]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/journal/journald-server.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #480 from rinrinne/fix-message
[thirdparty/systemd.git] / src / journal / journald-server.c
CommitLineData
d025f1e4
ZJS		 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3/***
4 This file is part of systemd.
5
6 Copyright 2011 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
22#include <sys/signalfd.h>
23#include <sys/ioctl.h>
24#include <linux/sockios.h>
25#include <sys/statvfs.h>
26#include <sys/mman.h>
27
24882e06
LP		 28#ifdef HAVE_SELINUX
29#include <selinux/selinux.h>
30#endif
31
d025f1e4 32#include <libudev.h>
d025f1e4 33
74df0fca
LP		 34#include "sd-journal.h"
35#include "sd-messages.h"
36#include "sd-daemon.h"
d025f1e4 37#include "mkdir.h"
c6878637 38#include "rm-rf.h"
d025f1e4
ZJS		 39#include "hashmap.h"
40#include "journal-file.h"
41#include "socket-util.h"
42#include "cgroup-util.h"
d025f1e4
ZJS		 43#include "missing.h"
44#include "conf-parser.h"
74df0fca 45#include "selinux-util.h"
958b66ea
LP		 46#include "acl-util.h"
47#include "formats-util.h"
48#include "process-util.h"
49#include "hostname-util.h"
24882e06 50#include "signal-util.h"
d025f1e4
ZJS		 51#include "journal-internal.h"
52#include "journal-vacuum.h"
53#include "journal-authenticate.h"
d025f1e4
ZJS		 54#include "journald-rate-limit.h"
55#include "journald-kmsg.h"
56#include "journald-syslog.h"
57#include "journald-stream.h"
d025f1e4 58#include "journald-native.h"
875c2e22 59#include "journald-audit.h"
74df0fca 60#include "journald-server.h"
d025f1e4 61
d025f1e4
ZJS		 62#define USER_JOURNALS_MAX 1024
63
26687bf8 64#define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
7f1ad696
LP		 65#define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC)
66#define DEFAULT_RATE_LIMIT_BURST 1000
e150e820 67#define DEFAULT_MAX_FILE_USEC USEC_PER_MONTH
d025f1e4
ZJS		 68
69#define RECHECK_AVAILABLE_SPACE_USEC (30*USEC_PER_SEC)
70
2c5859af 71static const char* const storage_table[_STORAGE_MAX] = {
d025f1e4
ZJS		 72 [STORAGE_AUTO] = "auto",
73 [STORAGE_VOLATILE] = "volatile",
74 [STORAGE_PERSISTENT] = "persistent",
75 [STORAGE_NONE] = "none"
76};
77
78DEFINE_STRING_TABLE_LOOKUP(storage, Storage);
79DEFINE_CONFIG_PARSE_ENUM(config_parse_storage, storage, Storage, "Failed to parse storage setting");
80
2c5859af
DM		 81static const char* const split_mode_table[_SPLIT_MAX] = {
82 [SPLIT_LOGIN] = "login",
d025f1e4 83 [SPLIT_UID] = "uid",
2c5859af 84 [SPLIT_NONE] = "none",
d025f1e4
ZJS		 85};
86
87DEFINE_STRING_TABLE_LOOKUP(split_mode, SplitMode);
88DEFINE_CONFIG_PARSE_ENUM(config_parse_split_mode, split_mode, SplitMode, "Failed to parse split mode setting");
89
670b110c 90static uint64_t available_space(Server *s, bool verbose) {
db91ea32 91 char ids[33];
7fd1b19b 92 _cleanup_free_ char *p = NULL;
d025f1e4
ZJS		 93 sd_id128_t machine;
94 struct statvfs ss;
670b110c 95 uint64_t sum = 0, ss_avail = 0, avail = 0;
d025f1e4 96 int r;
7fd1b19b 97 _cleanup_closedir_ DIR *d = NULL;
d025f1e4 98 usec_t ts;
670b110c 99 const char *f;
d025f1e4
ZJS		 100 JournalMetrics *m;
101
102 ts = now(CLOCK_MONOTONIC);
103
670b110c
ZJS		 104 if (s->cached_available_space_timestamp + RECHECK_AVAILABLE_SPACE_USEC > ts
105 && !verbose)
d025f1e4
ZJS		 106 return s->cached_available_space;
107
108 r = sd_id128_get_machine(&machine);
109 if (r < 0)
110 return 0;
111
112 if (s->system_journal) {
113 f = "/var/log/journal/";
114 m = &s->system_metrics;
115 } else {
116 f = "/run/log/journal/";
117 m = &s->runtime_metrics;
118 }
119
120 assert(m);
121
122 p = strappend(f, sd_id128_to_string(machine, ids));
123 if (!p)
124 return 0;
125
126 d = opendir(p);
d025f1e4
ZJS		 127 if (!d)
128 return 0;
129
130 if (fstatvfs(dirfd(d), &ss) < 0)
db91ea32 131 return 0;
d025f1e4
ZJS		 132
133 for (;;) {
134 struct stat st;
135 struct dirent *de;
d025f1e4 136
0371ca0d
FW		 137 errno = 0;
138 de = readdir(d);
139 if (!de && errno != 0)
140 return 0;
d025f1e4
ZJS		 141
142 if (!de)
143 break;
144
145 if (!endswith(de->d_name, ".journal") &&
146 !endswith(de->d_name, ".journal~"))
147 continue;
148
149 if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0)
150 continue;
151
152 if (!S_ISREG(st.st_mode))
153 continue;
154
155 sum += (uint64_t) st.st_blocks * 512UL;
156 }
157
d025f1e4
ZJS		 158 ss_avail = ss.f_bsize * ss.f_bavail;
159
348ced90
ZJS		 160 /* If we reached a high mark, we will always allow this much
161 * again, unless usage goes above max_use. This watermark
162 * value is cached so that we don't give up space on pressure,
163 * but hover below the maximum usage. */
164
165 if (m->use < sum)
166 m->use = sum;
167
168 avail = LESS_BY(ss_avail, m->keep_free);
169
170 s->cached_available_space = LESS_BY(MIN(m->max_use, avail), sum);
d025f1e4
ZJS		 171 s->cached_available_space_timestamp = ts;
172
670b110c
ZJS		 173 if (verbose) {
174 char fb1[FORMAT_BYTES_MAX], fb2[FORMAT_BYTES_MAX], fb3[FORMAT_BYTES_MAX],
175 fb4[FORMAT_BYTES_MAX], fb5[FORMAT_BYTES_MAX];
176
177 server_driver_message(s, SD_MESSAGE_JOURNAL_USAGE,
348ced90
ZJS		 178 "%s journal is using %s (max allowed %s, "
179 "trying to leave %s free of %s available → current limit %s).",
670b110c
ZJS		 180 s->system_journal ? "Permanent" : "Runtime",
181 format_bytes(fb1, sizeof(fb1), sum),
182 format_bytes(fb2, sizeof(fb2), m->max_use),
183 format_bytes(fb3, sizeof(fb3), m->keep_free),
184 format_bytes(fb4, sizeof(fb4), ss_avail),
348ced90 185 format_bytes(fb5, sizeof(fb5), s->cached_available_space + sum));
670b110c
ZJS		 186 }
187
188 return s->cached_available_space;
d025f1e4
ZJS		 189}
190
d025f1e4
ZJS		 191void server_fix_perms(Server *s, JournalFile *f, uid_t uid) {
192 int r;
193#ifdef HAVE_ACL
194 acl_t acl;
195 acl_entry_t entry;
196 acl_permset_t permset;
197#endif
198
199 assert(f);
200
4608af43 201 r = fchmod(f->fd, 0640);
d025f1e4 202 if (r < 0)
da927ba9 203 log_warning_errno(r, "Failed to fix access mode on %s, ignoring: %m", f->path);
d025f1e4
ZJS		 204
205#ifdef HAVE_ACL
34c10968 206 if (uid <= SYSTEM_UID_MAX)
d025f1e4
ZJS		 207 return;
208
209 acl = acl_get_fd(f->fd);
210 if (!acl) {
56f64d95 211 log_warning_errno(errno, "Failed to read ACL on %s, ignoring: %m", f->path);
d025f1e4
ZJS		 212 return;
213 }
214
215 r = acl_find_uid(acl, uid, &entry);
216 if (r <= 0) {
217
218 if (acl_create_entry(&acl, &entry) < 0 ||
219 acl_set_tag_type(entry, ACL_USER) < 0 ||
220 acl_set_qualifier(entry, &uid) < 0) {
56f64d95 221 log_warning_errno(errno, "Failed to patch ACL on %s, ignoring: %m", f->path);
d025f1e4
ZJS		 222 goto finish;
223 }
224 }
225
23ad4dd8
JAS		 226 /* We do not recalculate the mask unconditionally here,
227 * so that the fchmod() mask above stays intact. */
d025f1e4 228 if (acl_get_permset(entry, &permset) < 0 ||
23ad4dd8
JAS		 229 acl_add_perm(permset, ACL_READ) < 0 ||
230 calc_acl_mask_if_needed(&acl) < 0) {
56f64d95 231 log_warning_errno(errno, "Failed to patch ACL on %s, ignoring: %m", f->path);
d025f1e4
ZJS		 232 goto finish;
233 }
234
235 if (acl_set_fd(f->fd, acl) < 0)
56f64d95 236 log_warning_errno(errno, "Failed to set ACL on %s, ignoring: %m", f->path);
d025f1e4
ZJS		 237
238finish:
239 acl_free(acl);
240#endif
241}
242
243static JournalFile* find_journal(Server *s, uid_t uid) {
ed375beb 244 _cleanup_free_ char *p = NULL;
d025f1e4
ZJS		 245 int r;
246 JournalFile *f;
247 sd_id128_t machine;
248
249 assert(s);
250
251 /* We split up user logs only on /var, not on /run. If the
252 * runtime file is open, we write to it exclusively, in order
253 * to guarantee proper order as soon as we flush /run to
254 * /var and close the runtime file. */
255
256 if (s->runtime_journal)
257 return s->runtime_journal;
258
f7dc3ab9 259 if (uid <= SYSTEM_UID_MAX)
d025f1e4
ZJS		 260 return s->system_journal;
261
262 r = sd_id128_get_machine(&machine);
263 if (r < 0)
264 return s->system_journal;
265
43cf8388 266 f = ordered_hashmap_get(s->user_journals, UINT32_TO_PTR(uid));
d025f1e4
ZJS		 267 if (f)
268 return f;
269
de0671ee
ZJS		 270 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/user-"UID_FMT".journal",
271 SD_ID128_FORMAT_VAL(machine), uid) < 0)
d025f1e4
ZJS		 272 return s->system_journal;
273
43cf8388 274 while (ordered_hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
d025f1e4 275 /* Too many open? Then let's close one */
43cf8388 276 f = ordered_hashmap_steal_first(s->user_journals);
d025f1e4
ZJS		 277 assert(f);
278 journal_file_close(f);
279 }
280
cbd67177 281 r = journal_file_open_reliably(p, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &f);
d025f1e4
ZJS		 282 if (r < 0)
283 return s->system_journal;
284
285 server_fix_perms(s, f, uid);
286
43cf8388 287 r = ordered_hashmap_put(s->user_journals, UINT32_TO_PTR(uid), f);
d025f1e4
ZJS		 288 if (r < 0) {
289 journal_file_close(f);
290 return s->system_journal;
291 }
292
293 return f;
294}
295
ea69bd41
LP		 296static int do_rotate(
297 Server *s,
298 JournalFile **f,
299 const char* name,
300 bool seal,
301 uint32_t uid) {
302
fc55baee
ZJS		 303 int r;
304 assert(s);
305
306 if (!*f)
307 return -EINVAL;
308
309 r = journal_file_rotate(f, s->compress, seal);
310 if (r < 0)
311 if (*f)
ea69bd41 312 log_error_errno(r, "Failed to rotate %s: %m", (*f)->path);
fc55baee 313 else
ea69bd41 314 log_error_errno(r, "Failed to create new %s journal: %m", name);
fc55baee
ZJS		 315 else
316 server_fix_perms(s, *f, uid);
2678031a 317
fc55baee
ZJS		 318 return r;
319}
320
d025f1e4
ZJS		 321void server_rotate(Server *s) {
322 JournalFile *f;
323 void *k;
324 Iterator i;
325 int r;
326
327 log_debug("Rotating...");
328
fc55baee
ZJS		 329 do_rotate(s, &s->runtime_journal, "runtime", false, 0);
330 do_rotate(s, &s->system_journal, "system", s->seal, 0);
d025f1e4 331
43cf8388 332 ORDERED_HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
fc55baee
ZJS		 333 r = do_rotate(s, &f, "user", s->seal, PTR_TO_UINT32(k));
334 if (r >= 0)
43cf8388 335 ordered_hashmap_replace(s->user_journals, k, f);
fc55baee
ZJS		 336 else if (!f)
337 /* Old file has been closed and deallocated */
43cf8388 338 ordered_hashmap_remove(s->user_journals, k);
d025f1e4
ZJS		 339 }
340}
341
26687bf8
OS		 342void server_sync(Server *s) {
343 JournalFile *f;
344 void *k;
345 Iterator i;
346 int r;
347
26687bf8
OS		 348 if (s->system_journal) {
349 r = journal_file_set_offline(s->system_journal);
350 if (r < 0)
da927ba9 351 log_error_errno(r, "Failed to sync system journal: %m");
26687bf8
OS		 352 }
353
43cf8388 354 ORDERED_HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
26687bf8
OS		 355 r = journal_file_set_offline(f);
356 if (r < 0)
da927ba9 357 log_error_errno(r, "Failed to sync user journal: %m");
26687bf8
OS		 358 }
359
f9a810be
LP		 360 if (s->sync_event_source) {
361 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_OFF);
362 if (r < 0)
da927ba9 363 log_error_errno(r, "Failed to disable sync timer source: %m");
f9a810be 364 }
26687bf8
OS		 365
366 s->sync_scheduled = false;
367}
368
ea69bd41
LP		 369static void do_vacuum(
370 Server *s,
371 const char *id,
372 JournalFile *f,
373 const char* path,
374 JournalMetrics *metrics) {
375
376 const char *p;
63c8666b
ZJS		 377 int r;
378
379 if (!f)
380 return;
381
63c372cb 382 p = strjoina(path, id);
dbd2a83f 383 r = journal_directory_vacuum(p, metrics->max_use, s->max_retention_usec, &s->oldest_file_usec, false);
63c8666b 384 if (r < 0 && r != -ENOENT)
da927ba9 385 log_error_errno(r, "Failed to vacuum %s: %m", p);
63c8666b
ZJS		 386}
387
d025f1e4 388void server_vacuum(Server *s) {
d025f1e4
ZJS		 389 char ids[33];
390 sd_id128_t machine;
391 int r;
392
393 log_debug("Vacuuming...");
394
395 s->oldest_file_usec = 0;
396
397 r = sd_id128_get_machine(&machine);
398 if (r < 0) {
da927ba9 399 log_error_errno(r, "Failed to get machine ID: %m");
d025f1e4
ZJS		 400 return;
401 }
d025f1e4
ZJS		 402 sd_id128_to_string(machine, ids);
403
63c8666b
ZJS		 404 do_vacuum(s, ids, s->system_journal, "/var/log/journal/", &s->system_metrics);
405 do_vacuum(s, ids, s->runtime_journal, "/run/log/journal/", &s->runtime_metrics);
d025f1e4
ZJS		 406
407 s->cached_available_space_timestamp = 0;
408}
409
0c24bb23
LP		 410static void server_cache_machine_id(Server *s) {
411 sd_id128_t id;
412 int r;
413
414 assert(s);
415
416 r = sd_id128_get_machine(&id);
417 if (r < 0)
418 return;
419
420 sd_id128_to_string(id, stpcpy(s->machine_id_field, "_MACHINE_ID="));
421}
422
423static void server_cache_boot_id(Server *s) {
424 sd_id128_t id;
425 int r;
426
427 assert(s);
428
429 r = sd_id128_get_boot(&id);
430 if (r < 0)
431 return;
432
433 sd_id128_to_string(id, stpcpy(s->boot_id_field, "_BOOT_ID="));
434}
435
436static void server_cache_hostname(Server *s) {
437 _cleanup_free_ char *t = NULL;
438 char *x;
439
440 assert(s);
441
442 t = gethostname_malloc();
443 if (!t)
444 return;
445
446 x = strappend("_HOSTNAME=", t);
447 if (!x)
448 return;
449
450 free(s->hostname_field);
451 s->hostname_field = x;
452}
453
8531ae70 454static bool shall_try_append_again(JournalFile *f, int r) {
d025f1e4
ZJS		 455
456 /* -E2BIG Hit configured limit
457 -EFBIG Hit fs limit
458 -EDQUOT Quota limit hit
459 -ENOSPC Disk full
fa6ac760 460 -EIO I/O error of some kind (mmap)
d025f1e4
ZJS		 461 -EHOSTDOWN Other machine
462 -EBUSY Unclean shutdown
463 -EPROTONOSUPPORT Unsupported feature
464 -EBADMSG Corrupted
465 -ENODATA Truncated
2678031a
LP		 466 -ESHUTDOWN Already archived
467 -EIDRM Journal file has been deleted */
d025f1e4
ZJS		 468
469 if (r == -E2BIG || r == -EFBIG || r == -EDQUOT || r == -ENOSPC)
470 log_debug("%s: Allocation limit reached, rotating.", f->path);
471 else if (r == -EHOSTDOWN)
472 log_info("%s: Journal file from other machine, rotating.", f->path);
473 else if (r == -EBUSY)
474 log_info("%s: Unclean shutdown, rotating.", f->path);
475 else if (r == -EPROTONOSUPPORT)
476 log_info("%s: Unsupported feature, rotating.", f->path);
477 else if (r == -EBADMSG || r == -ENODATA || r == ESHUTDOWN)
478 log_warning("%s: Journal file corrupted, rotating.", f->path);
fa6ac760
LP		 479 else if (r == -EIO)
480 log_warning("%s: IO error, rotating.", f->path);
2678031a
LP		 481 else if (r == -EIDRM)
482 log_warning("%s: Journal file has been deleted, rotating.", f->path);
d025f1e4
ZJS		 483 else
484 return false;
485
486 return true;
487}
488
d07f7b9e 489static void write_to_journal(Server *s, uid_t uid, struct iovec *iovec, unsigned n, int priority) {
d025f1e4
ZJS		 490 JournalFile *f;
491 bool vacuumed = false;
492 int r;
493
494 assert(s);
495 assert(iovec);
496 assert(n > 0);
497
498 f = find_journal(s, uid);
499 if (!f)
500 return;
501
502 if (journal_file_rotate_suggested(f, s->max_file_usec)) {
503 log_debug("%s: Journal header limits reached or header out-of-date, rotating.", f->path);
504 server_rotate(s);
505 server_vacuum(s);
506 vacuumed = true;
507
508 f = find_journal(s, uid);
509 if (!f)
510 return;
511 }
512
513 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
26687bf8 514 if (r >= 0) {
d07f7b9e 515 server_schedule_sync(s, priority);
d025f1e4 516 return;
26687bf8 517 }
d025f1e4
ZJS		 518
519 if (vacuumed || !shall_try_append_again(f, r)) {
8266e1c0 520 log_error_errno(r, "Failed to write entry (%d items, %zu bytes), ignoring: %m", n, IOVEC_TOTAL_SIZE(iovec, n));
d025f1e4
ZJS		 521 return;
522 }
523
524 server_rotate(s);
525 server_vacuum(s);
526
527 f = find_journal(s, uid);
528 if (!f)
529 return;
530
531 log_debug("Retrying write.");
532 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
8266e1c0
LP		 533 if (r < 0)
534 log_error_errno(r, "Failed to write entry (%d items, %zu bytes) despite vacuuming, ignoring: %m", n, IOVEC_TOTAL_SIZE(iovec, n));
535 else
d07f7b9e 536 server_schedule_sync(s, priority);
d025f1e4
ZJS		 537}
538
539static void dispatch_message_real(
540 Server *s,
541 struct iovec *iovec, unsigned n, unsigned m,
3b3154df
LP		 542 const struct ucred *ucred,
543 const struct timeval *tv,
d025f1e4 544 const char *label, size_t label_len,
968f3196 545 const char *unit_id,
d07f7b9e 546 int priority,
968f3196 547 pid_t object_pid) {
d025f1e4 548
968f3196 549 char pid[sizeof("_PID=") + DECIMAL_STR_MAX(pid_t)],
ae018d9b
LP		 550 uid[sizeof("_UID=") + DECIMAL_STR_MAX(uid_t)],
551 gid[sizeof("_GID=") + DECIMAL_STR_MAX(gid_t)],
552 owner_uid[sizeof("_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)],
d3789917 553 source_time[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)],
968f3196
ZJS		 554 o_uid[sizeof("OBJECT_UID=") + DECIMAL_STR_MAX(uid_t)],
555 o_gid[sizeof("OBJECT_GID=") + DECIMAL_STR_MAX(gid_t)],
556 o_owner_uid[sizeof("OBJECT_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)];
557 uid_t object_uid;
558 gid_t object_gid;
968f3196 559 char *x;
d025f1e4 560 int r;
ae018d9b 561 char *t, *c;
82499507
LP		 562 uid_t realuid = 0, owner = 0, journal_uid;
563 bool owner_valid = false;
ae018d9b 564#ifdef HAVE_AUDIT
968f3196
ZJS		 565 char audit_session[sizeof("_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
566 audit_loginuid[sizeof("_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)],
567 o_audit_session[sizeof("OBJECT_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
568 o_audit_loginuid[sizeof("OBJECT_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)];
ae018d9b
LP		 569
570 uint32_t audit;
571 uid_t loginuid;
572#endif
d025f1e4
ZJS		 573
574 assert(s);
575 assert(iovec);
576 assert(n > 0);
968f3196 577 assert(n + N_IOVEC_META_FIELDS + (object_pid ? N_IOVEC_OBJECT_FIELDS : 0) <= m);
d025f1e4
ZJS		 578
579 if (ucred) {
d025f1e4
ZJS		 580 realuid = ucred->uid;
581
de0671ee 582 sprintf(pid, "_PID="PID_FMT, ucred->pid);
c2457105 583 IOVEC_SET_STRING(iovec[n++], pid);
d025f1e4 584
de0671ee 585 sprintf(uid, "_UID="UID_FMT, ucred->uid);
c2457105 586 IOVEC_SET_STRING(iovec[n++], uid);
d025f1e4 587
de0671ee 588 sprintf(gid, "_GID="GID_FMT, ucred->gid);
c2457105 589 IOVEC_SET_STRING(iovec[n++], gid);
d025f1e4
ZJS		 590
591 r = get_process_comm(ucred->pid, &t);
592 if (r >= 0) {
63c372cb 593 x = strjoina("_COMM=", t);
d025f1e4 594 free(t);
968f3196 595 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4
ZJS		 596 }
597
598 r = get_process_exe(ucred->pid, &t);
599 if (r >= 0) {
63c372cb 600 x = strjoina("_EXE=", t);
d025f1e4 601 free(t);
968f3196 602 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4
ZJS		 603 }
604
9bdbc2e2 605 r = get_process_cmdline(ucred->pid, 0, false, &t);
d025f1e4 606 if (r >= 0) {
63c372cb 607 x = strjoina("_CMDLINE=", t);
d025f1e4 608 free(t);
3a832116
SL		 609 IOVEC_SET_STRING(iovec[n++], x);
610 }
611
612 r = get_process_capeff(ucred->pid, &t);
613 if (r >= 0) {
63c372cb 614 x = strjoina("_CAP_EFFECTIVE=", t);
3a832116 615 free(t);
968f3196 616 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4
ZJS		 617 }
618
0a20e3c1 619#ifdef HAVE_AUDIT
d025f1e4 620 r = audit_session_from_pid(ucred->pid, &audit);
ae018d9b 621 if (r >= 0) {
de0671ee 622 sprintf(audit_session, "_AUDIT_SESSION=%"PRIu32, audit);
ae018d9b
LP		 623 IOVEC_SET_STRING(iovec[n++], audit_session);
624 }
d025f1e4
ZJS		 625
626 r = audit_loginuid_from_pid(ucred->pid, &loginuid);
7027ff61 627 if (r >= 0) {
de0671ee 628 sprintf(audit_loginuid, "_AUDIT_LOGINUID="UID_FMT, loginuid);
ae018d9b 629 IOVEC_SET_STRING(iovec[n++], audit_loginuid);
d025f1e4 630 }
ae018d9b 631#endif
d025f1e4 632
e9174f29 633 r = cg_pid_get_path_shifted(ucred->pid, s->cgroup_root, &c);
7027ff61 634 if (r >= 0) {
968f3196
ZJS		 635 char *session = NULL;
636
63c372cb 637 x = strjoina("_SYSTEMD_CGROUP=", c);
968f3196 638 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4 639
ae018d9b
LP		 640 r = cg_path_get_session(c, &t);
641 if (r >= 0) {
63c372cb 642 session = strjoina("_SYSTEMD_SESSION=", t);
ae018d9b 643 free(t);
d025f1e4 644 IOVEC_SET_STRING(iovec[n++], session);
ae018d9b
LP		 645 }
646
647 if (cg_path_get_owner_uid(c, &owner) >= 0) {
648 owner_valid = true;
d025f1e4 649
de0671ee 650 sprintf(owner_uid, "_SYSTEMD_OWNER_UID="UID_FMT, owner);
d025f1e4 651 IOVEC_SET_STRING(iovec[n++], owner_uid);
ae018d9b 652 }
d025f1e4 653
ae018d9b 654 if (cg_path_get_unit(c, &t) >= 0) {
63c372cb 655 x = strjoina("_SYSTEMD_UNIT=", t);
ae018d9b 656 free(t);
19cace37
LP		 657 IOVEC_SET_STRING(iovec[n++], x);
658 } else if (unit_id && !session) {
63c372cb 659 x = strjoina("_SYSTEMD_UNIT=", unit_id);
19cace37
LP		 660 IOVEC_SET_STRING(iovec[n++], x);
661 }
662
663 if (cg_path_get_user_unit(c, &t) >= 0) {
63c372cb 664 x = strjoina("_SYSTEMD_USER_UNIT=", t);
ae018d9b 665 free(t);
968f3196 666 IOVEC_SET_STRING(iovec[n++], x);
19cace37 667 } else if (unit_id && session) {
63c372cb 668 x = strjoina("_SYSTEMD_USER_UNIT=", unit_id);
19cace37
LP		 669 IOVEC_SET_STRING(iovec[n++], x);
670 }
ae018d9b 671
0a244b8e 672 if (cg_path_get_slice(c, &t) >= 0) {
63c372cb 673 x = strjoina("_SYSTEMD_SLICE=", t);
0a244b8e
LP		 674 free(t);
675 IOVEC_SET_STRING(iovec[n++], x);
676 }
677
ae018d9b 678 free(c);
2d43b190 679 } else if (unit_id) {
63c372cb 680 x = strjoina("_SYSTEMD_UNIT=", unit_id);
2d43b190 681 IOVEC_SET_STRING(iovec[n++], x);
ef1673d1 682 }
d025f1e4 683
d025f1e4 684#ifdef HAVE_SELINUX
6baa7db0 685 if (mac_selinux_use()) {
d682b3a7 686 if (label) {
f8294e41 687 x = alloca(strlen("_SELINUX_CONTEXT=") + label_len + 1);
ae018d9b 688
d682b3a7
LP		 689 *((char*) mempcpy(stpcpy(x, "_SELINUX_CONTEXT="), label, label_len)) = 0;
690 IOVEC_SET_STRING(iovec[n++], x);
691 } else {
692 security_context_t con;
d025f1e4 693
d682b3a7 694 if (getpidcon(ucred->pid, &con) >= 0) {
63c372cb 695 x = strjoina("_SELINUX_CONTEXT=", con);
e7ff4e7f 696
d682b3a7
LP		 697 freecon(con);
698 IOVEC_SET_STRING(iovec[n++], x);
699 }
d025f1e4
ZJS		 700 }
701 }
702#endif
703 }
968f3196
ZJS		 704 assert(n <= m);
705
706 if (object_pid) {
707 r = get_process_uid(object_pid, &object_uid);
708 if (r >= 0) {
de0671ee 709 sprintf(o_uid, "OBJECT_UID="UID_FMT, object_uid);
968f3196
ZJS		 710 IOVEC_SET_STRING(iovec[n++], o_uid);
711 }
712
713 r = get_process_gid(object_pid, &object_gid);
714 if (r >= 0) {
de0671ee 715 sprintf(o_gid, "OBJECT_GID="GID_FMT, object_gid);
968f3196
ZJS		 716 IOVEC_SET_STRING(iovec[n++], o_gid);
717 }
718
719 r = get_process_comm(object_pid, &t);
720 if (r >= 0) {
63c372cb 721 x = strjoina("OBJECT_COMM=", t);
968f3196
ZJS		 722 free(t);
723 IOVEC_SET_STRING(iovec[n++], x);
724 }
725
726 r = get_process_exe(object_pid, &t);
727 if (r >= 0) {
63c372cb 728 x = strjoina("OBJECT_EXE=", t);
968f3196
ZJS		 729 free(t);
730 IOVEC_SET_STRING(iovec[n++], x);
731 }
732
733 r = get_process_cmdline(object_pid, 0, false, &t);
734 if (r >= 0) {
63c372cb 735 x = strjoina("OBJECT_CMDLINE=", t);
968f3196
ZJS		 736 free(t);
737 IOVEC_SET_STRING(iovec[n++], x);
738 }
739
740#ifdef HAVE_AUDIT
741 r = audit_session_from_pid(object_pid, &audit);
742 if (r >= 0) {
de0671ee 743 sprintf(o_audit_session, "OBJECT_AUDIT_SESSION=%"PRIu32, audit);
968f3196
ZJS		 744 IOVEC_SET_STRING(iovec[n++], o_audit_session);
745 }
746
747 r = audit_loginuid_from_pid(object_pid, &loginuid);
748 if (r >= 0) {
de0671ee 749 sprintf(o_audit_loginuid, "OBJECT_AUDIT_LOGINUID="UID_FMT, loginuid);
968f3196
ZJS		 750 IOVEC_SET_STRING(iovec[n++], o_audit_loginuid);
751 }
752#endif
753
e9174f29 754 r = cg_pid_get_path_shifted(object_pid, s->cgroup_root, &c);
968f3196 755 if (r >= 0) {
63c372cb 756 x = strjoina("OBJECT_SYSTEMD_CGROUP=", c);
968f3196
ZJS		 757 IOVEC_SET_STRING(iovec[n++], x);
758
759 r = cg_path_get_session(c, &t);
760 if (r >= 0) {
63c372cb 761 x = strjoina("OBJECT_SYSTEMD_SESSION=", t);
968f3196
ZJS		 762 free(t);
763 IOVEC_SET_STRING(iovec[n++], x);
764 }
765
766 if (cg_path_get_owner_uid(c, &owner) >= 0) {
de0671ee 767 sprintf(o_owner_uid, "OBJECT_SYSTEMD_OWNER_UID="UID_FMT, owner);
968f3196
ZJS		 768 IOVEC_SET_STRING(iovec[n++], o_owner_uid);
769 }
770
771 if (cg_path_get_unit(c, &t) >= 0) {
63c372cb 772 x = strjoina("OBJECT_SYSTEMD_UNIT=", t);
968f3196 773 free(t);
19cace37
LP		 774 IOVEC_SET_STRING(iovec[n++], x);
775 }
776
777 if (cg_path_get_user_unit(c, &t) >= 0) {
63c372cb 778 x = strjoina("OBJECT_SYSTEMD_USER_UNIT=", t);
968f3196 779 free(t);
968f3196 780 IOVEC_SET_STRING(iovec[n++], x);
19cace37 781 }
968f3196
ZJS		 782
783 free(c);
784 }
785 }
786 assert(n <= m);
d025f1e4
ZJS		 787
788 if (tv) {
ae018d9b 789 sprintf(source_time, "_SOURCE_REALTIME_TIMESTAMP=%llu", (unsigned long long) timeval_load(tv));
a5693989 790 IOVEC_SET_STRING(iovec[n++], source_time);
d025f1e4
ZJS		 791 }
792
793 /* Note that strictly speaking storing the boot id here is
794 * redundant since the entry includes this in-line
795 * anyway. However, we need this indexed, too. */
0c24bb23
LP		 796 if (!isempty(s->boot_id_field))
797 IOVEC_SET_STRING(iovec[n++], s->boot_id_field);
d025f1e4 798
0c24bb23
LP		 799 if (!isempty(s->machine_id_field))
800 IOVEC_SET_STRING(iovec[n++], s->machine_id_field);
d025f1e4 801
0c24bb23
LP		 802 if (!isempty(s->hostname_field))
803 IOVEC_SET_STRING(iovec[n++], s->hostname_field);
d025f1e4
ZJS		 804
805 assert(n <= m);
806
da499392 807 if (s->split_mode == SPLIT_UID && realuid > 0)
40adcda8 808 /* Split up strictly by any UID */
759c945a 809 journal_uid = realuid;
82499507 810 else if (s->split_mode == SPLIT_LOGIN && realuid > 0 && owner_valid && owner > 0)
edc3797f
LP		 811 /* Split up by login UIDs. We do this only if the
812 * realuid is not root, in order not to accidentally
813 * leak privileged information to the user that is
814 * logged by a privileged process that is part of an
7517e174 815 * unprivileged session. */
8a0889df 816 journal_uid = owner;
da499392
KS		 817 else
818 journal_uid = 0;
759c945a 819
d07f7b9e 820 write_to_journal(s, journal_uid, iovec, n, priority);
d025f1e4
ZJS		 821}
822
823void server_driver_message(Server *s, sd_id128_t message_id, const char *format, ...) {
824 char mid[11 + 32 + 1];
825 char buffer[16 + LINE_MAX + 1];
826 struct iovec iovec[N_IOVEC_META_FIELDS + 4];
827 int n = 0;
828 va_list ap;
b92bea5d 829 struct ucred ucred = {};
d025f1e4
ZJS		 830
831 assert(s);
832 assert(format);
833
834 IOVEC_SET_STRING(iovec[n++], "PRIORITY=6");
835 IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=driver");
836
837 memcpy(buffer, "MESSAGE=", 8);
838 va_start(ap, format);
839 vsnprintf(buffer + 8, sizeof(buffer) - 8, format, ap);
840 va_end(ap);
d025f1e4
ZJS		 841 IOVEC_SET_STRING(iovec[n++], buffer);
842
843 if (!sd_id128_equal(message_id, SD_ID128_NULL)) {
e2cc6eca 844 snprintf(mid, sizeof(mid), LOG_MESSAGE_ID(message_id));
d025f1e4
ZJS		 845 IOVEC_SET_STRING(iovec[n++], mid);
846 }
847
d025f1e4
ZJS		 848 ucred.pid = getpid();
849 ucred.uid = getuid();
850 ucred.gid = getgid();
851
d07f7b9e 852 dispatch_message_real(s, iovec, n, ELEMENTSOF(iovec), &ucred, NULL, NULL, 0, NULL, LOG_INFO, 0);
d025f1e4
ZJS		 853}
854
855void server_dispatch_message(
856 Server *s,
857 struct iovec *iovec, unsigned n, unsigned m,
3b3154df
LP		 858 const struct ucred *ucred,
859 const struct timeval *tv,
d025f1e4
ZJS		 860 const char *label, size_t label_len,
861 const char *unit_id,
968f3196
ZJS		 862 int priority,
863 pid_t object_pid) {
d025f1e4 864
7027ff61 865 int rl, r;
7fd1b19b 866 _cleanup_free_ char *path = NULL;
db91ea32 867 char *c;
d025f1e4
ZJS		 868
869 assert(s);
870 assert(iovec || n == 0);
871
872 if (n == 0)
873 return;
874
875 if (LOG_PRI(priority) > s->max_level_store)
876 return;
877
2f5df74a
HHPF		 878 /* Stop early in case the information will not be stored
879 * in a journal. */
880 if (s->storage == STORAGE_NONE)
881 return;
882
d025f1e4
ZJS		 883 if (!ucred)
884 goto finish;
885
e9174f29 886 r = cg_pid_get_path_shifted(ucred->pid, s->cgroup_root, &path);
7027ff61 887 if (r < 0)
d025f1e4
ZJS		 888 goto finish;
889
890 /* example: /user/lennart/3/foobar
891 * /system/dbus.service/foobar
892 *
893 * So let's cut of everything past the third /, since that is
894 * where user directories start */
895
896 c = strchr(path, '/');
897 if (c) {
898 c = strchr(c+1, '/');
899 if (c) {
900 c = strchr(c+1, '/');
901 if (c)
902 *c = 0;
903 }
904 }
905
db91ea32 906 rl = journal_rate_limit_test(s->rate_limit, path,
670b110c 907 priority & LOG_PRIMASK, available_space(s, false));
d025f1e4 908
db91ea32 909 if (rl == 0)
d025f1e4 910 return;
d025f1e4
ZJS		 911
912 /* Write a suppression message if we suppressed something */
913 if (rl > 1)
db91ea32
ZJS		 914 server_driver_message(s, SD_MESSAGE_JOURNAL_DROPPED,
915 "Suppressed %u messages from %s", rl - 1, path);
d025f1e4
ZJS		 916
917finish:
d07f7b9e 918 dispatch_message_real(s, iovec, n, m, ucred, tv, label, label_len, unit_id, priority, object_pid);
d025f1e4
ZJS		 919}
920
921
caa2f4c0 922static int system_journal_open(Server *s, bool flush_requested) {
d025f1e4
ZJS		 923 int r;
924 char *fn;
925 sd_id128_t machine;
926 char ids[33];
927
928 r = sd_id128_get_machine(&machine);
23bbb0de
MS		 929 if (r < 0)
930 return log_error_errno(r, "Failed to get machine id: %m");
d025f1e4
ZJS		 931
932 sd_id128_to_string(machine, ids);
933
934 if (!s->system_journal &&
935 (s->storage == STORAGE_PERSISTENT || s->storage == STORAGE_AUTO) &&
caa2f4c0
ZJS		 936 (flush_requested
937 || access("/run/systemd/journal/flushed", F_OK) >= 0)) {
d025f1e4
ZJS		 938
939 /* If in auto mode: first try to create the machine
940 * path, but not the prefix.
941 *
942 * If in persistent mode: create /var/log/journal and
943 * the machine path */
944
945 if (s->storage == STORAGE_PERSISTENT)
946 (void) mkdir("/var/log/journal/", 0755);
947
63c372cb 948 fn = strjoina("/var/log/journal/", ids);
d025f1e4 949 (void) mkdir(fn, 0755);
d025f1e4 950
63c372cb 951 fn = strjoina(fn, "/system.journal");
d025f1e4 952 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &s->system_journal);
d025f1e4 953
670b110c 954 if (r >= 0)
d025f1e4 955 server_fix_perms(s, s->system_journal, 0);
433dd100
LN		 956 else if (r < 0) {
957 if (r != -ENOENT && r != -EROFS)
da927ba9 958 log_warning_errno(r, "Failed to open system journal: %m");
e40ec7ae 959
433dd100
LN		 960 r = 0;
961 }
d025f1e4
ZJS		 962 }
963
964 if (!s->runtime_journal &&
965 (s->storage != STORAGE_NONE)) {
966
967 fn = strjoin("/run/log/journal/", ids, "/system.journal", NULL);
968 if (!fn)
969 return -ENOMEM;
970
971 if (s->system_journal) {
972
973 /* Try to open the runtime journal, but only
974 * if it already exists, so that we can flush
975 * it into the system journal */
976
977 r = journal_file_open(fn, O_RDWR, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
978 free(fn);
979
980 if (r < 0) {
981 if (r != -ENOENT)
da927ba9 982 log_warning_errno(r, "Failed to open runtime journal: %m");
d025f1e4
ZJS		 983
984 r = 0;
985 }
986
987 } else {
988
989 /* OK, we really need the runtime journal, so create
990 * it if necessary. */
991
fc1d70af
LP		 992 (void) mkdir("/run/log", 0755);
993 (void) mkdir("/run/log/journal", 0755);
994 (void) mkdir_parents(fn, 0750);
995
d025f1e4
ZJS		 996 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
997 free(fn);
998
23bbb0de
MS		 999 if (r < 0)
1000 return log_error_errno(r, "Failed to open runtime journal: %m");
d025f1e4
ZJS		 1001 }
1002
670b110c 1003 if (s->runtime_journal)
d025f1e4 1004 server_fix_perms(s, s->runtime_journal, 0);
d025f1e4
ZJS		 1005 }
1006
670b110c
ZJS		 1007 available_space(s, true);
1008
d025f1e4
ZJS		 1009 return r;
1010}
1011
1012int server_flush_to_var(Server *s) {
d025f1e4
ZJS		 1013 sd_id128_t machine;
1014 sd_journal *j = NULL;
fbb63411
LP		 1015 char ts[FORMAT_TIMESPAN_MAX];
1016 usec_t start;
1017 unsigned n = 0;
1018 int r;
d025f1e4
ZJS		 1019
1020 assert(s);
1021
1022 if (s->storage != STORAGE_AUTO &&
1023 s->storage != STORAGE_PERSISTENT)
1024 return 0;
1025
1026 if (!s->runtime_journal)
1027 return 0;
1028
caa2f4c0 1029 system_journal_open(s, true);
d025f1e4
ZJS		 1030
1031 if (!s->system_journal)
1032 return 0;
1033
1034 log_debug("Flushing to /var...");
1035
fbb63411
LP		 1036 start = now(CLOCK_MONOTONIC);
1037
d025f1e4 1038 r = sd_id128_get_machine(&machine);
00a16861 1039 if (r < 0)
d025f1e4 1040 return r;
d025f1e4
ZJS		 1041
1042 r = sd_journal_open(&j, SD_JOURNAL_RUNTIME_ONLY);
23bbb0de
MS		 1043 if (r < 0)
1044 return log_error_errno(r, "Failed to read runtime journal: %m");
d025f1e4 1045
93b73b06
LP		 1046 sd_journal_set_data_threshold(j, 0);
1047
d025f1e4
ZJS		 1048 SD_JOURNAL_FOREACH(j) {
1049 Object *o = NULL;
1050 JournalFile *f;
1051
1052 f = j->current_file;
1053 assert(f && f->current_offset > 0);
1054
fbb63411
LP		 1055 n++;
1056
d025f1e4
ZJS		 1057 r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
1058 if (r < 0) {
da927ba9 1059 log_error_errno(r, "Can't read entry: %m");
d025f1e4
ZJS		 1060 goto finish;
1061 }
1062
1063 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
1064 if (r >= 0)
1065 continue;
1066
1067 if (!shall_try_append_again(s->system_journal, r)) {
da927ba9 1068 log_error_errno(r, "Can't write entry: %m");
d025f1e4
ZJS		 1069 goto finish;
1070 }
1071
1072 server_rotate(s);
1073 server_vacuum(s);
1074
253f59df
LP		 1075 if (!s->system_journal) {
1076 log_notice("Didn't flush runtime journal since rotation of system journal wasn't successful.");
1077 r = -EIO;
1078 goto finish;
1079 }
1080
d025f1e4
ZJS		 1081 log_debug("Retrying write.");
1082 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
1083 if (r < 0) {
da927ba9 1084 log_error_errno(r, "Can't write entry: %m");
d025f1e4
ZJS		 1085 goto finish;
1086 }
1087 }
1088
1089finish:
1090 journal_file_post_change(s->system_journal);
1091
1092 journal_file_close(s->runtime_journal);
1093 s->runtime_journal = NULL;
1094
1095 if (r >= 0)
c6878637 1096 (void) rm_rf("/run/log/journal", REMOVE_ROOT);
d025f1e4 1097
763c7aa2 1098 sd_journal_close(j);
d025f1e4 1099
fbb63411
LP		 1100 server_driver_message(s, SD_ID128_NULL, "Time spent on flushing to /var is %s for %u entries.", format_timespan(ts, sizeof(ts), now(CLOCK_MONOTONIC) - start, 0), n);
1101
d025f1e4
ZJS		 1102 return r;
1103}
1104
8531ae70 1105int server_process_datagram(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
f9a810be 1106 Server *s = userdata;
a315ac4e
LP		 1107 struct ucred *ucred = NULL;
1108 struct timeval *tv = NULL;
1109 struct cmsghdr *cmsg;
1110 char *label = NULL;
1111 size_t label_len = 0, m;
1112 struct iovec iovec;
1113 ssize_t n;
1114 int *fds = NULL, v = 0;
1115 unsigned n_fds = 0;
1116
1117 union {
1118 struct cmsghdr cmsghdr;
1119
1120 /* We use NAME_MAX space for the SELinux label
1121 * here. The kernel currently enforces no
1122 * limit, but according to suggestions from
1123 * the SELinux people this will change and it
1124 * will probably be identical to NAME_MAX. For
1125 * now we use that, but this should be updated
1126 * one day when the final limit is known. */
1127 uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
1128 CMSG_SPACE(sizeof(struct timeval)) +
1129 CMSG_SPACE(sizeof(int)) + /* fd */
1130 CMSG_SPACE(NAME_MAX)]; /* selinux label */
1131 } control = {};
1132
1133 union sockaddr_union sa = {};
1134
1135 struct msghdr msghdr = {
1136 .msg_iov = &iovec,
1137 .msg_iovlen = 1,
1138 .msg_control = &control,
1139 .msg_controllen = sizeof(control),
1140 .msg_name = &sa,
1141 .msg_namelen = sizeof(sa),
1142 };
f9a810be 1143
d025f1e4 1144 assert(s);
875c2e22 1145 assert(fd == s->native_fd || fd == s->syslog_fd || fd == s->audit_fd);
f9a810be
LP		 1146
1147 if (revents != EPOLLIN) {
1148 log_error("Got invalid event from epoll for datagram fd: %"PRIx32, revents);
1149 return -EIO;
1150 }
1151
a315ac4e
LP		 1152 /* Try to get the right size, if we can. (Not all
1153 * sockets support SIOCINQ, hence we just try, but
1154 * don't rely on it. */
1155 (void) ioctl(fd, SIOCINQ, &v);
d025f1e4 1156
a315ac4e
LP		 1157 /* Fix it up, if it is too small. We use the same fixed value as auditd here. Awful! */
1158 m = PAGE_ALIGN(MAX3((size_t) v + 1,
1159 (size_t) LINE_MAX,
1160 ALIGN(sizeof(struct nlmsghdr)) + ALIGN((size_t) MAX_AUDIT_MESSAGE_LENGTH)) + 1);
d025f1e4 1161
a315ac4e
LP		 1162 if (!GREEDY_REALLOC(s->buffer, s->buffer_size, m))
1163 return log_oom();
875c2e22 1164
a315ac4e
LP		 1165 iovec.iov_base = s->buffer;
1166 iovec.iov_len = s->buffer_size - 1; /* Leave room for trailing NUL we add later */
d025f1e4 1167
a315ac4e
LP		 1168 n = recvmsg(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
1169 if (n < 0) {
1170 if (errno == EINTR || errno == EAGAIN)
1171 return 0;
875c2e22 1172
a315ac4e
LP		 1173 return log_error_errno(errno, "recvmsg() failed: %m");
1174 }
875c2e22 1175
a315ac4e
LP		 1176 CMSG_FOREACH(cmsg, &msghdr) {
1177
1178 if (cmsg->cmsg_level == SOL_SOCKET &&
1179 cmsg->cmsg_type == SCM_CREDENTIALS &&
1180 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
1181 ucred = (struct ucred*) CMSG_DATA(cmsg);
1182 else if (cmsg->cmsg_level == SOL_SOCKET &&
1183 cmsg->cmsg_type == SCM_SECURITY) {
1184 label = (char*) CMSG_DATA(cmsg);
1185 label_len = cmsg->cmsg_len - CMSG_LEN(0);
1186 } else if (cmsg->cmsg_level == SOL_SOCKET &&
1187 cmsg->cmsg_type == SO_TIMESTAMP &&
1188 cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval)))
1189 tv = (struct timeval*) CMSG_DATA(cmsg);
1190 else if (cmsg->cmsg_level == SOL_SOCKET &&
1191 cmsg->cmsg_type == SCM_RIGHTS) {
1192 fds = (int*) CMSG_DATA(cmsg);
1193 n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
d025f1e4 1194 }
a315ac4e 1195 }
d025f1e4 1196
a315ac4e
LP		 1197 /* And a trailing NUL, just in case */
1198 s->buffer[n] = 0;
1199
1200 if (fd == s->syslog_fd) {
1201 if (n > 0 && n_fds == 0)
1202 server_process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len);
1203 else if (n_fds > 0)
1204 log_warning("Got file descriptors via syslog socket. Ignoring.");
1205
1206 } else if (fd == s->native_fd) {
1207 if (n > 0 && n_fds == 0)
1208 server_process_native_message(s, s->buffer, n, ucred, tv, label, label_len);
1209 else if (n == 0 && n_fds == 1)
1210 server_process_native_file(s, fds[0], ucred, tv, label, label_len);
1211 else if (n_fds > 0)
1212 log_warning("Got too many file descriptors via native socket. Ignoring.");
1213
1214 } else {
1215 assert(fd == s->audit_fd);
1216
1217 if (n > 0 && n_fds == 0)
1218 server_process_audit_message(s, s->buffer, n, ucred, &sa, msghdr.msg_namelen);
1219 else if (n_fds > 0)
1220 log_warning("Got file descriptors via audit socket. Ignoring.");
f9a810be 1221 }
a315ac4e
LP		 1222
1223 close_many(fds, n_fds);
1224 return 0;
f9a810be 1225}
d025f1e4 1226
f9a810be
LP		 1227static int dispatch_sigusr1(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1228 Server *s = userdata;
d025f1e4 1229
f9a810be 1230 assert(s);
d025f1e4 1231
f9a810be 1232 log_info("Received request to flush runtime journal from PID %"PRIu32, si->ssi_pid);
d025f1e4 1233
f9a810be
LP		 1234 server_flush_to_var(s);
1235 server_sync(s);
3bfd4e0c 1236 server_vacuum(s);
d025f1e4 1237
74055aa7
LP		 1238 touch("/run/systemd/journal/flushed");
1239
f9a810be
LP		 1240 return 0;
1241}
d025f1e4 1242
f9a810be
LP		 1243static int dispatch_sigusr2(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1244 Server *s = userdata;
d025f1e4 1245
f9a810be 1246 assert(s);
d025f1e4 1247
f9a810be
LP		 1248 log_info("Received request to rotate journal from PID %"PRIu32, si->ssi_pid);
1249 server_rotate(s);
1250 server_vacuum(s);
d025f1e4 1251
f9a810be
LP		 1252 return 0;
1253}
d025f1e4 1254
f9a810be
LP		 1255static int dispatch_sigterm(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1256 Server *s = userdata;
d025f1e4 1257
f9a810be 1258 assert(s);
d025f1e4 1259
4daf54a8 1260 log_received_signal(LOG_INFO, si);
d025f1e4 1261
6203e07a 1262 sd_event_exit(s->event, 0);
d025f1e4
ZJS		 1263 return 0;
1264}
1265
f9a810be 1266static int setup_signals(Server *s) {
f9a810be 1267 int r;
d025f1e4
ZJS		 1268
1269 assert(s);
1270
72c0a2c2 1271 assert(sigprocmask_many(SIG_SETMASK, NULL, SIGINT, SIGTERM, SIGUSR1, SIGUSR2, -1) >= 0);
d025f1e4 1272
151b9b96 1273 r = sd_event_add_signal(s->event, &s->sigusr1_event_source, SIGUSR1, dispatch_sigusr1, s);
f9a810be
LP		 1274 if (r < 0)
1275 return r;
1276
151b9b96 1277 r = sd_event_add_signal(s->event, &s->sigusr2_event_source, SIGUSR2, dispatch_sigusr2, s);
f9a810be
LP		 1278 if (r < 0)
1279 return r;
d025f1e4 1280
151b9b96 1281 r = sd_event_add_signal(s->event, &s->sigterm_event_source, SIGTERM, dispatch_sigterm, s);
f9a810be
LP		 1282 if (r < 0)
1283 return r;
d025f1e4 1284
151b9b96 1285 r = sd_event_add_signal(s->event, &s->sigint_event_source, SIGINT, dispatch_sigterm, s);
f9a810be
LP		 1286 if (r < 0)
1287 return r;
d025f1e4
ZJS		 1288
1289 return 0;
1290}
1291
1292static int server_parse_proc_cmdline(Server *s) {
7fd1b19b 1293 _cleanup_free_ char *line = NULL;
a2a5291b 1294 const char *w, *state;
d025f1e4 1295 size_t l;
74df0fca 1296 int r;
d025f1e4 1297
74df0fca 1298 r = proc_cmdline(&line);
b5884878 1299 if (r < 0) {
da927ba9 1300 log_warning_errno(r, "Failed to read /proc/cmdline, ignoring: %m");
d025f1e4 1301 return 0;
b5884878 1302 }
d025f1e4
ZJS		 1303
1304 FOREACH_WORD_QUOTED(w, l, line, state) {
7fd1b19b 1305 _cleanup_free_ char *word;
d025f1e4
ZJS		 1306
1307 word = strndup(w, l);
db91ea32
ZJS		 1308 if (!word)
1309 return -ENOMEM;
d025f1e4
ZJS		 1310
1311 if (startswith(word, "systemd.journald.forward_to_syslog=")) {
1312 r = parse_boolean(word + 35);
1313 if (r < 0)
1314 log_warning("Failed to parse forward to syslog switch %s. Ignoring.", word + 35);
1315 else
1316 s->forward_to_syslog = r;
1317 } else if (startswith(word, "systemd.journald.forward_to_kmsg=")) {
1318 r = parse_boolean(word + 33);
1319 if (r < 0)
1320 log_warning("Failed to parse forward to kmsg switch %s. Ignoring.", word + 33);
1321 else
1322 s->forward_to_kmsg = r;
1323 } else if (startswith(word, "systemd.journald.forward_to_console=")) {
1324 r = parse_boolean(word + 36);
1325 if (r < 0)
1326 log_warning("Failed to parse forward to console switch %s. Ignoring.", word + 36);
1327 else
1328 s->forward_to_console = r;
40b71e89
ST		 1329 } else if (startswith(word, "systemd.journald.forward_to_wall=")) {
1330 r = parse_boolean(word + 33);
1331 if (r < 0)
1332 log_warning("Failed to parse forward to wall switch %s. Ignoring.", word + 33);
1333 else
1334 s->forward_to_wall = r;
d025f1e4
ZJS		 1335 } else if (startswith(word, "systemd.journald"))
1336 log_warning("Invalid systemd.journald parameter. Ignoring.");
d025f1e4 1337 }
b2fadec6 1338 /* do not warn about state here, since probably systemd already did */
d025f1e4 1339
db91ea32 1340 return 0;
d025f1e4
ZJS		 1341}
1342
1343static int server_parse_config_file(Server *s) {
d025f1e4
ZJS		 1344 assert(s);
1345
a9edaeff
JT		 1346 return config_parse_many("/etc/systemd/journald.conf",
1347 CONF_DIRS_NULSTR("systemd/journald.conf"),
1348 "Journal\0",
1349 config_item_perf_lookup, journald_gperf_lookup,
1350 false, s);
d025f1e4
ZJS		 1351}
1352
f9a810be
LP		 1353static int server_dispatch_sync(sd_event_source *es, usec_t t, void *userdata) {
1354 Server *s = userdata;
26687bf8
OS		 1355
1356 assert(s);
1357
f9a810be 1358 server_sync(s);
26687bf8
OS		 1359 return 0;
1360}
1361
d07f7b9e 1362int server_schedule_sync(Server *s, int priority) {
26687bf8
OS		 1363 int r;
1364
26687bf8
OS		 1365 assert(s);
1366
d07f7b9e
LP		 1367 if (priority <= LOG_CRIT) {
1368 /* Immediately sync to disk when this is of priority CRIT, ALERT, EMERG */
1369 server_sync(s);
1370 return 0;
1371 }
1372
26687bf8
OS		 1373 if (s->sync_scheduled)
1374 return 0;
1375
f9a810be
LP		 1376 if (s->sync_interval_usec > 0) {
1377 usec_t when;
ca267016 1378
6a0f1f6d 1379 r = sd_event_now(s->event, CLOCK_MONOTONIC, &when);
f9a810be
LP		 1380 if (r < 0)
1381 return r;
26687bf8 1382
f9a810be
LP		 1383 when += s->sync_interval_usec;
1384
1385 if (!s->sync_event_source) {
6a0f1f6d
LP		 1386 r = sd_event_add_time(
1387 s->event,
1388 &s->sync_event_source,
1389 CLOCK_MONOTONIC,
1390 when, 0,
1391 server_dispatch_sync, s);
f9a810be
LP		 1392 if (r < 0)
1393 return r;
1394
1395 r = sd_event_source_set_priority(s->sync_event_source, SD_EVENT_PRIORITY_IMPORTANT);
1396 } else {
1397 r = sd_event_source_set_time(s->sync_event_source, when);
1398 if (r < 0)
1399 return r;
1400
1401 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_ONESHOT);
1402 }
26687bf8 1403 if (r < 0)
f9a810be 1404 return r;
26687bf8 1405
f9a810be
LP		 1406 s->sync_scheduled = true;
1407 }
26687bf8
OS		 1408
1409 return 0;
1410}
1411
0c24bb23
LP		 1412static int dispatch_hostname_change(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
1413 Server *s = userdata;
1414
1415 assert(s);
1416
1417 server_cache_hostname(s);
1418 return 0;
1419}
1420
1421static int server_open_hostname(Server *s) {
1422 int r;
1423
1424 assert(s);
1425
1426 s->hostname_fd = open("/proc/sys/kernel/hostname", O_RDONLY|O_CLOEXEC|O_NDELAY|O_NOCTTY);
4a62c710
MS		 1427 if (s->hostname_fd < 0)
1428 return log_error_errno(errno, "Failed to open /proc/sys/kernel/hostname: %m");
0c24bb23 1429
151b9b96 1430 r = sd_event_add_io(s->event, &s->hostname_event_source, s->hostname_fd, 0, dispatch_hostname_change, s);
0c24bb23 1431 if (r < 0) {
28def94c
DR		 1432 /* kernels prior to 3.2 don't support polling this file. Ignore
1433 * the failure. */
1434 if (r == -EPERM) {
1435 log_warning("Failed to register hostname fd in event loop: %s. Ignoring.",
1436 strerror(-r));
03e334a1 1437 s->hostname_fd = safe_close(s->hostname_fd);
28def94c
DR		 1438 return 0;
1439 }
1440
23bbb0de 1441 return log_error_errno(r, "Failed to register hostname fd in event loop: %m");
0c24bb23
LP		 1442 }
1443
1444 r = sd_event_source_set_priority(s->hostname_event_source, SD_EVENT_PRIORITY_IMPORTANT-10);
23bbb0de
MS		 1445 if (r < 0)
1446 return log_error_errno(r, "Failed to adjust priority of host name event source: %m");
0c24bb23
LP		 1447
1448 return 0;
1449}
1450
d025f1e4 1451int server_init(Server *s) {
13790add 1452 _cleanup_fdset_free_ FDSet *fds = NULL;
d025f1e4
ZJS		 1453 int n, r, fd;
1454
1455 assert(s);
1456
1457 zero(*s);
875c2e22 1458 s->syslog_fd = s->native_fd = s->stdout_fd = s->dev_kmsg_fd = s->audit_fd = s->hostname_fd = -1;
d025f1e4
ZJS		 1459 s->compress = true;
1460 s->seal = true;
1461
26687bf8
OS		 1462 s->sync_interval_usec = DEFAULT_SYNC_INTERVAL_USEC;
1463 s->sync_scheduled = false;
1464
d025f1e4
ZJS		 1465 s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL;
1466 s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST;
1467
40b71e89 1468 s->forward_to_wall = true;
d025f1e4 1469
e150e820
MB		 1470 s->max_file_usec = DEFAULT_MAX_FILE_USEC;
1471
d025f1e4
ZJS		 1472 s->max_level_store = LOG_DEBUG;
1473 s->max_level_syslog = LOG_DEBUG;
1474 s->max_level_kmsg = LOG_NOTICE;
1475 s->max_level_console = LOG_INFO;
40b71e89 1476 s->max_level_wall = LOG_EMERG;
d025f1e4
ZJS		 1477
1478 memset(&s->system_metrics, 0xFF, sizeof(s->system_metrics));
1479 memset(&s->runtime_metrics, 0xFF, sizeof(s->runtime_metrics));
1480
1481 server_parse_config_file(s);
1482 server_parse_proc_cmdline(s);
d288f79f 1483 if (!!s->rate_limit_interval ^ !!s->rate_limit_burst) {
b1389b0d
ZJS		 1484 log_debug("Setting both rate limit interval and burst from "USEC_FMT",%u to 0,0",
1485 s->rate_limit_interval, s->rate_limit_burst);
d288f79f
ZJS		 1486 s->rate_limit_interval = s->rate_limit_burst = 0;
1487 }
d025f1e4
ZJS		 1488
1489 mkdir_p("/run/systemd/journal", 0755);
1490
43cf8388 1491 s->user_journals = ordered_hashmap_new(NULL);
d025f1e4
ZJS		 1492 if (!s->user_journals)
1493 return log_oom();
1494
1495 s->mmap = mmap_cache_new();
1496 if (!s->mmap)
1497 return log_oom();
1498
f9a810be 1499 r = sd_event_default(&s->event);
23bbb0de
MS		 1500 if (r < 0)
1501 return log_error_errno(r, "Failed to create event loop: %m");
d025f1e4 1502
f9a810be
LP		 1503 sd_event_set_watchdog(s->event, true);
1504
d025f1e4 1505 n = sd_listen_fds(true);
23bbb0de
MS		 1506 if (n < 0)
1507 return log_error_errno(n, "Failed to read listening file descriptors from environment: %m");
d025f1e4
ZJS		 1508
1509 for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
1510
1511 if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/socket", 0) > 0) {
1512
1513 if (s->native_fd >= 0) {
1514 log_error("Too many native sockets passed.");
1515 return -EINVAL;
1516 }
1517
1518 s->native_fd = fd;
1519
1520 } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, "/run/systemd/journal/stdout", 0) > 0) {
1521
1522 if (s->stdout_fd >= 0) {
1523 log_error("Too many stdout sockets passed.");
1524 return -EINVAL;
1525 }
1526
1527 s->stdout_fd = fd;
1528
03ee5c38
LP		 1529 } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0 ||
1530 sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/dev-log", 0) > 0) {
d025f1e4
ZJS		 1531
1532 if (s->syslog_fd >= 0) {
1533 log_error("Too many /dev/log sockets passed.");
1534 return -EINVAL;
1535 }
1536
1537 s->syslog_fd = fd;
1538
875c2e22
LP		 1539 } else if (sd_is_socket(fd, AF_NETLINK, SOCK_RAW, -1) > 0) {
1540
1541 if (s->audit_fd >= 0) {
1542 log_error("Too many audit sockets passed.");
1543 return -EINVAL;
1544 }
1545
1546 s->audit_fd = fd;
1547
4ec3cd73 1548 } else {
4ec3cd73 1549
13790add
LP		 1550 if (!fds) {
1551 fds = fdset_new();
1552 if (!fds)
1553 return log_oom();
1554 }
4ec3cd73 1555
13790add
LP		 1556 r = fdset_put(fds, fd);
1557 if (r < 0)
1558 return log_oom();
4ec3cd73 1559 }
d025f1e4
ZJS		 1560 }
1561
13790add 1562 r = server_open_stdout_socket(s, fds);
d025f1e4
ZJS		 1563 if (r < 0)
1564 return r;
1565
13790add
LP		 1566 if (fdset_size(fds) > 0) {
1567 log_warning("%u unknown file descriptors passed, closing.", fdset_size(fds));
1568 fds = fdset_free(fds);
1569 }
1570
1571 r = server_open_syslog_socket(s);
d025f1e4
ZJS		 1572 if (r < 0)
1573 return r;
1574
13790add 1575 r = server_open_native_socket(s);
d025f1e4
ZJS		 1576 if (r < 0)
1577 return r;
1578
1579 r = server_open_dev_kmsg(s);
1580 if (r < 0)
1581 return r;
1582
875c2e22
LP		 1583 r = server_open_audit(s);
1584 if (r < 0)
1585 return r;
1586
d025f1e4
ZJS		 1587 r = server_open_kernel_seqnum(s);
1588 if (r < 0)
1589 return r;
1590
0c24bb23
LP		 1591 r = server_open_hostname(s);
1592 if (r < 0)
1593 return r;
1594
f9a810be 1595 r = setup_signals(s);
d025f1e4
ZJS		 1596 if (r < 0)
1597 return r;
1598
1599 s->udev = udev_new();
1600 if (!s->udev)
1601 return -ENOMEM;
1602
f9a810be 1603 s->rate_limit = journal_rate_limit_new(s->rate_limit_interval, s->rate_limit_burst);
d025f1e4
ZJS		 1604 if (!s->rate_limit)
1605 return -ENOMEM;
1606
e9174f29
LP		 1607 r = cg_get_root_path(&s->cgroup_root);
1608 if (r < 0)
1609 return r;
1610
0c24bb23
LP		 1611 server_cache_hostname(s);
1612 server_cache_boot_id(s);
1613 server_cache_machine_id(s);
1614
caa2f4c0 1615 r = system_journal_open(s, false);
d025f1e4
ZJS		 1616 if (r < 0)
1617 return r;
1618
1619 return 0;
1620}
1621
1622void server_maybe_append_tags(Server *s) {
1623#ifdef HAVE_GCRYPT
1624 JournalFile *f;
1625 Iterator i;
1626 usec_t n;
1627
1628 n = now(CLOCK_REALTIME);
1629
1630 if (s->system_journal)
1631 journal_file_maybe_append_tag(s->system_journal, n);
1632
43cf8388 1633 ORDERED_HASHMAP_FOREACH(f, s->user_journals, i)
d025f1e4
ZJS		 1634 journal_file_maybe_append_tag(f, n);
1635#endif
1636}
1637
1638void server_done(Server *s) {
1639 JournalFile *f;
1640 assert(s);
1641
1642 while (s->stdout_streams)
1643 stdout_stream_free(s->stdout_streams);
1644
1645 if (s->system_journal)
1646 journal_file_close(s->system_journal);
1647
1648 if (s->runtime_journal)
1649 journal_file_close(s->runtime_journal);
1650
43cf8388 1651 while ((f = ordered_hashmap_steal_first(s->user_journals)))
d025f1e4
ZJS		 1652 journal_file_close(f);
1653
43cf8388 1654 ordered_hashmap_free(s->user_journals);
d025f1e4 1655
f9a810be
LP		 1656 sd_event_source_unref(s->syslog_event_source);
1657 sd_event_source_unref(s->native_event_source);
1658 sd_event_source_unref(s->stdout_event_source);
1659 sd_event_source_unref(s->dev_kmsg_event_source);
875c2e22 1660 sd_event_source_unref(s->audit_event_source);
f9a810be
LP		 1661 sd_event_source_unref(s->sync_event_source);
1662 sd_event_source_unref(s->sigusr1_event_source);
1663 sd_event_source_unref(s->sigusr2_event_source);
1664 sd_event_source_unref(s->sigterm_event_source);
1665 sd_event_source_unref(s->sigint_event_source);
0c24bb23 1666 sd_event_source_unref(s->hostname_event_source);
f9a810be 1667 sd_event_unref(s->event);
d025f1e4 1668
03e334a1
LP		 1669 safe_close(s->syslog_fd);
1670 safe_close(s->native_fd);
1671 safe_close(s->stdout_fd);
1672 safe_close(s->dev_kmsg_fd);
875c2e22 1673 safe_close(s->audit_fd);
03e334a1 1674 safe_close(s->hostname_fd);
0c24bb23 1675
d025f1e4
ZJS		 1676 if (s->rate_limit)
1677 journal_rate_limit_free(s->rate_limit);
1678
1679 if (s->kernel_seqnum)
1680 munmap(s->kernel_seqnum, sizeof(uint64_t));
1681
1682 free(s->buffer);
1683 free(s->tty_path);
e9174f29 1684 free(s->cgroup_root);
99d0966e 1685 free(s->hostname_field);
d025f1e4
ZJS		 1686
1687 if (s->mmap)
1688 mmap_cache_unref(s->mmap);
1689
1690 if (s->udev)
1691 udev_unref(s->udev);
1692}
Unnamed repository; edit this file 'description' to name the repository.