 1060 if (c->cmdline)
1061 /* At most _SC_ARG_MAX (2MB usually), which is too much to put on stack.
1062 * Let's use a heap allocation for this one. */
1063 cmdline1 = set_iovec_string_field(iovec, &n, "_CMDLINE=", c->cmdline);
ae018d9b 1064
084eeb86
ZJS		 1065 IOVEC_ADD_STRING_FIELD(iovec, n, c->capeff, "_CAP_EFFECTIVE"); /* Read from /proc/.../status */
1066 IOVEC_ADD_SIZED_FIELD(iovec, n, c->label, c->label_size, "_SELINUX_CONTEXT");
22e3a02b
LP		 1067 IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->auditid, uint32_t, audit_session_is_valid, "%" PRIu32, "_AUDIT_SESSION");
1068 IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->loginuid, uid_t, uid_is_valid, UID_FMT, "_AUDIT_LOGINUID");
d025f1e4 1069
084eeb86 1070 IOVEC_ADD_STRING_FIELD(iovec, n, c->cgroup, "_SYSTEMD_CGROUP"); /* A path */
22e3a02b
LP		 1071 IOVEC_ADD_STRING_FIELD(iovec, n, c->session, "_SYSTEMD_SESSION");
1072 IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->owner_uid, uid_t, uid_is_valid, UID_FMT, "_SYSTEMD_OWNER_UID");
084eeb86 1073 IOVEC_ADD_STRING_FIELD(iovec, n, c->unit, "_SYSTEMD_UNIT"); /* Unit names are bounded by UNIT_NAME_MAX */
22e3a02b
LP		 1074 IOVEC_ADD_STRING_FIELD(iovec, n, c->user_unit, "_SYSTEMD_USER_UNIT");
1075 IOVEC_ADD_STRING_FIELD(iovec, n, c->slice, "_SYSTEMD_SLICE");
1076 IOVEC_ADD_STRING_FIELD(iovec, n, c->user_slice, "_SYSTEMD_USER_SLICE");
e7ff4e7f 1077
22e3a02b 1078 IOVEC_ADD_ID128_FIELD(iovec, n, c->invocation_id, "_SYSTEMD_INVOCATION_ID");
d3070fbd
LP		 1079
1080 if (c->extra_fields_n_iovec > 0) {
1081 memcpy(iovec + n, c->extra_fields_iovec, c->extra_fields_n_iovec * sizeof(struct iovec));
1082 n += c->extra_fields_n_iovec;
1083 }
d025f1e4 1084 }
968f3196 1085
22e3a02b 1086 assert(n <= m);
968f3196 1087
22e3a02b 1088 if (pid_is_valid(object_pid) && client_context_get(s, object_pid, NULL, NULL, 0, NULL, &o) >= 0) {
968f3196 1089
22e3a02b
LP		 1090 IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->pid, pid_t, pid_is_valid, PID_FMT, "OBJECT_PID");
1091 IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->uid, uid_t, uid_is_valid, UID_FMT, "OBJECT_UID");
1092 IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->gid, gid_t, gid_is_valid, GID_FMT, "OBJECT_GID");
968f3196 1093
084eeb86 1094 /* See above for size limits, only ->cmdline may be large, so use a heap allocation for it. */
22e3a02b
LP		 1095 IOVEC_ADD_STRING_FIELD(iovec, n, o->comm, "OBJECT_COMM");
1096 IOVEC_ADD_STRING_FIELD(iovec, n, o->exe, "OBJECT_EXE");
084eeb86
ZJS		 1097 if (o->cmdline)
1098 cmdline2 = set_iovec_string_field(iovec, &n, "OBJECT_CMDLINE=", o->cmdline);
968f3196 1099
084eeb86 1100 IOVEC_ADD_STRING_FIELD(iovec, n, o->capeff, "OBJECT_CAP_EFFECTIVE");
22e3a02b 1101 IOVEC_ADD_SIZED_FIELD(iovec, n, o->label, o->label_size, "OBJECT_SELINUX_CONTEXT");
22e3a02b
LP		 1102 IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->auditid, uint32_t, audit_session_is_valid, "%" PRIu32, "OBJECT_AUDIT_SESSION");
1103 IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->loginuid, uid_t, uid_is_valid, UID_FMT, "OBJECT_AUDIT_LOGINUID");
d473176a 1104
22e3a02b
LP		 1105 IOVEC_ADD_STRING_FIELD(iovec, n, o->cgroup, "OBJECT_SYSTEMD_CGROUP");
1106 IOVEC_ADD_STRING_FIELD(iovec, n, o->session, "OBJECT_SYSTEMD_SESSION");
1107 IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->owner_uid, uid_t, uid_is_valid, UID_FMT, "OBJECT_SYSTEMD_OWNER_UID");
1108 IOVEC_ADD_STRING_FIELD(iovec, n, o->unit, "OBJECT_SYSTEMD_UNIT");
1109 IOVEC_ADD_STRING_FIELD(iovec, n, o->user_unit, "OBJECT_SYSTEMD_USER_UNIT");
1110 IOVEC_ADD_STRING_FIELD(iovec, n, o->slice, "OBJECT_SYSTEMD_SLICE");
1111 IOVEC_ADD_STRING_FIELD(iovec, n, o->user_slice, "OBJECT_SYSTEMD_USER_SLICE");
d473176a 1112
22e3a02b 1113 IOVEC_ADD_ID128_FIELD(iovec, n, o->invocation_id, "OBJECT_SYSTEMD_INVOCATION_ID=");
968f3196 1114 }
22e3a02b 1115
968f3196 1116 assert(n <= m);
d025f1e4
ZJS		 1117
1118 if (tv) {
398a50cd 1119 sprintf(source_time, "_SOURCE_REALTIME_TIMESTAMP=" USEC_FMT, timeval_load(tv));
e6a7ec4b 1120 iovec[n++] = IOVEC_MAKE_STRING(source_time);
d025f1e4
ZJS		 1121 }
1122
1123 /* Note that strictly speaking storing the boot id here is
1124 * redundant since the entry includes this in-line
1125 * anyway. However, we need this indexed, too. */
0c24bb23 1126 if (!isempty(s->boot_id_field))
e6a7ec4b 1127 iovec[n++] = IOVEC_MAKE_STRING(s->boot_id_field);
d025f1e4 1128
0c24bb23 1129 if (!isempty(s->machine_id_field))
e6a7ec4b 1130 iovec[n++] = IOVEC_MAKE_STRING(s->machine_id_field);
d025f1e4 1131
0c24bb23 1132 if (!isempty(s->hostname_field))
e6a7ec4b 1133 iovec[n++] = IOVEC_MAKE_STRING(s->hostname_field);
d025f1e4 1134
b1852c48
LP		 1135 if (!isempty(s->namespace_field))
1136 iovec[n++] = IOVEC_MAKE_STRING(s->namespace_field);
1137
abd6faae 1138 iovec[n++] = in_initrd() ? IOVEC_MAKE_STRING("_RUNTIME_SCOPE=initrd") : IOVEC_MAKE_STRING("_RUNTIME_SCOPE=system");
d025f1e4
ZJS		 1139 assert(n <= m);
1140
22e3a02b
LP		 1141 if (s->split_mode == SPLIT_UID && c && uid_is_valid(c->uid))
1142 /* Split up strictly by (non-root) UID */
1143 journal_uid = c->uid;
1144 else if (s->split_mode == SPLIT_LOGIN && c && c->uid > 0 && uid_is_valid(c->owner_uid))
edc3797f
LP		 1145 /* Split up by login UIDs. We do this only if the
1146 * realuid is not root, in order not to accidentally
1147 * leak privileged information to the user that is
1148 * logged by a privileged process that is part of an
7517e174 1149 * unprivileged session. */
22e3a02b 1150 journal_uid = c->owner_uid;
da499392
KS		 1151 else
1152 journal_uid = 0;
759c945a 1153
9540782d 1154 server_write_to_journal(s, journal_uid, iovec, n, priority);
d025f1e4
ZJS		 1155}
1156
13181942 1157void server_driver_message(Server *s, pid_t object_pid, const char *message_id, const char *format, ...) {
22e3a02b 1158
d3070fbd
LP		 1159 struct iovec *iovec;
1160 size_t n = 0, k, m;
d025f1e4 1161 va_list ap;
22e3a02b 1162 int r;
d025f1e4
ZJS		 1163
1164 assert(s);
1165 assert(format);
1166
f643ae71 1167 m = N_IOVEC_META_FIELDS + 5 + N_IOVEC_PAYLOAD_FIELDS + client_context_extra_fields_n_iovec(s->my_context) + N_IOVEC_OBJECT_FIELDS;
d3070fbd
LP		 1168 iovec = newa(struct iovec, m);
1169
4850d39a 1170 assert_cc(3 == LOG_FAC(LOG_DAEMON));
e6a7ec4b
LP		 1171 iovec[n++] = IOVEC_MAKE_STRING("SYSLOG_FACILITY=3");
1172 iovec[n++] = IOVEC_MAKE_STRING("SYSLOG_IDENTIFIER=systemd-journald");
b6fa2555 1173
e6a7ec4b 1174 iovec[n++] = IOVEC_MAKE_STRING("_TRANSPORT=driver");
4850d39a 1175 assert_cc(6 == LOG_INFO);
e6a7ec4b 1176 iovec[n++] = IOVEC_MAKE_STRING("PRIORITY=6");
d025f1e4 1177
2b044526 1178 if (message_id)
e6a7ec4b 1179 iovec[n++] = IOVEC_MAKE_STRING(message_id);
d3070fbd 1180 k = n;
8a03c9ef
ZJS		 1181
1182 va_start(ap, format);
d3070fbd 1183 r = log_format_iovec(iovec, m, &n, false, 0, format, ap);
32917e33 1184 /* Error handling below */
8a03c9ef
ZJS		 1185 va_end(ap);
1186
32917e33 1187 if (r >= 0)
9540782d 1188 server_dispatch_message_real(s, iovec, n, m, s->my_context, /* tv= */ NULL, LOG_INFO, object_pid);
8a03c9ef 1189
d3070fbd
LP		 1190 while (k < n)
1191 free(iovec[k++].iov_base);
32917e33
ZJS		 1192
1193 if (r < 0) {
1194 /* We failed to format the message. Emit a warning instead. */
1195 char buf[LINE_MAX];
1196
38553034
ZJS		 1197 errno = -r;
1198 xsprintf(buf, "MESSAGE=Entry printing failed: %m");
32917e33
ZJS		 1199
1200 n = 3;
e6a7ec4b
LP		 1201 iovec[n++] = IOVEC_MAKE_STRING("PRIORITY=4");
1202 iovec[n++] = IOVEC_MAKE_STRING(buf);
9540782d 1203 server_dispatch_message_real(s, iovec, n, m, s->my_context, /* tv= */ NULL, LOG_INFO, object_pid);
32917e33 1204 }
d025f1e4
ZJS		 1205}
1206
1207void server_dispatch_message(
1208 Server *s,
d3070fbd 1209 struct iovec *iovec, size_t n, size_t m,
22e3a02b 1210 ClientContext *c,
3b3154df 1211 const struct timeval *tv,
968f3196
ZJS		 1212 int priority,
1213 pid_t object_pid) {
d025f1e4 1214
8580d1f7 1215 uint64_t available = 0;
22e3a02b 1216 int rl;
d025f1e4
ZJS		 1217
1218 assert(s);
1219 assert(iovec || n == 0);
1220
1221 if (n == 0)
1222 return;
1223
1224 if (LOG_PRI(priority) > s->max_level_store)
1225 return;
1226
2f5df74a
HHPF		 1227 /* Stop early in case the information will not be stored
1228 * in a journal. */
1229 if (s->storage == STORAGE_NONE)
1230 return;
1231
22e3a02b 1232 if (c && c->unit) {
9540782d 1233 (void) server_determine_space(s, &available, /* limit= */ NULL);
d025f1e4 1234
5ac1530e 1235 rl = journal_ratelimit_test(s->ratelimit, c->unit, c->log_ratelimit_interval, c->log_ratelimit_burst, priority & LOG_PRIMASK, available);
22e3a02b
LP		 1236 if (rl == 0)
1237 return;
d025f1e4 1238
22e3a02b
LP		 1239 /* Write a suppression message if we suppressed something */
1240 if (rl > 1)
13181942
LP		 1241 server_driver_message(s, c->pid,
1242 "MESSAGE_ID=" SD_MESSAGE_JOURNAL_DROPPED_STR,
1243 LOG_MESSAGE("Suppressed %i messages from %s", rl - 1, c->unit),
5908ff1c 1244 "N_DROPPED=%i", rl - 1,
22e3a02b 1245 NULL);
d025f1e4
ZJS		 1246 }
1247
9540782d 1248 server_dispatch_message_real(s, iovec, n, m, c, tv, priority, object_pid);
d025f1e4
ZJS		 1249}
1250
f78273c8 1251int server_flush_to_var(Server *s, bool require_flag_file) {
b1852c48
LP		 1252 sd_journal *j = NULL;
1253 const char *fn;
fbb63411 1254 unsigned n = 0;
b1852c48 1255 usec_t start;
b4e26d1d 1256 int r, k;
d025f1e4
ZJS		 1257
1258 assert(s);
1259
f78273c8 1260 if (!IN_SET(s->storage, STORAGE_AUTO, STORAGE_PERSISTENT))
d025f1e4
ZJS		 1261 return 0;
1262
b1852c48
LP		 1263 if (s->namespace) /* Flushing concept does not exist for namespace instances */
1264 return 0;
1265
1266 if (!s->runtime_journal) /* Nothing to flush? */
d025f1e4
ZJS		 1267 return 0;
1268
9540782d 1269 if (require_flag_file && !server_flushed_flag_is_set(s))
f78273c8
LP		 1270 return 0;
1271
9540782d 1272 (void) server_system_journal_open(s, /* flush_requested=*/ true, /* relinquish_requested= */ false);
d025f1e4
ZJS		 1273
1274 if (!s->system_journal)
1275 return 0;
1276
f9fbac8b 1277 log_debug("Flushing to %s...", s->system_storage.path);
d025f1e4 1278
fbb63411
LP		 1279 start = now(CLOCK_MONOTONIC);
1280
d025f1e4 1281 r = sd_journal_open(&j, SD_JOURNAL_RUNTIME_ONLY);
23bbb0de 1282 if (r < 0)
d9799ea2 1283 return log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT,
8522691d 1284 "Failed to read runtime journal: %m");
d025f1e4 1285
93b73b06
LP		 1286 sd_journal_set_data_threshold(j, 0);
1287
d025f1e4
ZJS		 1288 SD_JOURNAL_FOREACH(j) {
1289 Object *o = NULL;
1290 JournalFile *f;
1291
1292 f = j->current_file;
1293 assert(f && f->current_offset > 0);
1294
fbb63411
LP		 1295 n++;
1296
d025f1e4
ZJS		 1297 r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
1298 if (r < 0) {
d9799ea2 1299 log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT, "Can't read entry: %m");
d025f1e4
ZJS		 1300 goto finish;
1301 }
1302
e5d60d1b
LP		 1303 r = journal_file_copy_entry(
1304 f,
45c0ecba 1305 s->system_journal,
e5d60d1b
LP		 1306 o,
1307 f->current_offset,
1308 &s->seqnum->seqnum,
1309 &s->seqnum->id);
d025f1e4
ZJS		 1310 if (r >= 0)
1311 continue;
1312
45c0ecba 1313 if (!shall_try_append_again(s->system_journal, r)) {
d9799ea2 1314 log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT, "Can't write entry: %m");
d025f1e4
ZJS		 1315 goto finish;
1316 }
1317
d9799ea2 1318 log_ratelimit_info(JOURNAL_LOG_RATELIMIT, "Rotating system journal.");
b2b7cf1d 1319
d025f1e4 1320 server_rotate(s);
3a19f215 1321 server_vacuum(s, false);
d025f1e4 1322
253f59df 1323 if (!s->system_journal) {
d9799ea2 1324 log_ratelimit_notice(JOURNAL_LOG_RATELIMIT,
8522691d 1325 "Didn't flush runtime journal since rotation of system journal wasn't successful.");
253f59df
LP		 1326 r = -EIO;
1327 goto finish;
1328 }
1329
f9fbac8b 1330 log_debug("Retrying write.");
e5d60d1b
LP		 1331 r = journal_file_copy_entry(
1332 f,
45c0ecba 1333 s->system_journal,
e5d60d1b
LP		 1334 o,
1335 f->current_offset,
1336 &s->seqnum->seqnum,
1337 &s->seqnum->id);
d025f1e4 1338 if (r < 0) {
d9799ea2 1339 log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT, "Can't write entry: %m");
d025f1e4
ZJS		 1340 goto finish;
1341 }
1342 }
1343
804ae586
LP		 1344 r = 0;
1345
d025f1e4 1346finish:
fd790d6f 1347 if (s->system_journal)
45c0ecba 1348 journal_file_post_change(s->system_journal);
d025f1e4 1349
45c0ecba 1350 s->runtime_journal = journal_file_offline_close(s->runtime_journal);
d025f1e4
ZJS		 1351
1352 if (r >= 0)
b1852c48 1353 (void) rm_rf(s->runtime_storage.path, REMOVE_ROOT);
d025f1e4 1354
763c7aa2 1355 sd_journal_close(j);
d025f1e4 1356
13181942 1357 server_driver_message(s, 0, NULL,
b1852c48
LP		 1358 LOG_MESSAGE("Time spent on flushing to %s is %s for %u entries.",
1359 s->system_storage.path,
5291f26d 1360 FORMAT_TIMESPAN(usec_sub_unsigned(now(CLOCK_MONOTONIC), start), 0),
8a03c9ef
ZJS		 1361 n),
1362 NULL);
fbb63411 1363
b1852c48
LP		 1364 fn = strjoina(s->runtime_directory, "/flushed");
1365 k = touch(fn);
b4e26d1d 1366 if (k < 0)
d9799ea2 1367 log_ratelimit_warning_errno(k, JOURNAL_LOG_RATELIMIT,
8522691d 1368 "Failed to touch %s, ignoring: %m", fn);
b4e26d1d 1369
65c398c0 1370 server_refresh_idle_timer(s);
d025f1e4
ZJS		 1371 return r;
1372}
1373
b4e26d1d 1374static int server_relinquish_var(Server *s) {
b1852c48 1375 const char *fn;
b4e26d1d
LP		 1376 assert(s);
1377
1378 if (s->storage == STORAGE_NONE)
1379 return 0;
1380
b1852c48
LP		 1381 if (s->namespace) /* Concept does not exist for namespaced instances */
1382 return -EOPNOTSUPP;
1383
b4e26d1d
LP		 1384 if (s->runtime_journal && !s->system_journal)
1385 return 0;
1386
f9fbac8b 1387 log_debug("Relinquishing %s...", s->system_storage.path);
b4e26d1d 1388
9540782d 1389 (void) server_system_journal_open(s, /* flush_requested */ false, /* relinquish_requested=*/ true);
b4e26d1d 1390
45c0ecba
YW		 1391 s->system_journal = journal_file_offline_close(s->system_journal);
1392 ordered_hashmap_clear_with_destructor(s->user_journals, journal_file_offline_close);
1393 set_clear_with_destructor(s->deferred_closes, journal_file_offline_close);
b4e26d1d 1394
b1852c48
LP		 1395 fn = strjoina(s->runtime_directory, "/flushed");
1396 if (unlink(fn) < 0 && errno != ENOENT)
d9799ea2 1397 log_ratelimit_warning_errno(errno, JOURNAL_LOG_RATELIMIT,
8522691d 1398 "Failed to unlink %s, ignoring: %m", fn);
b4e26d1d 1399
65c398c0 1400 server_refresh_idle_timer(s);
b4e26d1d
LP		 1401 return 0;
1402}
1403
65c398c0
LP		 1404int server_process_datagram(
1405 sd_event_source *es,
1406 int fd,
1407 uint32_t revents,
1408 void *userdata) {
1409
319a4f4b 1410 size_t label_len = 0, m;
99534007 1411 Server *s = ASSERT_PTR(userdata);
a315ac4e 1412 struct ucred *ucred = NULL;
789f5c6f 1413 struct timeval tv_buf, *tv = NULL;
a315ac4e
LP		 1414 struct cmsghdr *cmsg;
1415 char *label = NULL;
a315ac4e
LP		 1416 struct iovec iovec;
1417 ssize_t n;
1418 int *fds = NULL, v = 0;
da6053d0 1419 size_t n_fds = 0;
a315ac4e 1420
fb29cdbe
LP		 1421 /* We use NAME_MAX space for the SELinux label here. The kernel currently enforces no limit, but
1422 * according to suggestions from the SELinux people this will change and it will probably be
1423 * identical to NAME_MAX. For now we use that, but this should be updated one day when the final
f782eee6
YW		 1424 * limit is known.
1425 *
1426 * Here, we need to explicitly initialize the buffer with zero, as glibc has a bug in
1427 * __convert_scm_timestamps(), which assumes the buffer is initialized. See #20741. */
fb29cdbe 1428 CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct ucred)) +
9365e296 1429 CMSG_SPACE_TIMEVAL +
fb29cdbe 1430 CMSG_SPACE(sizeof(int)) + /* fd */
f782eee6 1431 CMSG_SPACE(NAME_MAX) /* selinux label */) control = {};
a315ac4e
LP		 1432
1433 union sockaddr_union sa = {};
1434
1435 struct msghdr msghdr = {
1436 .msg_iov = &iovec,
1437 .msg_iovlen = 1,
1438 .msg_control = &control,
1439 .msg_controllen = sizeof(control),
1440 .msg_name = &sa,
1441 .msg_namelen = sizeof(sa),
1442 };
f9a810be 1443
875c2e22 1444 assert(fd == s->native_fd || fd == s->syslog_fd || fd == s->audit_fd);
f9a810be 1445
baaa35ad
ZJS		 1446 if (revents != EPOLLIN)
1447 return log_error_errno(SYNTHETIC_ERRNO(EIO),
1448 "Got invalid event from epoll for datagram fd: %" PRIx32,
1449 revents);
f9a810be 1450
22e3a02b
LP		 1451 /* Try to get the right size, if we can. (Not all sockets support SIOCINQ, hence we just try, but don't rely on
1452 * it.) */
a315ac4e 1453 (void) ioctl(fd, SIOCINQ, &v);
d025f1e4 1454
a315ac4e
LP		 1455 /* Fix it up, if it is too small. We use the same fixed value as auditd here. Awful! */
1456 m = PAGE_ALIGN(MAX3((size_t) v + 1,
1457 (size_t) LINE_MAX,
1458 ALIGN(sizeof(struct nlmsghdr)) + ALIGN((size_t) MAX_AUDIT_MESSAGE_LENGTH)) + 1);
d025f1e4 1459
319a4f4b 1460 if (!GREEDY_REALLOC(s->buffer, m))
a315ac4e 1461 return log_oom();
875c2e22 1462
319a4f4b 1463 iovec = IOVEC_MAKE(s->buffer, MALLOC_ELEMENTSOF(s->buffer) - 1); /* Leave room for trailing NUL we add later */
d025f1e4 1464
3691bcf3 1465 n = recvmsg_safe(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
8add30a0
YW		 1466 if (n < 0) {
1467 if (ERRNO_IS_TRANSIENT(n))
1468 return 0;
1469 if (n == -EXFULL) {
d9799ea2 1470 log_ratelimit_warning(JOURNAL_LOG_RATELIMIT,
8522691d 1471 "Got message with truncated control data (too many fds sent?), ignoring.");
8add30a0
YW		 1472 return 0;
1473 }
d9799ea2 1474 return log_ratelimit_error_errno(n, JOURNAL_LOG_RATELIMIT, "recvmsg() failed: %m");
8add30a0 1475 }
875c2e22 1476
bc2762a3 1477 CMSG_FOREACH(cmsg, &msghdr)
a315ac4e
LP		 1478 if (cmsg->cmsg_level == SOL_SOCKET &&
1479 cmsg->cmsg_type == SCM_CREDENTIALS &&
3691bcf3
LP		 1480 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
1481 assert(!ucred);
b1d02191 1482 ucred = CMSG_TYPED_DATA(cmsg, struct ucred);
3691bcf3 1483 } else if (cmsg->cmsg_level == SOL_SOCKET &&
a315ac4e 1484 cmsg->cmsg_type == SCM_SECURITY) {
3691bcf3 1485 assert(!label);
b1d02191 1486 label = CMSG_TYPED_DATA(cmsg, char);
a315ac4e
LP		 1487 label_len = cmsg->cmsg_len - CMSG_LEN(0);
1488 } else if (cmsg->cmsg_level == SOL_SOCKET &&
789f5c6f 1489 cmsg->cmsg_type == SCM_TIMESTAMP &&
3691bcf3
LP		 1490 cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval))) {
1491 assert(!tv);
789f5c6f 1492 tv = memcpy(&tv_buf, CMSG_DATA(cmsg), sizeof(struct timeval));
3691bcf3 1493 } else if (cmsg->cmsg_level == SOL_SOCKET &&
a315ac4e 1494 cmsg->cmsg_type == SCM_RIGHTS) {
3691bcf3 1495 assert(!fds);
b1d02191 1496 fds = CMSG_TYPED_DATA(cmsg, int);
a315ac4e 1497 n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
d025f1e4
ZJS		 1498 }
1499
a315ac4e
LP		 1500 /* And a trailing NUL, just in case */
1501 s->buffer[n] = 0;
1502
1503 if (fd == s->syslog_fd) {
1504 if (n > 0 && n_fds == 0)
bb3ff70a 1505 server_process_syslog_message(s, s->buffer, n, ucred, tv, label, label_len);
a315ac4e 1506 else if (n_fds > 0)
d9799ea2 1507 log_ratelimit_warning(JOURNAL_LOG_RATELIMIT,
8522691d 1508 "Got file descriptors via syslog socket. Ignoring.");
a315ac4e
LP		 1509
1510 } else if (fd == s->native_fd) {
1511 if (n > 0 && n_fds == 0)
1512 server_process_native_message(s, s->buffer, n, ucred, tv, label, label_len);
1513 else if (n == 0 && n_fds == 1)
1514 server_process_native_file(s, fds[0], ucred, tv, label, label_len);
1515 else if (n_fds > 0)
d9799ea2 1516 log_ratelimit_warning(JOURNAL_LOG_RATELIMIT,
8522691d 1517 "Got too many file descriptors via native socket. Ignoring.");
a315ac4e
LP		 1518
1519 } else {
1520 assert(fd == s->audit_fd);
1521
1522 if (n > 0 && n_fds == 0)
1523 server_process_audit_message(s, s->buffer, n, ucred, &sa, msghdr.msg_namelen);
1524 else if (n_fds > 0)
d9799ea2 1525 log_ratelimit_warning(JOURNAL_LOG_RATELIMIT,
8522691d 1526 "Got file descriptors via audit socket. Ignoring.");
f9a810be 1527 }
a315ac4e
LP		 1528
1529 close_many(fds, n_fds);
65c398c0
LP		 1530
1531 server_refresh_idle_timer(s);
a315ac4e 1532 return 0;
f9a810be 1533}
d025f1e4 1534
1ec23479 1535static void server_full_flush(Server *s) {
f9a810be 1536 assert(s);
d025f1e4 1537
f78273c8 1538 (void) server_flush_to_var(s, false);
f9a810be 1539 server_sync(s);
3a19f215 1540 server_vacuum(s, false);
d025f1e4 1541
18e758bf 1542 server_space_usage_message(s, NULL);
65c398c0
LP		 1543
1544 server_refresh_idle_timer(s);
f9a810be 1545}
d025f1e4 1546
1ec23479 1547static int dispatch_sigusr1(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
99534007 1548 Server *s = ASSERT_PTR(userdata);
1ec23479 1549
b1852c48 1550 if (s->namespace) {
c0f86d66 1551 log_error("Received SIGUSR1 signal from PID %u, but flushing runtime journals not supported for namespaced instances.", si->ssi_pid);
b1852c48
LP		 1552 return 0;
1553 }
1554
c0f86d66 1555 log_info("Received SIGUSR1 signal from PID %u, as request to flush runtime journal.", si->ssi_pid);
1ec23479
LP		 1556 server_full_flush(s);
1557
1558 return 0;
1559}
1560
1561static void server_full_rotate(Server *s) {
b1852c48 1562 const char *fn;
33d52ab9 1563 int r;
d025f1e4 1564
f9a810be 1565 assert(s);
d025f1e4 1566
f9a810be 1567 server_rotate(s);
3a19f215
FB		 1568 server_vacuum(s, true);
1569
1570 if (s->system_journal)
1571 patch_min_use(&s->system_storage);
1572 if (s->runtime_journal)
1573 patch_min_use(&s->runtime_storage);
d025f1e4 1574
dbd6e31c 1575 /* Let clients know when the most recent rotation happened. */
b1852c48
LP		 1576 fn = strjoina(s->runtime_directory, "/rotated");
1577 r = write_timestamp_file_atomic(fn, now(CLOCK_MONOTONIC));
33d52ab9 1578 if (r < 0)
d9799ea2 1579 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
8522691d 1580 "Failed to write %s, ignoring: %m", fn);
1ec23479
LP		 1581}
1582
1583static int dispatch_sigusr2(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
99534007 1584 Server *s = ASSERT_PTR(userdata);
1ec23479 1585
c0f86d66 1586 log_info("Received SIGUSR2 signal from PID %u, as request to rotate journal, rotating.", si->ssi_pid);
1ec23479 1587 server_full_rotate(s);
dbd6e31c 1588
f9a810be
LP		 1589 return 0;
1590}
d025f1e4 1591
f9a810be 1592static int dispatch_sigterm(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
19252b25 1593 _cleanup_(sd_event_source_disable_unrefp) sd_event_source *news = NULL;
99534007 1594 Server *s = ASSERT_PTR(userdata);
19252b25 1595 int r;
d025f1e4 1596
4daf54a8 1597 log_received_signal(LOG_INFO, si);
d025f1e4 1598
2ab1fb77 1599 (void) sd_event_source_set_enabled(es, SD_EVENT_OFF); /* Make sure this handler is called at most once */
19252b25
LP		 1600
1601 /* So on one hand we want to ensure that SIGTERMs are definitely handled in appropriate, bounded
1602 * time. On the other hand we want that everything pending is first comprehensively processed and
1603 * written to disk. These goals are incompatible, hence we try to find a middle ground: we'll process
1604 * SIGTERM with high priority, but from the handler (this one right here) we'll install two new event
1605 * sources: one low priority idle one that will issue the exit once everything else is processed (and
1606 * which is hopefully the regular, clean codepath); and one high priority timer that acts as safety
1607 * net: if our idle handler isn't run within 10s, we'll exit anyway.
1608 *
1609 * TLDR: we'll exit either when everything is processed, or after 10s max, depending on what happens
1610 * first.
1611 *
1612 * Note that exiting before the idle event is hit doesn't typically mean that we lose any data, as
1613 * messages will remain queued in the sockets they came in from, and thus can be processed when we
1614 * start up next – unless we are going down for the final system shutdown, in which case everything
1615 * is lost. */
1616
1617 r = sd_event_add_defer(s->event, &news, NULL, NULL); /* NULL handler means → exit when triggered */
1618 if (r < 0) {
1619 log_error_errno(r, "Failed to allocate exit idle event handler: %m");
1620 goto fail;
1621 }
1622
1623 (void) sd_event_source_set_description(news, "exit-idle");
1624
1625 /* Run everything relevant before this. */
1626 r = sd_event_source_set_priority(news, SD_EVENT_PRIORITY_NORMAL+20);
1627 if (r < 0) {
1628 log_error_errno(r, "Failed to adjust priority of exit idle event handler: %m");
1629 goto fail;
1630 }
1631
1632 /* Give up ownership, so that this event source is freed automatically when the event loop is freed. */
1633 r = sd_event_source_set_floating(news, true);
1634 if (r < 0) {
1635 log_error_errno(r, "Failed to make exit idle event handler floating: %m");
1636 goto fail;
1637 }
1638
1639 news = sd_event_source_unref(news);
1640
1641 r = sd_event_add_time_relative(s->event, &news, CLOCK_MONOTONIC, 10 * USEC_PER_SEC, 0, NULL, NULL);
1642 if (r < 0) {
1643 log_error_errno(r, "Failed to allocate exit timeout event handler: %m");
1644 goto fail;
1645 }
1646
1647 (void) sd_event_source_set_description(news, "exit-timeout");
1648
1649 r = sd_event_source_set_priority(news, SD_EVENT_PRIORITY_IMPORTANT-20); /* This is a safety net, with highest priority */
1650 if (r < 0) {
1651 log_error_errno(r, "Failed to adjust priority of exit timeout event handler: %m");
1652 goto fail;
1653 }
1654
1655 r = sd_event_source_set_floating(news, true);
1656 if (r < 0) {
1657 log_error_errno(r, "Failed to make exit timeout event handler floating: %m");
1658 goto fail;
1659 }
1660
1661 news = sd_event_source_unref(news);
1662
1663 log_debug("Exit event sources are now pending.");
1664 return 0;
1665
1666fail:
6203e07a 1667 sd_event_exit(s->event, 0);
d025f1e4
ZJS		 1668 return 0;
1669}
1670
1ec23479 1671static void server_full_sync(Server *s) {
b1852c48 1672 const char *fn;
33d52ab9 1673 int r;
94b65516
LP		 1674
1675 assert(s);
1676
94b65516
LP		 1677 server_sync(s);
1678
1679 /* Let clients know when the most recent sync happened. */
b1852c48
LP		 1680 fn = strjoina(s->runtime_directory, "/synced");
1681 r = write_timestamp_file_atomic(fn, now(CLOCK_MONOTONIC));
33d52ab9 1682 if (r < 0)
d9799ea2 1683 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
8522691d 1684 "Failed to write %s, ignoring: %m", fn);
94b65516 1685
1ec23479
LP		 1686 return;
1687}
1688
1689static int dispatch_sigrtmin1(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
99534007 1690 Server *s = ASSERT_PTR(userdata);
1ec23479 1691
c0f86d66 1692 log_debug("Received SIGRTMIN1 signal from PID %u, as request to sync.", si->ssi_pid);
1ec23479
LP		 1693 server_full_sync(s);
1694
94b65516
LP		 1695 return 0;
1696}
1697
9540782d 1698static int server_setup_signals(Server *s) {
f9a810be 1699 int r;
d025f1e4
ZJS		 1700
1701 assert(s);
1702
375c34d8 1703 assert_se(sigprocmask_many(SIG_SETMASK, NULL, SIGINT, SIGTERM, SIGUSR1, SIGUSR2, SIGRTMIN+1, SIGRTMIN+18, -1) >= 0);
d025f1e4 1704
151b9b96 1705 r = sd_event_add_signal(s->event, &s->sigusr1_event_source, SIGUSR1, dispatch_sigusr1, s);
f9a810be
LP		 1706 if (r < 0)
1707 return r;
1708
151b9b96 1709 r = sd_event_add_signal(s->event, &s->sigusr2_event_source, SIGUSR2, dispatch_sigusr2, s);
f9a810be
LP		 1710 if (r < 0)
1711 return r;
d025f1e4 1712
151b9b96 1713 r = sd_event_add_signal(s->event, &s->sigterm_event_source, SIGTERM, dispatch_sigterm, s);
f9a810be
LP		 1714 if (r < 0)
1715 return r;
d025f1e4 1716
19252b25
LP		 1717 /* Let's process SIGTERM early, so that we definitely react to it */
1718 r = sd_event_source_set_priority(s->sigterm_event_source, SD_EVENT_PRIORITY_IMPORTANT-10);
b374689c
LP		 1719 if (r < 0)
1720 return r;
1721
337fabf7
LP		 1722 /* When journald is invoked on the terminal (when debugging), it's useful if C-c is handled
1723 * equivalent to SIGTERM. */
151b9b96 1724 r = sd_event_add_signal(s->event, &s->sigint_event_source, SIGINT, dispatch_sigterm, s);
f9a810be
LP		 1725 if (r < 0)
1726 return r;
d025f1e4 1727
19252b25 1728 r = sd_event_source_set_priority(s->sigint_event_source, SD_EVENT_PRIORITY_IMPORTANT-10);
b374689c
LP		 1729 if (r < 0)
1730 return r;
1731
337fabf7
LP		 1732 /* SIGRTMIN+1 causes an immediate sync. We process this very late, so that everything else queued at
1733 * this point is really written to disk. Clients can watch /run/systemd/journal/synced with inotify
1734 * until its mtime changes to see when a sync happened. */
94b65516
LP		 1735 r = sd_event_add_signal(s->event, &s->sigrtmin1_event_source, SIGRTMIN+1, dispatch_sigrtmin1, s);
1736 if (r < 0)
1737 return r;
1738
1739 r = sd_event_source_set_priority(s->sigrtmin1_event_source, SD_EVENT_PRIORITY_NORMAL+15);
1740 if (r < 0)
1741 return r;
1742
375c34d8
LP		 1743 r = sd_event_add_signal(s->event, NULL, SIGRTMIN+18, sigrtmin18_handler, &s->sigrtmin18_info);
1744 if (r < 0)
1745 return r;
1746
d025f1e4
ZJS		 1747 return 0;
1748}
1749
5707ecf3 1750static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
99534007 1751 Server *s = ASSERT_PTR(data);
74df0fca 1752 int r;
d025f1e4 1753
1d84ad94
LP		 1754 if (proc_cmdline_key_streq(key, "systemd.journald.forward_to_syslog")) {
1755
5707ecf3 1756 r = value ? parse_boolean(value) : true;
d581d9d9 1757 if (r < 0)
5707ecf3
ZJS		 1758 log_warning("Failed to parse forward to syslog switch \"%s\". Ignoring.", value);
1759 else
1760 s->forward_to_syslog = r;
1d84ad94
LP		 1761
1762 } else if (proc_cmdline_key_streq(key, "systemd.journald.forward_to_kmsg")) {
1763
5707ecf3
ZJS		 1764 r = value ? parse_boolean(value) : true;
1765 if (r < 0)
1766 log_warning("Failed to parse forward to kmsg switch \"%s\". Ignoring.", value);
1767 else
1768 s->forward_to_kmsg = r;
1d84ad94
LP		 1769
1770 } else if (proc_cmdline_key_streq(key, "systemd.journald.forward_to_console")) {
1771
5707ecf3
ZJS		 1772 r = value ? parse_boolean(value) : true;
1773 if (r < 0)
1774 log_warning("Failed to parse forward to console switch \"%s\". Ignoring.", value);
1775 else
1776 s->forward_to_console = r;
1d84ad94
LP		 1777
1778 } else if (proc_cmdline_key_streq(key, "systemd.journald.forward_to_wall")) {
1779
5707ecf3
ZJS		 1780 r = value ? parse_boolean(value) : true;
1781 if (r < 0)
1782 log_warning("Failed to parse forward to wall switch \"%s\". Ignoring.", value);
1783 else
1784 s->forward_to_wall = r;
1d84ad94
LP		 1785
1786 } else if (proc_cmdline_key_streq(key, "systemd.journald.max_level_console")) {
1787
1788 if (proc_cmdline_value_missing(key, value))
1789 return 0;
1790
5707ecf3
ZJS		 1791 r = log_level_from_string(value);
1792 if (r < 0)
1793 log_warning("Failed to parse max level console value \"%s\". Ignoring.", value);
1794 else
1795 s->max_level_console = r;
1d84ad94
LP		 1796
1797 } else if (proc_cmdline_key_streq(key, "systemd.journald.max_level_store")) {
1798
1799 if (proc_cmdline_value_missing(key, value))
1800 return 0;
1801
5707ecf3
ZJS		 1802 r = log_level_from_string(value);
1803 if (r < 0)
1804 log_warning("Failed to parse max level store value \"%s\". Ignoring.", value);
1805 else
1806 s->max_level_store = r;
1d84ad94
LP		 1807
1808 } else if (proc_cmdline_key_streq(key, "systemd.journald.max_level_syslog")) {
1809
1810 if (proc_cmdline_value_missing(key, value))
1811 return 0;
1812
5707ecf3
ZJS		 1813 r = log_level_from_string(value);
1814 if (r < 0)
1815 log_warning("Failed to parse max level syslog value \"%s\". Ignoring.", value);
1816 else
1817 s->max_level_syslog = r;
1d84ad94
LP		 1818
1819 } else if (proc_cmdline_key_streq(key, "systemd.journald.max_level_kmsg")) {
1820
1821 if (proc_cmdline_value_missing(key, value))
1822 return 0;
1823
5707ecf3
ZJS		 1824 r = log_level_from_string(value);
1825 if (r < 0)
1826 log_warning("Failed to parse max level kmsg value \"%s\". Ignoring.", value);
1827 else
1828 s->max_level_kmsg = r;
1d84ad94
LP		 1829
1830 } else if (proc_cmdline_key_streq(key, "systemd.journald.max_level_wall")) {
1831
1832 if (proc_cmdline_value_missing(key, value))
1833 return 0;
1834
5707ecf3
ZJS		 1835 r = log_level_from_string(value);
1836 if (r < 0)
1837 log_warning("Failed to parse max level wall value \"%s\". Ignoring.", value);
1838 else
1839 s->max_level_wall = r;
1d84ad94 1840
5707ecf3
ZJS		 1841 } else if (startswith(key, "systemd.journald"))
1842 log_warning("Unknown journald kernel command line option \"%s\". Ignoring.", key);
d025f1e4 1843
804ae586 1844 /* do not warn about state here, since probably systemd already did */
db91ea32 1845 return 0;
d025f1e4
ZJS		 1846}
1847
1848static int server_parse_config_file(Server *s) {
07e0ffc8 1849 const char *conf_file = "journald.conf";
b1852c48 1850
d025f1e4
ZJS		 1851 assert(s);
1852
07e0ffc8
FB		 1853 if (s->namespace)
1854 conf_file = strjoina("journald@", s->namespace, ".conf");
b1852c48 1855
07e0ffc8
FB		 1856 return config_parse_config_file(conf_file, "Journal\0",
1857 config_item_perf_lookup, journald_gperf_lookup,
1858 CONFIG_PARSE_WARN, s);
d025f1e4
ZJS		 1859}
1860
f9a810be 1861static int server_dispatch_sync(sd_event_source *es, usec_t t, void *userdata) {
99534007 1862 Server *s = ASSERT_PTR(userdata);
26687bf8 1863
f9a810be 1864 server_sync(s);
26687bf8
OS		 1865 return 0;
1866}
1867
d07f7b9e 1868int server_schedule_sync(Server *s, int priority) {
26687bf8
OS		 1869 int r;
1870
26687bf8
OS		 1871 assert(s);
1872
d07f7b9e
LP		 1873 if (priority <= LOG_CRIT) {
1874 /* Immediately sync to disk when this is of priority CRIT, ALERT, EMERG */
1875 server_sync(s);
1876 return 0;
1877 }
1878
3197d778
YW		 1879 if (!s->event || sd_event_get_state(s->event) == SD_EVENT_FINISHED) {
1880 /* Shutting down the server? Let's sync immediately. */
1881 server_sync(s);
1882 return 0;
1883 }
1884
26687bf8
OS		 1885 if (s->sync_scheduled)
1886 return 0;
1887
f9a810be 1888 if (s->sync_interval_usec > 0) {
f9a810be
LP		 1889
1890 if (!s->sync_event_source) {
39cf0351 1891 r = sd_event_add_time_relative(
6a0f1f6d
LP		 1892 s->event,
1893 &s->sync_event_source,
1894 CLOCK_MONOTONIC,
39cf0351 1895 s->sync_interval_usec, 0,
6a0f1f6d 1896 server_dispatch_sync, s);
f9a810be
LP		 1897 if (r < 0)
1898 return r;
1899
1900 r = sd_event_source_set_priority(s->sync_event_source, SD_EVENT_PRIORITY_IMPORTANT);
1901 } else {
39cf0351 1902 r = sd_event_source_set_time_relative(s->sync_event_source, s->sync_interval_usec);
f9a810be
LP		 1903 if (r < 0)
1904 return r;
1905
1906 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_ONESHOT);
1907 }
26687bf8 1908 if (r < 0)
f9a810be 1909 return r;
26687bf8 1910
f9a810be
LP		 1911 s->sync_scheduled = true;
1912 }
26687bf8
OS		 1913
1914 return 0;
1915}
1916
0c24bb23 1917static int dispatch_hostname_change(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
99534007 1918 Server *s = ASSERT_PTR(userdata);
0c24bb23
LP		 1919
1920 server_cache_hostname(s);
1921 return 0;
1922}
1923
1924static int server_open_hostname(Server *s) {
1925 int r;
1926
1927 assert(s);
1928
db4a47e9
LP		 1929 s->hostname_fd = open("/proc/sys/kernel/hostname",
1930 O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
4a62c710
MS		 1931 if (s->hostname_fd < 0)
1932 return log_error_errno(errno, "Failed to open /proc/sys/kernel/hostname: %m");
0c24bb23 1933
151b9b96 1934 r = sd_event_add_io(s->event, &s->hostname_event_source, s->hostname_fd, 0, dispatch_hostname_change, s);
0c24bb23 1935 if (r < 0) {
28def94c
DR		 1936 /* kernels prior to 3.2 don't support polling this file. Ignore
1937 * the failure. */
1938 if (r == -EPERM) {
e53fc357 1939 log_warning_errno(r, "Failed to register hostname fd in event loop, ignoring: %m");
03e334a1 1940 s->hostname_fd = safe_close(s->hostname_fd);
28def94c
DR		 1941 return 0;
1942 }
1943
23bbb0de 1944 return log_error_errno(r, "Failed to register hostname fd in event loop: %m");
0c24bb23
LP		 1945 }
1946
1947 r = sd_event_source_set_priority(s->hostname_event_source, SD_EVENT_PRIORITY_IMPORTANT-10);
23bbb0de 1948 if (r < 0)
38b38500 1949 return log_error_errno(r, "Failed to adjust priority of hostname event source: %m");
0c24bb23
LP		 1950
1951 return 0;
1952}
1953
e22aa3d3 1954static int dispatch_notify_event(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
99534007 1955 Server *s = ASSERT_PTR(userdata);
e22aa3d3
LP		 1956 int r;
1957
e22aa3d3
LP		 1958 assert(s->notify_event_source == es);
1959 assert(s->notify_fd == fd);
1960
e22aa3d3 1961 /* The $NOTIFY_SOCKET is writable again, now send exactly one
dd835265 1962 * message on it. Either it's the watchdog event, the initial
119e9655
LP		 1963 * READY=1 event or an stdout stream event. If there's nothing
1964 * to write anymore, turn our event source off. The next time
1965 * there's something to send it will be turned on again. */
e22aa3d3
LP		 1966
1967 if (!s->sent_notify_ready) {
d7737416
ZJS		 1968 static const char p[] = "READY=1\n"
1969 "STATUS=Processing requests...";
e22aa3d3 1970
d7737416 1971 if (send(s->notify_fd, p, strlen(p), MSG_DONTWAIT) < 0) {
e22aa3d3
LP		 1972 if (errno == EAGAIN)
1973 return 0;
1974
1975 return log_error_errno(errno, "Failed to send READY=1 notification message: %m");
1976 }
1977
1978 s->sent_notify_ready = true;
1979 log_debug("Sent READY=1 notification.");
1980
119e9655 1981 } else if (s->send_watchdog) {
d7737416 1982 static const char p[] = "WATCHDOG=1";
119e9655 1983
d7737416 1984 if (send(s->notify_fd, p, strlen(p), MSG_DONTWAIT) < 0) {
119e9655
LP		 1985 if (errno == EAGAIN)
1986 return 0;
1987
1988 return log_error_errno(errno, "Failed to send WATCHDOG=1 notification message: %m");
1989 }
1990
1991 s->send_watchdog = false;
1992 log_debug("Sent WATCHDOG=1 notification.");
1993
e22aa3d3
LP		 1994 } else if (s->stdout_streams_notify_queue)
1995 /* Dispatch one stream notification event */
1996 stdout_stream_send_notify(s->stdout_streams_notify_queue);
1997
61233823 1998 /* Leave us enabled if there's still more to do. */
119e9655 1999 if (s->send_watchdog || s->stdout_streams_notify_queue)
e22aa3d3
LP		 2000 return 0;
2001
2002 /* There was nothing to do anymore, let's turn ourselves off. */
2003 r = sd_event_source_set_enabled(es, SD_EVENT_OFF);
2004 if (r < 0)
2005 return log_error_errno(r, "Failed to turn off notify event source: %m");
2006
2007 return 0;
2008}
2009
119e9655 2010static int dispatch_watchdog(sd_event_source *es, uint64_t usec, void *userdata) {
99534007 2011 Server *s = ASSERT_PTR(userdata);
119e9655
LP		 2012 int r;
2013
119e9655
LP		 2014 s->send_watchdog = true;
2015
2016 r = sd_event_source_set_enabled(s->notify_event_source, SD_EVENT_ON);
2017 if (r < 0)
2018 log_warning_errno(r, "Failed to turn on notify event source: %m");
2019
2020 r = sd_event_source_set_time(s->watchdog_event_source, usec + s->watchdog_usec / 2);
2021 if (r < 0)
2022 return log_error_errno(r, "Failed to restart watchdog event source: %m");
2023
2024 r = sd_event_source_set_enabled(s->watchdog_event_source, SD_EVENT_ON);
2025 if (r < 0)
2026 return log_error_errno(r, "Failed to enable watchdog event source: %m");
2027
2028 return 0;
2029}
2030
e22aa3d3 2031static int server_connect_notify(Server *s) {
f36a9d59
ZJS		 2032 union sockaddr_union sa;
2033 socklen_t sa_len;
e22aa3d3 2034 const char *e;
f36a9d59 2035 int r;
e22aa3d3
LP		 2036
2037 assert(s);
2038 assert(s->notify_fd < 0);
2039 assert(!s->notify_event_source);
2040
2041 /*
337fabf7
LP		 2042 * So here's the problem: we'd like to send notification messages to PID 1, but we cannot do that via
2043 * sd_notify(), since that's synchronous, and we might end up blocking on it. Specifically: given
2044 * that PID 1 might block on dbus-daemon during IPC, and dbus-daemon is logging to us, and might
2045 * hence block on us, we might end up in a deadlock if we block on sending PID 1 notification
2046 * messages — by generating a full blocking circle. To avoid this, let's create a non-blocking
2047 * socket, and connect it to the notification socket, and then wait for POLLOUT before we send
2048 * anything. This should efficiently avoid any deadlocks, as we'll never block on PID 1, hence PID 1
2049 * can safely block on dbus-daemon which can safely block on us again.
2050 *
2051 * Don't think that this issue is real? It is, see: https://github.com/systemd/systemd/issues/1505
2052 */
e22aa3d3
LP		 2053
2054 e = getenv("NOTIFY_SOCKET");
2055 if (!e)
2056 return 0;
2057
f36a9d59
ZJS		 2058 r = sockaddr_un_set_path(&sa.un, e);
2059 if (r < 0)
2060 return log_error_errno(r, "NOTIFY_SOCKET set to invalid value '%s': %m", e);
2061 sa_len = r;
e22aa3d3
LP		 2062
2063 s->notify_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
2064 if (s->notify_fd < 0)
2065 return log_error_errno(errno, "Failed to create notify socket: %m");
2066
2067 (void) fd_inc_sndbuf(s->notify_fd, NOTIFY_SNDBUF_SIZE);
2068
f36a9d59 2069 r = connect(s->notify_fd, &sa.sa, sa_len);
e22aa3d3
LP		 2070 if (r < 0)
2071 return log_error_errno(errno, "Failed to connect to notify socket: %m");
2072
2073 r = sd_event_add_io(s->event, &s->notify_event_source, s->notify_fd, EPOLLOUT, dispatch_notify_event, s);
2074 if (r < 0)
2075 return log_error_errno(r, "Failed to watch notification socket: %m");
2076
119e9655
LP		 2077 if (sd_watchdog_enabled(false, &s->watchdog_usec) > 0) {
2078 s->send_watchdog = true;
2079
39cf0351 2080 r = sd_event_add_time_relative(s->event, &s->watchdog_event_source, CLOCK_MONOTONIC, s->watchdog_usec/2, s->watchdog_usec/4, dispatch_watchdog, s);
119e9655
LP		 2081 if (r < 0)
2082 return log_error_errno(r, "Failed to add watchdog time event: %m");
2083 }
2084
337fabf7 2085 /* This should fire pretty soon, which we'll use to send the READY=1 event. */
e22aa3d3
LP		 2086
2087 return 0;
2088}
2089
4f413af2 2090static int synchronize_second_half(sd_event_source *event_source, void *userdata) {
99534007 2091 Varlink *link = ASSERT_PTR(userdata);
4f413af2
LP		 2092 Server *s;
2093 int r;
2094
4f413af2
LP		 2095 assert_se(s = varlink_get_userdata(link));
2096
2097 /* This is the "second half" of the Synchronize() varlink method. This function is called as deferred
2098 * event source at a low priority to ensure the synchronization completes after all queued log
2099 * messages are processed. */
2100 server_full_sync(s);
2101
2102 /* Let's get rid of the event source now, by marking it as non-floating again. It then has no ref
2103 * anymore and is immediately destroyed after we return from this function, i.e. from this event
2104 * source handler at the end. */
2105 r = sd_event_source_set_floating(event_source, false);
2106 if (r < 0)
2107 return log_error_errno(r, "Failed to mark event source as non-floating: %m");
2108
2109 return varlink_reply(link, NULL);
2110}
2111
2112static void synchronize_destroy(void *userdata) {
2113 varlink_unref(userdata);
2114}
2115
1ec23479 2116static int vl_method_synchronize(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) {
4f413af2 2117 _cleanup_(sd_event_source_unrefp) sd_event_source *event_source = NULL;
99534007 2118 Server *s = ASSERT_PTR(userdata);
4f413af2 2119 int r;
1ec23479
LP		 2120
2121 assert(link);
1ec23479
LP		 2122
2123 if (json_variant_elements(parameters) > 0)
2124 return varlink_error_invalid_parameter(link, parameters);
2125
01aa5997 2126 log_info("Received client request to sync journal.");
1ec23479 2127
4f413af2
LP		 2128 /* We don't do the main work now, but instead enqueue a deferred event loop job which will do
2129 * it. That job is scheduled at low priority, so that we return from this method call only after all
2130 * queued but not processed log messages are written to disk, so that this method call returning can
2131 * be used as nice synchronization point. */
2132 r = sd_event_add_defer(s->event, &event_source, synchronize_second_half, link);
2133 if (r < 0)
2134 return log_error_errno(r, "Failed to allocate defer event source: %m");
2135
2136 r = sd_event_source_set_destroy_callback(event_source, synchronize_destroy);
2137 if (r < 0)
2138 return log_error_errno(r, "Failed to set event source destroy callback: %m");
2139
162392b7 2140 varlink_ref(link); /* The varlink object is now left to the destroy callback to unref */
4f413af2
LP		 2141
2142 r = sd_event_source_set_priority(event_source, SD_EVENT_PRIORITY_NORMAL+15);
2143 if (r < 0)
2144 return log_error_errno(r, "Failed to set defer event source priority: %m");
2145
2146 /* Give up ownership of this event source. It will now be destroyed along with event loop itself,
2147 * unless it destroys itself earlier. */
2148 r = sd_event_source_set_floating(event_source, true);
2149 if (r < 0)
2150 return log_error_errno(r, "Failed to mark event source as floating: %m");
2151
2152 (void) sd_event_source_set_description(event_source, "deferred-sync");
2153
2154 return 0;
1ec23479
LP		 2155}
2156
2157static int vl_method_rotate(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) {
99534007 2158 Server *s = ASSERT_PTR(userdata);
1ec23479
LP		 2159
2160 assert(link);
1ec23479
LP		 2161
2162 if (json_variant_elements(parameters) > 0)
2163 return varlink_error_invalid_parameter(link, parameters);
2164
b2b7cf1d 2165 log_info("Received client request to rotate journal, rotating.");
1ec23479
LP		 2166 server_full_rotate(s);
2167
2168 return varlink_reply(link, NULL);
2169}
2170
2171static int vl_method_flush_to_var(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) {
99534007 2172 Server *s = ASSERT_PTR(userdata);
1ec23479
LP		 2173
2174 assert(link);
1ec23479
LP		 2175
2176 if (json_variant_elements(parameters) > 0)
2177 return varlink_error_invalid_parameter(link, parameters);
b1852c48
LP		 2178 if (s->namespace)
2179 return varlink_error(link, "io.systemd.Journal.NotSupportedByNamespaces", NULL);
1ec23479
LP		 2180
2181 log_info("Received client request to flush runtime journal.");
2182 server_full_flush(s);
2183
2184 return varlink_reply(link, NULL);
2185}
2186
b4e26d1d 2187static int vl_method_relinquish_var(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) {
99534007 2188 Server *s = ASSERT_PTR(userdata);
b4e26d1d
LP		 2189
2190 assert(link);
b4e26d1d
LP		 2191
2192 if (json_variant_elements(parameters) > 0)
2193 return varlink_error_invalid_parameter(link, parameters);
b1852c48
LP		 2194 if (s->namespace)
2195 return varlink_error(link, "io.systemd.Journal.NotSupportedByNamespaces", NULL);
b4e26d1d 2196
b1852c48 2197 log_info("Received client request to relinquish %s access.", s->system_storage.path);
b4e26d1d
LP		 2198 server_relinquish_var(s);
2199
2200 return varlink_reply(link, NULL);
2201}
2202
65c398c0 2203static int vl_connect(VarlinkServer *server, Varlink *link, void *userdata) {
99534007 2204 Server *s = ASSERT_PTR(userdata);
65c398c0
LP		 2205
2206 assert(server);
2207 assert(link);
65c398c0
LP		 2208
2209 (void) server_start_or_stop_idle_timer(s); /* maybe we are no longer idle */
2210
2211 return 0;
2212}
2213
2214static void vl_disconnect(VarlinkServer *server, Varlink *link, void *userdata) {
99534007 2215 Server *s = ASSERT_PTR(userdata);
65c398c0
LP		 2216
2217 assert(server);
2218 assert(link);
65c398c0
LP		 2219
2220 (void) server_start_or_stop_idle_timer(s); /* maybe we are idle now */
2221}
2222
dc5437c7 2223static int server_open_varlink(Server *s, const char *socket, int fd) {
1ec23479
LP		 2224 int r;
2225
2226 assert(s);
2227
9807fdc1 2228 r = varlink_server_new(&s->varlink_server, VARLINK_SERVER_ROOT_ONLY|VARLINK_SERVER_INHERIT_USERDATA);
1ec23479
LP		 2229 if (r < 0)
2230 return r;
2231
2232 varlink_server_set_userdata(s->varlink_server, s);
2233
abef4a7b
LP		 2234 r = varlink_server_add_interface(s->varlink_server, &vl_interface_io_systemd_Journal);
2235 if (r < 0)
2236 return log_error_errno(r, "Failed to add Journal interface to varlink server: %m");
2237
1ec23479
LP		 2238 r = varlink_server_bind_method_many(
2239 s->varlink_server,
b4e26d1d
LP		 2240 "io.systemd.Journal.Synchronize", vl_method_synchronize,
2241 "io.systemd.Journal.Rotate", vl_method_rotate,
2242 "io.systemd.Journal.FlushToVar", vl_method_flush_to_var,
2243 "io.systemd.Journal.RelinquishVar", vl_method_relinquish_var);
1ec23479
LP		 2244 if (r < 0)
2245 return r;
2246
65c398c0
LP		 2247 r = varlink_server_bind_connect(s->varlink_server, vl_connect);
2248 if (r < 0)
2249 return r;
2250
2251 r = varlink_server_bind_disconnect(s->varlink_server, vl_disconnect);
2252 if (r < 0)
2253 return r;
2254
dc5437c7
LP		 2255 if (fd < 0)
2256 r = varlink_server_listen_address(s->varlink_server, socket, 0600);
2257 else
2258 r = varlink_server_listen_fd(s->varlink_server, fd);
1ec23479
LP		 2259 if (r < 0)
2260 return r;
2261
2262 r = varlink_server_attach_event(s->varlink_server, s->event, SD_EVENT_PRIORITY_NORMAL);
2263 if (r < 0)
2264 return r;
2265
2266 return 0;
2267}
2268
e5d60d1b
LP		 2269int server_map_seqnum_file(
2270 Server *s,
2271 const char *fname,
2272 size_t size,
2273 void **ret) {
2274
2275 _cleanup_free_ char *fn = NULL;
2276 _cleanup_close_ int fd = -EBADF;
2277 uint64_t *p;
2278 int r;
2279
2280 assert(s);
2281 assert(fname);
2282 assert(size > 0);
2283 assert(ret);
2284
2285 fn = path_join(s->runtime_directory, fname);
2286 if (!fn)
2287 return -ENOMEM;
2288
2289 fd = open(fn, O_RDWR|O_CREAT|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0644);
2290 if (fd < 0)
2291 return -errno;
2292
2293 r = posix_fallocate_loop(fd, 0, size);
2294 if (r < 0)
2295 return r;
2296
2297 p = mmap(NULL, size, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
2298 if (p == MAP_FAILED)
2299 return -errno;
2300
2301 *ret = p;
2302 return 0;
2303}
2304
2305void server_unmap_seqnum_file(void *p, size_t size) {
2306 assert(size > 0);
2307
2308 if (!p)
2309 return;
2310
2311 assert_se(munmap(p, size) >= 0);
2312}
2313
65c398c0
LP		 2314static bool server_is_idle(Server *s) {
2315 assert(s);
2316
2317 /* The server for the main namespace is never idle */
2318 if (!s->namespace)
2319 return false;
2320
2321 /* If a retention maximum is set larger than the idle time we need to be running to enforce it, hence
2322 * turn off the idle logic. */
2323 if (s->max_retention_usec > IDLE_TIMEOUT_USEC)
2324 return false;
2325
2326 /* We aren't idle if we have a varlink client */
2327 if (varlink_server_current_connections(s->varlink_server) > 0)
2328 return false;
2329
2330 /* If we have stdout streams we aren't idle */
2331 if (s->n_stdout_streams > 0)
2332 return false;
2333
2334 return true;
2335}
2336
2337static int server_idle_handler(sd_event_source *source, uint64_t usec, void *userdata) {
99534007 2338 Server *s = ASSERT_PTR(userdata);
65c398c0
LP		 2339
2340 assert(source);
65c398c0
LP		 2341
2342 log_debug("Server is idle, exiting.");
2343 sd_event_exit(s->event, 0);
2344 return 0;
2345}
2346
2347int server_start_or_stop_idle_timer(Server *s) {
2348 _cleanup_(sd_event_source_unrefp) sd_event_source *source = NULL;
65c398c0
LP		 2349 int r;
2350
2351 assert(s);
2352
2353 if (!server_is_idle(s)) {
2354 s->idle_event_source = sd_event_source_disable_unref(s->idle_event_source);
2355 return 0;
2356 }
2357
2358 if (s->idle_event_source)
2359 return 1;
2360
39cf0351 2361 r = sd_event_add_time_relative(s->event, &source, CLOCK_MONOTONIC, IDLE_TIMEOUT_USEC, 0, server_idle_handler, s);
65c398c0
LP		 2362 if (r < 0)
2363 return log_error_errno(r, "Failed to allocate idle timer: %m");
2364
2365 r = sd_event_source_set_priority(source, SD_EVENT_PRIORITY_IDLE);
2366 if (r < 0)
2367 return log_error_errno(r, "Failed to set idle timer priority: %m");
2368
2369 (void) sd_event_source_set_description(source, "idle-timer");
2370
2371 s->idle_event_source = TAKE_PTR(source);
2372 return 1;
2373}
2374
2375int server_refresh_idle_timer(Server *s) {
65c398c0
LP		 2376 int r;
2377
2378 assert(s);
2379
2380 if (!s->idle_event_source)
2381 return 0;
2382
39cf0351 2383 r = sd_event_source_set_time_relative(s->idle_event_source, IDLE_TIMEOUT_USEC);
65c398c0
LP		 2384 if (r < 0)
2385 return log_error_errno(r, "Failed to refresh idle timer: %m");
2386
2387 return 1;
2388}
2389
9540782d 2390static int server_set_namespace(Server *s, const char *namespace) {
b1852c48
LP		 2391 assert(s);
2392
2393 if (!namespace)
2394 return 0;
2395
2396 if (!log_namespace_name_valid(namespace))
2397 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Specified namespace name not valid, refusing: %s", namespace);
2398
2399 s->namespace = strdup(namespace);
2400 if (!s->namespace)
2401 return log_oom();
2402
2403 s->namespace_field = strjoin("_NAMESPACE=", namespace);
2404 if (!s->namespace_field)
2405 return log_oom();
2406
2407 return 1;
2408}
2409
375c34d8
LP		 2410static int server_memory_pressure(sd_event_source *es, void *userdata) {
2411 Server *s = ASSERT_PTR(userdata);
2412
2413 log_info("Under memory pressure, flushing caches.");
2414
2415 /* Flushed the cached info we might have about client processes */
2416 client_context_flush_regular(s);
2417
2418 /* Let's also close all user files (but keep the system/runtime one open) */
2419 for (;;) {
45c0ecba 2420 JournalFile *first = ordered_hashmap_steal_first(s->user_journals);
375c34d8
LP		 2421
2422 if (!first)
2423 break;
2424
45c0ecba 2425 (void) journal_file_offline_close(first);
375c34d8
LP		 2426 }
2427
2428 sd_event_trim_memory();
2429
2430 return 0;
2431}
2432
2433static int server_setup_memory_pressure(Server *s) {
2434 int r;
2435
2436 assert(s);
2437
2438 r = sd_event_add_memory_pressure(s->event, NULL, server_memory_pressure, s);
2439 if (r < 0)
2440 log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) || ERRNO_IS_PRIVILEGE(r) || (r == -EHOSTDOWN) ? LOG_DEBUG : LOG_NOTICE, r,
2441 "Failed to install memory pressure event source, ignoring: %m");
2442
2443 return 0;
2444}
2445
80b1156b
YW		 2446int server_new(Server **ret) {
2447 _cleanup_(server_freep) Server *s = NULL;
d025f1e4 2448
80b1156b
YW		 2449 assert(ret);
2450
2451 s = new(Server, 1);
2452 if (!s)
2453 return -ENOMEM;
d025f1e4 2454
e4d9c985 2455 *s = (Server) {
254d1313
ZJS		 2456 .syslog_fd = -EBADF,
2457 .native_fd = -EBADF,
2458 .stdout_fd = -EBADF,
2459 .dev_kmsg_fd = -EBADF,
2460 .audit_fd = -EBADF,
2461 .hostname_fd = -EBADF,
2462 .notify_fd = -EBADF,
d025f1e4 2463
e4d9c985 2464 .compress.enabled = true,
f5fbe71d 2465 .compress.threshold_bytes = UINT64_MAX,
e4d9c985 2466 .seal = true,
119e9655 2467
511e03a3
LP		 2468 .set_audit = true,
2469
e4d9c985
LP		 2470 .watchdog_usec = USEC_INFINITY,
2471
2472 .sync_interval_usec = DEFAULT_SYNC_INTERVAL_USEC,
2473 .sync_scheduled = false,
26687bf8 2474
5ac1530e
ZJS		 2475 .ratelimit_interval = DEFAULT_RATE_LIMIT_INTERVAL,
2476 .ratelimit_burst = DEFAULT_RATE_LIMIT_BURST,
d025f1e4 2477
e4d9c985 2478 .forward_to_wall = true,
d025f1e4 2479
e4d9c985 2480 .max_file_usec = DEFAULT_MAX_FILE_USEC,
e150e820 2481
e4d9c985
LP		 2482 .max_level_store = LOG_DEBUG,
2483 .max_level_syslog = LOG_DEBUG,
2484 .max_level_kmsg = LOG_NOTICE,
2485 .max_level_console = LOG_INFO,
2486 .max_level_wall = LOG_EMERG,
d025f1e4 2487
e4d9c985
LP		 2488 .line_max = DEFAULT_LINE_MAX,
2489
2490 .runtime_storage.name = "Runtime Journal",
2491 .system_storage.name = "System Journal",
9c416180
DDM		 2492
2493 .kmsg_own_ratelimit = {
2494 .interval = DEFAULT_KMSG_OWN_INTERVAL,
2495 .burst = DEFAULT_KMSG_OWN_BURST,
2496 },
375c34d8
LP		 2497
2498 .sigrtmin18_info.memory_pressure_handler = server_memory_pressure,
2499 .sigrtmin18_info.memory_pressure_userdata = s,
e4d9c985 2500 };
ec20fe5f 2501
80b1156b
YW		 2502 *ret = TAKE_PTR(s);
2503 return 0;
2504}
2505
2506int server_init(Server *s, const char *namespace) {
2507 const char *native_socket, *syslog_socket, *stdout_socket, *varlink_socket, *e;
2508 _cleanup_fdset_free_ FDSet *fds = NULL;
e9dc98c5 2509 int n, r, varlink_fd = -EBADF;
80b1156b
YW		 2510 bool no_sockets;
2511
2512 assert(s);
2513
9540782d 2514 r = server_set_namespace(s, namespace);
b1852c48
LP		 2515 if (r < 0)
2516 return r;
2517
2518 /* By default, only read from /dev/kmsg if are the main namespace */
2519 s->read_kmsg = !s->namespace;
2520 s->storage = s->namespace ? STORAGE_PERSISTENT : STORAGE_AUTO;
2521
266a4700
FB		 2522 journal_reset_metrics(&s->system_storage.metrics);
2523 journal_reset_metrics(&s->runtime_storage.metrics);
d025f1e4
ZJS		 2524
2525 server_parse_config_file(s);
1d84ad94 2526
b1852c48
LP		 2527 if (!s->namespace) {
2528 /* Parse kernel command line, but only if we are not a namespace instance */
2529 r = proc_cmdline_parse(parse_proc_cmdline_item, s, PROC_CMDLINE_STRIP_RD_PREFIX);
2530 if (r < 0)
2531 log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
2532 }
8580d1f7 2533
d83f7e4c 2534 if (!!s->ratelimit_interval != !!s->ratelimit_burst) { /* One set to 0 and the other not? */
b1389b0d 2535 log_debug("Setting both rate limit interval and burst from "USEC_FMT",%u to 0,0",
5ac1530e
ZJS		 2536 s->ratelimit_interval, s->ratelimit_burst);
2537 s->ratelimit_interval = s->ratelimit_burst = 0;
d288f79f 2538 }
d025f1e4 2539
b1852c48
LP		 2540 e = getenv("RUNTIME_DIRECTORY");
2541 if (e)
2542 s->runtime_directory = strdup(e);
2543 else if (s->namespace)
2544 s->runtime_directory = strjoin("/run/systemd/journal.", s->namespace);
2545 else
2546 s->runtime_directory = strdup("/run/systemd/journal");
2547 if (!s->runtime_directory)
2548 return log_oom();
2549
2550 (void) mkdir_p(s->runtime_directory, 0755);
d025f1e4 2551
43cf8388 2552 s->user_journals = ordered_hashmap_new(NULL);
d025f1e4
ZJS		 2553 if (!s->user_journals)
2554 return log_oom();
2555
2556 s->mmap = mmap_cache_new();
2557 if (!s->mmap)
2558 return log_oom();
2559
b58c888f
VC		 2560 s->deferred_closes = set_new(NULL);
2561 if (!s->deferred_closes)
2562 return log_oom();
2563
f9a810be 2564 r = sd_event_default(&s->event);
23bbb0de
MS		 2565 if (r < 0)
2566 return log_error_errno(r, "Failed to create event loop: %m");
d025f1e4
ZJS		 2567
2568 n = sd_listen_fds(true);
23bbb0de
MS		 2569 if (n < 0)
2570 return log_error_errno(n, "Failed to read listening file descriptors from environment: %m");
d025f1e4 2571
b1852c48
LP		 2572 native_socket = strjoina(s->runtime_directory, "/socket");
2573 stdout_socket = strjoina(s->runtime_directory, "/stdout");
2574 syslog_socket = strjoina(s->runtime_directory, "/dev-log");
dc5437c7 2575 varlink_socket = strjoina(s->runtime_directory, "/io.systemd.journal");
b1852c48 2576
e9dc98c5 2577 for (int fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++)
d025f1e4 2578
b1852c48 2579 if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, native_socket, 0) > 0) {
d025f1e4 2580
baaa35ad
ZJS		 2581 if (s->native_fd >= 0)
2582 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
2583 "Too many native sockets passed.");
d025f1e4
ZJS		 2584
2585 s->native_fd = fd;
2586
b1852c48 2587 } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, stdout_socket, 0) > 0) {
d025f1e4 2588
baaa35ad
ZJS		 2589 if (s->stdout_fd >= 0)
2590 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
2591 "Too many stdout sockets passed.");
d025f1e4
ZJS		 2592
2593 s->stdout_fd = fd;
2594
b1852c48 2595 } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, syslog_socket, 0) > 0) {
d025f1e4 2596
baaa35ad
ZJS		 2597 if (s->syslog_fd >= 0)
2598 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
2599 "Too many /dev/log sockets passed.");
d025f1e4
ZJS		 2600
2601 s->syslog_fd = fd;
2602
dc5437c7
LP		 2603 } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, varlink_socket, 0) > 0) {
2604
2605 if (varlink_fd >= 0)
2606 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
2607 "Too many varlink sockets passed.");
2608
2609 varlink_fd = fd;
875c2e22
LP		 2610 } else if (sd_is_socket(fd, AF_NETLINK, SOCK_RAW, -1) > 0) {
2611
baaa35ad
ZJS		 2612 if (s->audit_fd >= 0)
2613 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
2614 "Too many audit sockets passed.");
875c2e22
LP		 2615
2616 s->audit_fd = fd;
2617
4ec3cd73 2618 } else {
4ec3cd73 2619
13790add
LP		 2620 if (!fds) {
2621 fds = fdset_new();
2622 if (!fds)
2623 return log_oom();
2624 }
4ec3cd73 2625
13790add
LP		 2626 r = fdset_put(fds, fd);
2627 if (r < 0)
2628 return log_oom();
4ec3cd73 2629 }
d025f1e4 2630
15d91bff
ZJS		 2631 /* Try to restore streams, but don't bother if this fails */
2632 (void) server_restore_streams(s, fds);
d025f1e4 2633
43127aeb 2634 if (!fdset_isempty(fds)) {
13790add
LP		 2635 log_warning("%u unknown file descriptors passed, closing.", fdset_size(fds));
2636 fds = fdset_free(fds);
2637 }
2638
dc5437c7 2639 no_sockets = s->native_fd < 0 && s->stdout_fd < 0 && s->syslog_fd < 0 && s->audit_fd < 0 && varlink_fd < 0;
7d18d348
ZJS		 2640
2641 /* always open stdout, syslog, native, and kmsg sockets */
37b7affe
ZJS		 2642
2643 /* systemd-journald.socket: /run/systemd/journal/stdout */
b1852c48 2644 r = server_open_stdout_socket(s, stdout_socket);
15d91bff
ZJS		 2645 if (r < 0)
2646 return r;
2647
37b7affe 2648 /* systemd-journald-dev-log.socket: /run/systemd/journal/dev-log */
b1852c48 2649 r = server_open_syslog_socket(s, syslog_socket);
d025f1e4
ZJS		 2650 if (r < 0)
2651 return r;
2652
37b7affe 2653 /* systemd-journald.socket: /run/systemd/journal/socket */
b1852c48 2654 r = server_open_native_socket(s, native_socket);
d025f1e4
ZJS		 2655 if (r < 0)
2656 return r;
2657
b2392ff3 2658 /* /dev/kmsg */
d025f1e4
ZJS		 2659 r = server_open_dev_kmsg(s);
2660 if (r < 0)
2661 return r;
2662
7d18d348
ZJS		 2663 /* Unless we got *some* sockets and not audit, open audit socket */
2664 if (s->audit_fd >= 0 || no_sockets) {
2aba7705
FB		 2665 log_info("Collecting audit messages is enabled.");
2666
7d18d348
ZJS		 2667 r = server_open_audit(s);
2668 if (r < 0)
2669 return r;
2aba7705
FB		 2670 } else
2671 log_info("Collecting audit messages is disabled.");
875c2e22 2672
dc5437c7 2673 r = server_open_varlink(s, varlink_socket, varlink_fd);
1ec23479
LP		 2674 if (r < 0)
2675 return r;
2676
e5d60d1b
LP		 2677 r = server_map_seqnum_file(s, "seqnum", sizeof(SeqnumData), (void**) &s->seqnum);
2678 if (r < 0)
2679 return log_error_errno(r, "Failed to map main seqnum file: %m");
2680
d025f1e4
ZJS		 2681 r = server_open_kernel_seqnum(s);
2682 if (r < 0)
2683 return r;
2684
0c24bb23
LP		 2685 r = server_open_hostname(s);
2686 if (r < 0)
2687 return r;
2688
9540782d 2689 r = server_setup_signals(s);
d025f1e4
ZJS		 2690 if (r < 0)
2691 return r;
2692
375c34d8
LP		 2693 r = server_setup_memory_pressure(s);
2694 if (r < 0)
2695 return r;
2696
5ac1530e
ZJS		 2697 s->ratelimit = journal_ratelimit_new();
2698 if (!s->ratelimit)
659a77be 2699 return log_oom();
d025f1e4 2700
e9174f29
LP		 2701 r = cg_get_root_path(&s->cgroup_root);
2702 if (r < 0)
659a77be 2703 return log_error_errno(r, "Failed to acquire cgroup root path: %m");
e9174f29 2704
0c24bb23
LP		 2705 server_cache_hostname(s);
2706 server_cache_boot_id(s);
2707 server_cache_machine_id(s);
2708
b1852c48
LP		 2709 if (s->namespace)
2710 s->runtime_storage.path = strjoin("/run/log/journal/", SERVER_MACHINE_ID(s), ".", s->namespace);
2711 else
2712 s->runtime_storage.path = strjoin("/run/log/journal/", SERVER_MACHINE_ID(s));
2713 if (!s->runtime_storage.path)
2714 return log_oom();
2715
2716 e = getenv("LOGS_DIRECTORY");
2717 if (e)
2718 s->system_storage.path = strdup(e);
2719 else if (s->namespace)
2720 s->system_storage.path = strjoin("/var/log/journal/", SERVER_MACHINE_ID(s), ".", s->namespace);
2721 else
2722 s->system_storage.path = strjoin("/var/log/journal/", SERVER_MACHINE_ID(s));
2723 if (!s->system_storage.path)
659a77be 2724 return log_oom();
266a4700 2725
e22aa3d3
LP		 2726 (void) server_connect_notify(s);
2727
22e3a02b
LP		 2728 (void) client_context_acquire_default(s);
2729
9540782d 2730 r = server_system_journal_open(s, /* flush_requested= */ false, /* relinquish_requested= */ false);
65c398c0
LP		 2731 if (r < 0)
2732 return r;
2733
2734 server_start_or_stop_idle_timer(s);
80b1156b 2735
65c398c0 2736 return 0;
d025f1e4
ZJS		 2737}
2738
2739void server_maybe_append_tags(Server *s) {
349cc4a5 2740#if HAVE_GCRYPT
45c0ecba 2741 JournalFile *f;
d025f1e4
ZJS		 2742 usec_t n;
2743
2744 n = now(CLOCK_REALTIME);
2745
2746 if (s->system_journal)
45c0ecba 2747 journal_file_maybe_append_tag(s->system_journal, n);
d025f1e4 2748
90e74a66 2749 ORDERED_HASHMAP_FOREACH(f, s->user_journals)
45c0ecba 2750 journal_file_maybe_append_tag(f, n);
d025f1e4
ZJS		 2751#endif
2752}
2753
80b1156b
YW		 2754Server* server_free(Server *s) {
2755 if (!s)
2756 return NULL;
d025f1e4 2757
b1852c48
LP		 2758 free(s->namespace);
2759 free(s->namespace_field);
2760
45c0ecba 2761 set_free_with_destructor(s->deferred_closes, journal_file_offline_close);
b58c888f 2762
d025f1e4
ZJS		 2763 while (s->stdout_streams)
2764 stdout_stream_free(s->stdout_streams);
2765
22e3a02b
LP		 2766 client_context_flush_all(s);
2767
45c0ecba
YW		 2768 (void) journal_file_offline_close(s->system_journal);
2769 (void) journal_file_offline_close(s->runtime_journal);
d025f1e4 2770
45c0ecba 2771 ordered_hashmap_free_with_destructor(s->user_journals, journal_file_offline_close);
d025f1e4 2772
1ec23479
LP		 2773 varlink_server_unref(s->varlink_server);
2774
f9a810be
LP		 2775 sd_event_source_unref(s->syslog_event_source);
2776 sd_event_source_unref(s->native_event_source);
2777 sd_event_source_unref(s->stdout_event_source);
2778 sd_event_source_unref(s->dev_kmsg_event_source);
875c2e22 2779 sd_event_source_unref(s->audit_event_source);
f9a810be
LP		 2780 sd_event_source_unref(s->sync_event_source);
2781 sd_event_source_unref(s->sigusr1_event_source);
2782 sd_event_source_unref(s->sigusr2_event_source);
2783 sd_event_source_unref(s->sigterm_event_source);
2784 sd_event_source_unref(s->sigint_event_source);
94b65516 2785 sd_event_source_unref(s->sigrtmin1_event_source);
0c24bb23 2786 sd_event_source_unref(s->hostname_event_source);
e22aa3d3 2787 sd_event_source_unref(s->notify_event_source);
119e9655 2788 sd_event_source_unref(s->watchdog_event_source);
65c398c0 2789 sd_event_source_unref(s->idle_event_source);
f9a810be 2790 sd_event_unref(s->event);
d025f1e4 2791
03e334a1
LP		 2792 safe_close(s->syslog_fd);
2793 safe_close(s->native_fd);
2794 safe_close(s->stdout_fd);
2795 safe_close(s->dev_kmsg_fd);
875c2e22 2796 safe_close(s->audit_fd);
03e334a1 2797 safe_close(s->hostname_fd);
e22aa3d3 2798 safe_close(s->notify_fd);
0c24bb23 2799
5ac1530e
ZJS		 2800 if (s->ratelimit)
2801 journal_ratelimit_free(s->ratelimit);
d025f1e4 2802
e5d60d1b
LP		 2803 server_unmap_seqnum_file(s->seqnum, sizeof(*s->seqnum));
2804 server_unmap_seqnum_file(s->kernel_seqnum, sizeof(*s->kernel_seqnum));
d025f1e4
ZJS		 2805
2806 free(s->buffer);
2807 free(s->tty_path);
e9174f29 2808 free(s->cgroup_root);
99d0966e 2809 free(s->hostname_field);
c6e9e16f
ZJS		 2810 free(s->runtime_storage.path);
2811 free(s->system_storage.path);
b1852c48 2812 free(s->runtime_directory);
d025f1e4 2813
e3d78cb1 2814 mmap_cache_unref(s->mmap);
80b1156b
YW		 2815
2816 return mfree(s);
d025f1e4 2817}
8580d1f7
LP		 2818
2819static const char* const storage_table[_STORAGE_MAX] = {
2820 [STORAGE_AUTO] = "auto",
2821 [STORAGE_VOLATILE] = "volatile",
2822 [STORAGE_PERSISTENT] = "persistent",
2823 [STORAGE_NONE] = "none"
2824};
2825
2826DEFINE_STRING_TABLE_LOOKUP(storage, Storage);
2827DEFINE_CONFIG_PARSE_ENUM(config_parse_storage, storage, Storage, "Failed to parse storage setting");
2828
2829static const char* const split_mode_table[_SPLIT_MAX] = {
2830 [SPLIT_LOGIN] = "login",
2831 [SPLIT_UID] = "uid",
2832 [SPLIT_NONE] = "none",
2833};
2834
2835DEFINE_STRING_TABLE_LOOKUP(split_mode, SplitMode);
2836DEFINE_CONFIG_PARSE_ENUM(config_parse_split_mode, split_mode, SplitMode, "Failed to parse split mode setting");
ec20fe5f
LP		 2837
2838int config_parse_line_max(
2839 const char* unit,
2840 const char *filename,
2841 unsigned line,
2842 const char *section,
2843 unsigned section_line,
2844 const char *lvalue,
2845 int ltype,
2846 const char *rvalue,
2847 void *data,
2848 void *userdata) {
2849
99534007 2850 size_t *sz = ASSERT_PTR(data);
ec20fe5f
LP		 2851 int r;
2852
2853 assert(filename);
2854 assert(lvalue);
2855 assert(rvalue);
ec20fe5f
LP		 2856
2857 if (isempty(rvalue))
2858 /* Empty assignment means default */
2859 *sz = DEFAULT_LINE_MAX;
2860 else {
2861 uint64_t v;
2862
2863 r = parse_size(rvalue, 1024, &v);
2864 if (r < 0) {
adb58487 2865 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse LineMax= value, ignoring: %s", rvalue);
ec20fe5f
LP		 2866 return 0;
2867 }
2868
2869 if (v < 79) {
2870 /* Why specify 79 here as minimum line length? Simply, because the most common traditional
2871 * terminal size is 80ch, and it might make sense to break one character before the natural
2872 * line break would occur on that. */
2873 log_syntax(unit, LOG_WARNING, filename, line, 0, "LineMax= too small, clamping to 79: %s", rvalue);
2874 *sz = 79;
2875 } else if (v > (uint64_t) (SSIZE_MAX-1)) {
2876 /* So, why specify SSIZE_MAX-1 here? Because that's one below the largest size value read()
2877 * can return, and we need one extra byte for the trailing NUL byte. Of course IRL such large
2878 * memory allocations will fail anyway, hence this limit is mostly theoretical anyway, as we'll
2879 * fail much earlier anyway. */
2880 log_syntax(unit, LOG_WARNING, filename, line, 0, "LineMax= too large, clamping to %" PRIu64 ": %s", (uint64_t) (SSIZE_MAX-1), rvalue);
2881 *sz = SSIZE_MAX-1;
2882 } else
2883 *sz = (size_t) v;
2884 }
2885
2886 return 0;
2887}
1b7cf0e5 2888
e3d36a8d
LP		 2889int config_parse_compress(
2890 const char* unit,
2891 const char *filename,
2892 unsigned line,
2893 const char *section,
2894 unsigned section_line,
2895 const char *lvalue,
2896 int ltype,
2897 const char *rvalue,
2898 void *data,
2899 void *userdata) {
2900
1b7cf0e5
AG		 2901 JournalCompressOptions* compress = data;
2902 int r;
2903
e3d36a8d
LP		 2904 if (isempty(rvalue)) {
2905 compress->enabled = true;
f5fbe71d 2906 compress->threshold_bytes = UINT64_MAX;
e3d36a8d 2907 } else if (streq(rvalue, "1")) {
1b7cf0e5
AG		 2908 log_syntax(unit, LOG_WARNING, filename, line, 0,
2909 "Compress= ambiguously specified as 1, enabling compression with default threshold");
2910 compress->enabled = true;
2911 } else if (streq(rvalue, "0")) {
2912 log_syntax(unit, LOG_WARNING, filename, line, 0,
2913 "Compress= ambiguously specified as 0, disabling compression");
2914 compress->enabled = false;
e3d36a8d
LP		 2915 } else {
2916 r = parse_boolean(rvalue);
2917 if (r < 0) {
2918 r = parse_size(rvalue, 1024, &compress->threshold_bytes);
2919 if (r < 0)
adb58487 2920 log_syntax(unit, LOG_WARNING, filename, line, r,
e3d36a8d
LP		 2921 "Failed to parse Compress= value, ignoring: %s", rvalue);
2922 else
2923 compress->enabled = true;
2924 } else
2925 compress->enabled = r;
2926 }
1b7cf0e5
AG		 2927
2928 return 0;
2929}
Unnamed repository; edit this file 'description' to name the repository.