]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/journal/journalctl.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tree-wide: make use of new relative time events in sd-event.h
[thirdparty/systemd.git] / src / journal / journalctl.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2
3 #include <errno.h>
4 #include <fcntl.h>
5 #include <fnmatch.h>
6 #include <getopt.h>
7 #include <linux/fs.h>
8 #include <poll.h>
9 #include <signal.h>
10 #include <stddef.h>
11 #include <stdio.h>
12 #include <stdlib.h>
13 #include <sys/inotify.h>
14 #include <sys/stat.h>
15 #include <unistd.h>
16
17 #if HAVE_PCRE2
18 # define PCRE2_CODE_UNIT_WIDTH 8
19 # include <pcre2.h>
20 #endif
21
22 #include "sd-bus.h"
23 #include "sd-device.h"
24 #include "sd-journal.h"
25
26 #include "acl-util.h"
27 #include "alloc-util.h"
28 #include "bus-error.h"
29 #include "bus-util.h"
30 #include "catalog.h"
31 #include "chattr-util.h"
32 #include "def.h"
33 #include "device-private.h"
34 #include "fd-util.h"
35 #include "fileio.h"
36 #include "format-util.h"
37 #include "fs-util.h"
38 #include "fsprg.h"
39 #include "glob-util.h"
40 #include "hostname-util.h"
41 #include "id128-print.h"
42 #include "io-util.h"
43 #include "journal-def.h"
44 #include "journal-internal.h"
45 #include "journal-qrcode.h"
46 #include "journal-util.h"
47 #include "journal-vacuum.h"
48 #include "journal-verify.h"
49 #include "locale-util.h"
50 #include "log.h"
51 #include "logs-show.h"
52 #include "memory-util.h"
53 #include "mkdir.h"
54 #include "mountpoint-util.h"
55 #include "nulstr-util.h"
56 #include "pager.h"
57 #include "parse-util.h"
58 #include "path-util.h"
59 #include "pretty-print.h"
60 #include "rlimit-util.h"
61 #include "set.h"
62 #include "sigbus.h"
63 #include "string-table.h"
64 #include "strv.h"
65 #include "stdio-util.h"
66 #include "syslog-util.h"
67 #include "terminal-util.h"
68 #include "tmpfile-util.h"
69 #include "unit-name.h"
70 #include "user-util.h"
71 #include "varlink.h"
72
73 #define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
74 #define PROCESS_INOTIFY_INTERVAL 1024 /* Every 1,024 messages processed */
75
76 enum {
77 /* Special values for arg_lines */
78 ARG_LINES_DEFAULT = -2,
79 ARG_LINES_ALL = -1,
80 };
81
82 static OutputMode arg_output = OUTPUT_SHORT;
83 static bool arg_utc = false;
84 static bool arg_follow = false;
85 static bool arg_full = true;
86 static bool arg_all = false;
87 static PagerFlags arg_pager_flags = 0;
88 static int arg_lines = ARG_LINES_DEFAULT;
89 static bool arg_no_tail = false;
90 static bool arg_quiet = false;
91 static bool arg_merge = false;
92 static bool arg_boot = false;
93 static sd_id128_t arg_boot_id = {};
94 static int arg_boot_offset = 0;
95 static bool arg_dmesg = false;
96 static bool arg_no_hostname = false;
97 static const char *arg_cursor = NULL;
98 static const char *arg_cursor_file = NULL;
99 static const char *arg_after_cursor = NULL;
100 static bool arg_show_cursor = false;
101 static const char *arg_directory = NULL;
102 static char **arg_file = NULL;
103 static bool arg_file_stdin = false;
104 static int arg_priorities = 0xFF;
105 static Set *arg_facilities = NULL;
106 static char *arg_verify_key = NULL;
107 #if HAVE_GCRYPT
108 static usec_t arg_interval = DEFAULT_FSS_INTERVAL_USEC;
109 static bool arg_force = false;
110 #endif
111 static usec_t arg_since, arg_until;
112 static bool arg_since_set = false, arg_until_set = false;
113 static char **arg_syslog_identifier = NULL;
114 static char **arg_system_units = NULL;
115 static char **arg_user_units = NULL;
116 static const char *arg_field = NULL;
117 static bool arg_catalog = false;
118 static bool arg_reverse = false;
119 static int arg_journal_type = 0;
120 static int arg_namespace_flags = 0;
121 static char *arg_root = NULL;
122 static const char *arg_machine = NULL;
123 static const char *arg_namespace = NULL;
124 static uint64_t arg_vacuum_size = 0;
125 static uint64_t arg_vacuum_n_files = 0;
126 static usec_t arg_vacuum_time = 0;
127 static char **arg_output_fields = NULL;
128 #if HAVE_PCRE2
129 static const char *arg_pattern = NULL;
130 static pcre2_code *arg_compiled_pattern = NULL;
131 static int arg_case_sensitive = -1; /* -1 means be smart */
132 #endif
133
134 static enum {
135 ACTION_SHOW,
136 ACTION_NEW_ID128,
137 ACTION_PRINT_HEADER,
138 ACTION_SETUP_KEYS,
139 ACTION_VERIFY,
140 ACTION_DISK_USAGE,
141 ACTION_LIST_CATALOG,
142 ACTION_DUMP_CATALOG,
143 ACTION_UPDATE_CATALOG,
144 ACTION_LIST_BOOTS,
145 ACTION_FLUSH,
146 ACTION_RELINQUISH_VAR,
147 ACTION_SYNC,
148 ACTION_ROTATE,
149 ACTION_VACUUM,
150 ACTION_ROTATE_AND_VACUUM,
151 ACTION_LIST_FIELDS,
152 ACTION_LIST_FIELD_NAMES,
153 } arg_action = ACTION_SHOW;
154
155 typedef struct BootId {
156 sd_id128_t id;
157 uint64_t first;
158 uint64_t last;
159 LIST_FIELDS(struct BootId, boot_list);
160 } BootId;
161
162 #if HAVE_PCRE2
163 DEFINE_TRIVIAL_CLEANUP_FUNC(pcre2_match_data*, pcre2_match_data_free);
164 DEFINE_TRIVIAL_CLEANUP_FUNC(pcre2_code*, pcre2_code_free);
165
166 static int pattern_compile(const char *pattern, unsigned flags, pcre2_code **out) {
167 int errorcode, r;
168 PCRE2_SIZE erroroffset;
169 pcre2_code *p;
170
171 p = pcre2_compile((PCRE2_SPTR8) pattern,
172 PCRE2_ZERO_TERMINATED, flags, &errorcode, &erroroffset, NULL);
173 if (!p) {
174 unsigned char buf[LINE_MAX];
175
176 r = pcre2_get_error_message(errorcode, buf, sizeof buf);
177
178 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
179 "Bad pattern \"%s\": %s", pattern,
180 r < 0 ? "unknown error" : (char *)buf);
181 }
182
183 *out = p;
184 return 0;
185 }
186
187 #endif
188
189 static int add_matches_for_device(sd_journal *j, const char *devpath) {
190 _cleanup_(sd_device_unrefp) sd_device *device = NULL;
191 sd_device *d = NULL;
192 struct stat st;
193 int r;
194
195 assert(j);
196 assert(devpath);
197
198 if (!path_startswith(devpath, "/dev/")) {
199 log_error("Devpath does not start with /dev/");
200 return -EINVAL;
201 }
202
203 if (stat(devpath, &st) < 0)
204 return log_error_errno(errno, "Couldn't stat file: %m");
205
206 r = device_new_from_stat_rdev(&device, &st);
207 if (r < 0)
208 return log_error_errno(r, "Failed to get device from devnum %u:%u: %m", major(st.st_rdev), minor(st.st_rdev));
209
210 for (d = device; d; ) {
211 _cleanup_free_ char *match = NULL;
212 const char *subsys, *sysname, *devnode;
213 sd_device *parent;
214
215 r = sd_device_get_subsystem(d, &subsys);
216 if (r < 0)
217 goto get_parent;
218
219 r = sd_device_get_sysname(d, &sysname);
220 if (r < 0)
221 goto get_parent;
222
223 match = strjoin("_KERNEL_DEVICE=+", subsys, ":", sysname);
224 if (!match)
225 return log_oom();
226
227 r = sd_journal_add_match(j, match, 0);
228 if (r < 0)
229 return log_error_errno(r, "Failed to add match: %m");
230
231 if (sd_device_get_devname(d, &devnode) >= 0) {
232 _cleanup_free_ char *match1 = NULL;
233
234 r = stat(devnode, &st);
235 if (r < 0)
236 return log_error_errno(r, "Failed to stat() device node \"%s\": %m", devnode);
237
238 r = asprintf(&match1, "_KERNEL_DEVICE=%c%u:%u", S_ISBLK(st.st_mode) ? 'b' : 'c', major(st.st_rdev), minor(st.st_rdev));
239 if (r < 0)
240 return log_oom();
241
242 r = sd_journal_add_match(j, match1, 0);
243 if (r < 0)
244 return log_error_errno(r, "Failed to add match: %m");
245 }
246
247 get_parent:
248 if (sd_device_get_parent(d, &parent) < 0)
249 break;
250
251 d = parent;
252 }
253
254 r = add_match_this_boot(j, arg_machine);
255 if (r < 0)
256 return log_error_errno(r, "Failed to add match for the current boot: %m");
257
258 return 0;
259 }
260
261 static char *format_timestamp_maybe_utc(char *buf, size_t l, usec_t t) {
262
263 if (arg_utc)
264 return format_timestamp_utc(buf, l, t);
265
266 return format_timestamp(buf, l, t);
267 }
268
269 static int parse_boot_descriptor(const char *x, sd_id128_t *boot_id, int *offset) {
270 sd_id128_t id = SD_ID128_NULL;
271 int off = 0, r;
272
273 if (streq(x, "all")) {
274 *boot_id = SD_ID128_NULL;
275 *offset = 0;
276 return 0;
277 } else if (strlen(x) >= 32) {
278 char *t;
279
280 t = strndupa(x, 32);
281 r = sd_id128_from_string(t, &id);
282 if (r >= 0)
283 x += 32;
284
285 if (!IN_SET(*x, 0, '-', '+'))
286 return -EINVAL;
287
288 if (*x != 0) {
289 r = safe_atoi(x, &off);
290 if (r < 0)
291 return r;
292 }
293 } else {
294 r = safe_atoi(x, &off);
295 if (r < 0)
296 return r;
297 }
298
299 if (boot_id)
300 *boot_id = id;
301
302 if (offset)
303 *offset = off;
304
305 return 1;
306 }
307
308 static int help_facilities(void) {
309 if (!arg_quiet)
310 puts("Available facilities:");
311
312 for (int i = 0; i < LOG_NFACILITIES; i++) {
313 _cleanup_free_ char *t = NULL;
314
315 if (log_facility_unshifted_to_string_alloc(i, &t))
316 return log_oom();
317 puts(t);
318 }
319
320 return 0;
321 }
322
323 static int help(void) {
324 _cleanup_free_ char *link = NULL;
325 int r;
326
327 (void) pager_open(arg_pager_flags);
328
329 r = terminal_urlify_man("journalctl", "1", &link);
330 if (r < 0)
331 return log_oom();
332
333 printf("%1$s [OPTIONS...] [MATCHES...]\n\n"
334 "%5$sQuery the journal.%6$s\n\n"
335 "%3$sOptions:%4$s\n"
336 " --system Show the system journal\n"
337 " --user Show the user journal for the current user\n"
338 " -M --machine=CONTAINER Operate on local container\n"
339 " -S --since=DATE Show entries not older than the specified date\n"
340 " -U --until=DATE Show entries not newer than the specified date\n"
341 " -c --cursor=CURSOR Show entries starting at the specified cursor\n"
342 " --after-cursor=CURSOR Show entries after the specified cursor\n"
343 " --show-cursor Print the cursor after all the entries\n"
344 " --cursor-file=FILE Show entries after cursor in FILE and update FILE\n"
345 " -b --boot[=ID] Show current boot or the specified boot\n"
346 " --list-boots Show terse information about recorded boots\n"
347 " -k --dmesg Show kernel message log from the current boot\n"
348 " -u --unit=UNIT Show logs from the specified unit\n"
349 " --user-unit=UNIT Show logs from the specified user unit\n"
350 " -t --identifier=STRING Show entries with the specified syslog identifier\n"
351 " -p --priority=RANGE Show entries with the specified priority\n"
352 " --facility=FACILITY... Show entries with the specified facilities\n"
353 " -g --grep=PATTERN Show entries with MESSAGE matching PATTERN\n"
354 " --case-sensitive[=BOOL] Force case sensitive or insensitive matching\n"
355 " -e --pager-end Immediately jump to the end in the pager\n"
356 " -f --follow Follow the journal\n"
357 " -n --lines[=INTEGER] Number of journal entries to show\n"
358 " --no-tail Show all lines, even in follow mode\n"
359 " -r --reverse Show the newest entries first\n"
360 " -o --output=STRING Change journal output mode (short, short-precise,\n"
361 " short-iso, short-iso-precise, short-full,\n"
362 " short-monotonic, short-unix, verbose, export,\n"
363 " json, json-pretty, json-sse, json-seq, cat,\n"
364 " with-unit)\n"
365 " --output-fields=LIST Select fields to print in verbose/export/json modes\n"
366 " --utc Express time in Coordinated Universal Time (UTC)\n"
367 " -x --catalog Add message explanations where available\n"
368 " --no-full Ellipsize fields\n"
369 " -a --all Show all fields, including long and unprintable\n"
370 " -q --quiet Do not show info messages and privilege warning\n"
371 " --no-pager Do not pipe output into a pager\n"
372 " --no-hostname Suppress output of hostname field\n"
373 " -m --merge Show entries from all available journals\n"
374 " -D --directory=PATH Show journal files from directory\n"
375 " --file=PATH Show journal file\n"
376 " --root=ROOT Operate on files below a root directory\n"
377 " --namespace=NAMESPACE Show journal data from specified namespace\n"
378 " --interval=TIME Time interval for changing the FSS sealing key\n"
379 " --verify-key=KEY Specify FSS verification key\n"
380 " --force Override of the FSS key pair with --setup-keys\n"
381 "\n%3$sCommands:%4$s\n"
382 " -h --help Show this help text\n"
383 " --version Show package version\n"
384 " -N --fields List all field names currently used\n"
385 " -F --field=FIELD List all values that a specified field takes\n"
386 " --disk-usage Show total disk usage of all journal files\n"
387 " --vacuum-size=BYTES Reduce disk usage below specified size\n"
388 " --vacuum-files=INT Leave only the specified number of journal files\n"
389 " --vacuum-time=TIME Remove journal files older than specified time\n"
390 " --verify Verify journal file consistency\n"
391 " --sync Synchronize unwritten journal messages to disk\n"
392 " --relinquish-var Stop logging to disk, log to temporary file system\n"
393 " --smart-relinquish-var Similar, but NOP if log directory is on root mount\n"
394 " --flush Flush all journal data from /run into /var\n"
395 " --rotate Request immediate rotation of the journal files\n"
396 " --header Show journal header information\n"
397 " --list-catalog Show all message IDs in the catalog\n"
398 " --dump-catalog Show entries in the message catalog\n"
399 " --update-catalog Update the message catalog database\n"
400 " --setup-keys Generate a new FSS key pair\n"
401 "\nSee the %2$s for details.\n"
402 , program_invocation_short_name
403 , link
404 , ansi_underline(), ansi_normal()
405 , ansi_highlight(), ansi_normal()
406 );
407
408 return 0;
409 }
410
411 static int parse_argv(int argc, char *argv[]) {
412
413 enum {
414 ARG_VERSION = 0x100,
415 ARG_NO_PAGER,
416 ARG_NO_FULL,
417 ARG_NO_TAIL,
418 ARG_NEW_ID128,
419 ARG_THIS_BOOT,
420 ARG_LIST_BOOTS,
421 ARG_USER,
422 ARG_SYSTEM,
423 ARG_ROOT,
424 ARG_HEADER,
425 ARG_FACILITY,
426 ARG_SETUP_KEYS,
427 ARG_FILE,
428 ARG_INTERVAL,
429 ARG_VERIFY,
430 ARG_VERIFY_KEY,
431 ARG_DISK_USAGE,
432 ARG_AFTER_CURSOR,
433 ARG_CURSOR_FILE,
434 ARG_SHOW_CURSOR,
435 ARG_USER_UNIT,
436 ARG_LIST_CATALOG,
437 ARG_DUMP_CATALOG,
438 ARG_UPDATE_CATALOG,
439 ARG_FORCE,
440 ARG_CASE_SENSITIVE,
441 ARG_UTC,
442 ARG_SYNC,
443 ARG_FLUSH,
444 ARG_RELINQUISH_VAR,
445 ARG_SMART_RELINQUISH_VAR,
446 ARG_ROTATE,
447 ARG_VACUUM_SIZE,
448 ARG_VACUUM_FILES,
449 ARG_VACUUM_TIME,
450 ARG_NO_HOSTNAME,
451 ARG_OUTPUT_FIELDS,
452 ARG_NAMESPACE,
453 };
454
455 static const struct option options[] = {
456 { "help", no_argument, NULL, 'h' },
457 { "version" , no_argument, NULL, ARG_VERSION },
458 { "no-pager", no_argument, NULL, ARG_NO_PAGER },
459 { "pager-end", no_argument, NULL, 'e' },
460 { "follow", no_argument, NULL, 'f' },
461 { "force", no_argument, NULL, ARG_FORCE },
462 { "output", required_argument, NULL, 'o' },
463 { "all", no_argument, NULL, 'a' },
464 { "full", no_argument, NULL, 'l' },
465 { "no-full", no_argument, NULL, ARG_NO_FULL },
466 { "lines", optional_argument, NULL, 'n' },
467 { "no-tail", no_argument, NULL, ARG_NO_TAIL },
468 { "new-id128", no_argument, NULL, ARG_NEW_ID128 }, /* deprecated */
469 { "quiet", no_argument, NULL, 'q' },
470 { "merge", no_argument, NULL, 'm' },
471 { "this-boot", no_argument, NULL, ARG_THIS_BOOT }, /* deprecated */
472 { "boot", optional_argument, NULL, 'b' },
473 { "list-boots", no_argument, NULL, ARG_LIST_BOOTS },
474 { "dmesg", no_argument, NULL, 'k' },
475 { "system", no_argument, NULL, ARG_SYSTEM },
476 { "user", no_argument, NULL, ARG_USER },
477 { "directory", required_argument, NULL, 'D' },
478 { "file", required_argument, NULL, ARG_FILE },
479 { "root", required_argument, NULL, ARG_ROOT },
480 { "header", no_argument, NULL, ARG_HEADER },
481 { "identifier", required_argument, NULL, 't' },
482 { "priority", required_argument, NULL, 'p' },
483 { "facility", required_argument, NULL, ARG_FACILITY },
484 { "grep", required_argument, NULL, 'g' },
485 { "case-sensitive", optional_argument, NULL, ARG_CASE_SENSITIVE },
486 { "setup-keys", no_argument, NULL, ARG_SETUP_KEYS },
487 { "interval", required_argument, NULL, ARG_INTERVAL },
488 { "verify", no_argument, NULL, ARG_VERIFY },
489 { "verify-key", required_argument, NULL, ARG_VERIFY_KEY },
490 { "disk-usage", no_argument, NULL, ARG_DISK_USAGE },
491 { "cursor", required_argument, NULL, 'c' },
492 { "cursor-file", required_argument, NULL, ARG_CURSOR_FILE },
493 { "after-cursor", required_argument, NULL, ARG_AFTER_CURSOR },
494 { "show-cursor", no_argument, NULL, ARG_SHOW_CURSOR },
495 { "since", required_argument, NULL, 'S' },
496 { "until", required_argument, NULL, 'U' },
497 { "unit", required_argument, NULL, 'u' },
498 { "user-unit", required_argument, NULL, ARG_USER_UNIT },
499 { "field", required_argument, NULL, 'F' },
500 { "fields", no_argument, NULL, 'N' },
501 { "catalog", no_argument, NULL, 'x' },
502 { "list-catalog", no_argument, NULL, ARG_LIST_CATALOG },
503 { "dump-catalog", no_argument, NULL, ARG_DUMP_CATALOG },
504 { "update-catalog", no_argument, NULL, ARG_UPDATE_CATALOG },
505 { "reverse", no_argument, NULL, 'r' },
506 { "machine", required_argument, NULL, 'M' },
507 { "utc", no_argument, NULL, ARG_UTC },
508 { "flush", no_argument, NULL, ARG_FLUSH },
509 { "relinquish-var", no_argument, NULL, ARG_RELINQUISH_VAR },
510 { "smart-relinquish-var", no_argument, NULL, ARG_SMART_RELINQUISH_VAR },
511 { "sync", no_argument, NULL, ARG_SYNC },
512 { "rotate", no_argument, NULL, ARG_ROTATE },
513 { "vacuum-size", required_argument, NULL, ARG_VACUUM_SIZE },
514 { "vacuum-files", required_argument, NULL, ARG_VACUUM_FILES },
515 { "vacuum-time", required_argument, NULL, ARG_VACUUM_TIME },
516 { "no-hostname", no_argument, NULL, ARG_NO_HOSTNAME },
517 { "output-fields", required_argument, NULL, ARG_OUTPUT_FIELDS },
518 { "namespace", required_argument, NULL, ARG_NAMESPACE },
519 {}
520 };
521
522 int c, r;
523
524 assert(argc >= 0);
525 assert(argv);
526
527 while ((c = getopt_long(argc, argv, "hefo:aln::qmb::kD:p:g:c:S:U:t:u:NF:xrM:", options, NULL)) >= 0)
528
529 switch (c) {
530
531 case 'h':
532 return help();
533
534 case ARG_VERSION:
535 return version();
536
537 case ARG_NO_PAGER:
538 arg_pager_flags |= PAGER_DISABLE;
539 break;
540
541 case 'e':
542 arg_pager_flags |= PAGER_JUMP_TO_END;
543
544 if (arg_lines == ARG_LINES_DEFAULT)
545 arg_lines = 1000;
546
547 break;
548
549 case 'f':
550 arg_follow = true;
551 break;
552
553 case 'o':
554 if (streq(optarg, "help")) {
555 DUMP_STRING_TABLE(output_mode, OutputMode, _OUTPUT_MODE_MAX);
556 return 0;
557 }
558
559 arg_output = output_mode_from_string(optarg);
560 if (arg_output < 0)
561 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Unknown output format '%s'.", optarg);
562
563 if (IN_SET(arg_output, OUTPUT_EXPORT, OUTPUT_JSON, OUTPUT_JSON_PRETTY, OUTPUT_JSON_SSE, OUTPUT_JSON_SEQ, OUTPUT_CAT))
564 arg_quiet = true;
565
566 break;
567
568 case 'l':
569 arg_full = true;
570 break;
571
572 case ARG_NO_FULL:
573 arg_full = false;
574 break;
575
576 case 'a':
577 arg_all = true;
578 break;
579
580 case 'n':
581 if (optarg) {
582 if (streq(optarg, "all"))
583 arg_lines = ARG_LINES_ALL;
584 else {
585 r = safe_atoi(optarg, &arg_lines);
586 if (r < 0 || arg_lines < 0)
587 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to parse lines '%s'", optarg);
588 }
589 } else {
590 arg_lines = 10;
591
592 /* Hmm, no argument? Maybe the next
593 * word on the command line is
594 * supposed to be the argument? Let's
595 * see if there is one, and is
596 * parsable. */
597 if (optind < argc) {
598 int n;
599 if (streq(argv[optind], "all")) {
600 arg_lines = ARG_LINES_ALL;
601 optind++;
602 } else if (safe_atoi(argv[optind], &n) >= 0 && n >= 0) {
603 arg_lines = n;
604 optind++;
605 }
606 }
607 }
608
609 break;
610
611 case ARG_NO_TAIL:
612 arg_no_tail = true;
613 break;
614
615 case ARG_NEW_ID128:
616 arg_action = ACTION_NEW_ID128;
617 break;
618
619 case 'q':
620 arg_quiet = true;
621 break;
622
623 case 'm':
624 arg_merge = true;
625 break;
626
627 case ARG_THIS_BOOT:
628 arg_boot = true;
629 arg_boot_id = SD_ID128_NULL;
630 arg_boot_offset = 0;
631 break;
632
633 case 'b':
634 arg_boot = true;
635 arg_boot_id = SD_ID128_NULL;
636 arg_boot_offset = 0;
637
638 if (optarg) {
639 r = parse_boot_descriptor(optarg, &arg_boot_id, &arg_boot_offset);
640 if (r < 0)
641 return log_error_errno(r, "Failed to parse boot descriptor '%s'", optarg);
642
643 arg_boot = r;
644
645 /* Hmm, no argument? Maybe the next
646 * word on the command line is
647 * supposed to be the argument? Let's
648 * see if there is one and is parsable
649 * as a boot descriptor... */
650 } else if (optind < argc) {
651 r = parse_boot_descriptor(argv[optind], &arg_boot_id, &arg_boot_offset);
652 if (r >= 0) {
653 arg_boot = r;
654 optind++;
655 }
656 }
657 break;
658
659 case ARG_LIST_BOOTS:
660 arg_action = ACTION_LIST_BOOTS;
661 break;
662
663 case 'k':
664 arg_boot = arg_dmesg = true;
665 break;
666
667 case ARG_SYSTEM:
668 arg_journal_type |= SD_JOURNAL_SYSTEM;
669 break;
670
671 case ARG_USER:
672 arg_journal_type |= SD_JOURNAL_CURRENT_USER;
673 break;
674
675 case 'M':
676 arg_machine = optarg;
677 break;
678
679 case ARG_NAMESPACE:
680 if (streq(optarg, "*")) {
681 arg_namespace_flags = SD_JOURNAL_ALL_NAMESPACES;
682 arg_namespace = NULL;
683 } else if (startswith(optarg, "+")) {
684 arg_namespace_flags = SD_JOURNAL_INCLUDE_DEFAULT_NAMESPACE;
685 arg_namespace = optarg + 1;
686 } else if (isempty(optarg)) {
687 arg_namespace_flags = 0;
688 arg_namespace = NULL;
689 } else {
690 arg_namespace_flags = 0;
691 arg_namespace = optarg;
692 }
693
694 break;
695
696 case 'D':
697 arg_directory = optarg;
698 break;
699
700 case ARG_FILE:
701 if (streq(optarg, "-"))
702 /* An undocumented feature: we can read journal files from STDIN. We don't document
703 * this though, since after all we only support this for mmap-able, seekable files, and
704 * not for example pipes which are probably the primary usecase for reading things from
705 * STDIN. To avoid confusion we hence don't document this feature. */
706 arg_file_stdin = true;
707 else {
708 r = glob_extend(&arg_file, optarg, GLOB_NOCHECK);
709 if (r < 0)
710 return log_error_errno(r, "Failed to add paths: %m");
711 }
712 break;
713
714 case ARG_ROOT:
715 r = parse_path_argument_and_warn(optarg, true, &arg_root);
716 if (r < 0)
717 return r;
718 break;
719
720 case 'c':
721 arg_cursor = optarg;
722 break;
723
724 case ARG_CURSOR_FILE:
725 arg_cursor_file = optarg;
726 break;
727
728 case ARG_AFTER_CURSOR:
729 arg_after_cursor = optarg;
730 break;
731
732 case ARG_SHOW_CURSOR:
733 arg_show_cursor = true;
734 break;
735
736 case ARG_HEADER:
737 arg_action = ACTION_PRINT_HEADER;
738 break;
739
740 case ARG_VERIFY:
741 arg_action = ACTION_VERIFY;
742 break;
743
744 case ARG_DISK_USAGE:
745 arg_action = ACTION_DISK_USAGE;
746 break;
747
748 case ARG_VACUUM_SIZE:
749 r = parse_size(optarg, 1024, &arg_vacuum_size);
750 if (r < 0)
751 return log_error_errno(r, "Failed to parse vacuum size: %s", optarg);
752
753 arg_action = arg_action == ACTION_ROTATE ? ACTION_ROTATE_AND_VACUUM : ACTION_VACUUM;
754 break;
755
756 case ARG_VACUUM_FILES:
757 r = safe_atou64(optarg, &arg_vacuum_n_files);
758 if (r < 0)
759 return log_error_errno(r, "Failed to parse vacuum files: %s", optarg);
760
761 arg_action = arg_action == ACTION_ROTATE ? ACTION_ROTATE_AND_VACUUM : ACTION_VACUUM;
762 break;
763
764 case ARG_VACUUM_TIME:
765 r = parse_sec(optarg, &arg_vacuum_time);
766 if (r < 0)
767 return log_error_errno(r, "Failed to parse vacuum time: %s", optarg);
768
769 arg_action = arg_action == ACTION_ROTATE ? ACTION_ROTATE_AND_VACUUM : ACTION_VACUUM;
770 break;
771
772 #if HAVE_GCRYPT
773 case ARG_FORCE:
774 arg_force = true;
775 break;
776
777 case ARG_SETUP_KEYS:
778 arg_action = ACTION_SETUP_KEYS;
779 break;
780
781 case ARG_VERIFY_KEY:
782 r = free_and_strdup(&arg_verify_key, optarg);
783 if (r < 0)
784 return r;
785 /* Use memset not explicit_bzero() or similar so this doesn't look confusing
786 * in ps or htop output. */
787 memset(optarg, 'x', strlen(optarg));
788
789 arg_action = ACTION_VERIFY;
790 arg_merge = false;
791 break;
792
793 case ARG_INTERVAL:
794 r = parse_sec(optarg, &arg_interval);
795 if (r < 0 || arg_interval <= 0)
796 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
797 "Failed to parse sealing key change interval: %s", optarg);
798 break;
799 #else
800 case ARG_SETUP_KEYS:
801 case ARG_VERIFY_KEY:
802 case ARG_INTERVAL:
803 case ARG_FORCE:
804 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
805 "Compiled without forward-secure sealing support.");
806 #endif
807
808 case 'p': {
809 const char *dots;
810
811 dots = strstr(optarg, "..");
812 if (dots) {
813 _cleanup_free_ char *a = NULL;
814 int from, to, i;
815
816 /* a range */
817 a = strndup(optarg, dots - optarg);
818 if (!a)
819 return log_oom();
820
821 from = log_level_from_string(a);
822 to = log_level_from_string(dots + 2);
823
824 if (from < 0 || to < 0)
825 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
826 "Failed to parse log level range %s", optarg);
827
828 arg_priorities = 0;
829
830 if (from < to) {
831 for (i = from; i <= to; i++)
832 arg_priorities |= 1 << i;
833 } else {
834 for (i = to; i <= from; i++)
835 arg_priorities |= 1 << i;
836 }
837
838 } else {
839 int p, i;
840
841 p = log_level_from_string(optarg);
842 if (p < 0)
843 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
844 "Unknown log level %s", optarg);
845
846 arg_priorities = 0;
847
848 for (i = 0; i <= p; i++)
849 arg_priorities |= 1 << i;
850 }
851
852 break;
853 }
854
855 case ARG_FACILITY: {
856 const char *p;
857
858 for (p = optarg;;) {
859 _cleanup_free_ char *fac = NULL;
860 int num;
861
862 r = extract_first_word(&p, &fac, ",", 0);
863 if (r < 0)
864 return log_error_errno(r, "Failed to parse facilities: %s", optarg);
865 if (r == 0)
866 break;
867
868 if (streq(fac, "help")) {
869 help_facilities();
870 return 0;
871 }
872
873 num = log_facility_unshifted_from_string(fac);
874 if (num < 0)
875 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
876 "Bad --facility= argument \"%s\".", fac);
877
878 if (set_ensure_put(&arg_facilities, NULL, INT_TO_PTR(num)) < 0)
879 return log_oom();
880 }
881
882 break;
883 }
884
885 #if HAVE_PCRE2
886 case 'g':
887 arg_pattern = optarg;
888 break;
889
890 case ARG_CASE_SENSITIVE:
891 if (optarg) {
892 r = parse_boolean(optarg);
893 if (r < 0)
894 return log_error_errno(r, "Bad --case-sensitive= argument \"%s\": %m", optarg);
895 arg_case_sensitive = r;
896 } else
897 arg_case_sensitive = true;
898
899 break;
900 #else
901 case 'g':
902 case ARG_CASE_SENSITIVE:
903 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Compiled without pattern matching support");
904 #endif
905
906 case 'S':
907 r = parse_timestamp(optarg, &arg_since);
908 if (r < 0)
909 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
910 "Failed to parse timestamp: %s", optarg);
911 arg_since_set = true;
912 break;
913
914 case 'U':
915 r = parse_timestamp(optarg, &arg_until);
916 if (r < 0)
917 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
918 "Failed to parse timestamp: %s", optarg);
919 arg_until_set = true;
920 break;
921
922 case 't':
923 r = strv_extend(&arg_syslog_identifier, optarg);
924 if (r < 0)
925 return log_oom();
926 break;
927
928 case 'u':
929 r = strv_extend(&arg_system_units, optarg);
930 if (r < 0)
931 return log_oom();
932 break;
933
934 case ARG_USER_UNIT:
935 r = strv_extend(&arg_user_units, optarg);
936 if (r < 0)
937 return log_oom();
938 break;
939
940 case 'F':
941 arg_action = ACTION_LIST_FIELDS;
942 arg_field = optarg;
943 break;
944
945 case 'N':
946 arg_action = ACTION_LIST_FIELD_NAMES;
947 break;
948
949 case ARG_NO_HOSTNAME:
950 arg_no_hostname = true;
951 break;
952
953 case 'x':
954 arg_catalog = true;
955 break;
956
957 case ARG_LIST_CATALOG:
958 arg_action = ACTION_LIST_CATALOG;
959 break;
960
961 case ARG_DUMP_CATALOG:
962 arg_action = ACTION_DUMP_CATALOG;
963 break;
964
965 case ARG_UPDATE_CATALOG:
966 arg_action = ACTION_UPDATE_CATALOG;
967 break;
968
969 case 'r':
970 arg_reverse = true;
971 break;
972
973 case ARG_UTC:
974 arg_utc = true;
975 break;
976
977 case ARG_FLUSH:
978 arg_action = ACTION_FLUSH;
979 break;
980
981 case ARG_SMART_RELINQUISH_VAR: {
982 int root_mnt_id, log_mnt_id;
983
984 /* Try to be smart about relinquishing access to /var/log/journal/ during shutdown:
985 * if it's on the same mount as the root file system there's no point in
986 * relinquishing access and we can leave journald write to it until the very last
987 * moment. */
988
989 r = path_get_mnt_id("/", &root_mnt_id);
990 if (r < 0)
991 log_debug_errno(r, "Failed to get root mount ID, ignoring: %m");
992 else {
993 r = path_get_mnt_id("/var/log/journal/", &log_mnt_id);
994 if (r < 0)
995 log_debug_errno(r, "Failed to get journal directory mount ID, ignoring: %m");
996 else if (root_mnt_id == log_mnt_id) {
997 log_debug("/var/log/journal/ is on root file system, not relinquishing access to /var.");
998 return 0;
999 } else
1000 log_debug("/var/log/journal/ is not on the root file system, relinquishing access to it.");
1001 }
1002
1003 _fallthrough_;
1004 }
1005
1006 case ARG_RELINQUISH_VAR:
1007 arg_action = ACTION_RELINQUISH_VAR;
1008 break;
1009
1010 case ARG_ROTATE:
1011 arg_action = arg_action == ACTION_VACUUM ? ACTION_ROTATE_AND_VACUUM : ACTION_ROTATE;
1012 break;
1013
1014 case ARG_SYNC:
1015 arg_action = ACTION_SYNC;
1016 break;
1017
1018 case ARG_OUTPUT_FIELDS: {
1019 _cleanup_strv_free_ char **v = NULL;
1020
1021 v = strv_split(optarg, ",");
1022 if (!v)
1023 return log_oom();
1024
1025 if (!arg_output_fields)
1026 arg_output_fields = TAKE_PTR(v);
1027 else {
1028 r = strv_extend_strv(&arg_output_fields, v, true);
1029 if (r < 0)
1030 return log_oom();
1031 }
1032 break;
1033 }
1034
1035 case '?':
1036 return -EINVAL;
1037
1038 default:
1039 assert_not_reached("Unhandled option");
1040 }
1041
1042 if (arg_follow && !arg_no_tail && !arg_since && arg_lines == ARG_LINES_DEFAULT)
1043 arg_lines = 10;
1044
1045 if (!!arg_directory + !!arg_file + !!arg_machine + !!arg_root > 1) {
1046 log_error("Please specify at most one of -D/--directory=, --file=, -M/--machine=, --root.");
1047 return -EINVAL;
1048 }
1049
1050 if (arg_since_set && arg_until_set && arg_since > arg_until) {
1051 log_error("--since= must be before --until=.");
1052 return -EINVAL;
1053 }
1054
1055 if (!!arg_cursor + !!arg_after_cursor + !!arg_since_set > 1) {
1056 log_error("Please specify only one of --since=, --cursor=, and --after-cursor.");
1057 return -EINVAL;
1058 }
1059
1060 if (arg_follow && arg_reverse) {
1061 log_error("Please specify either --reverse= or --follow=, not both.");
1062 return -EINVAL;
1063 }
1064
1065 if (!IN_SET(arg_action, ACTION_SHOW, ACTION_DUMP_CATALOG, ACTION_LIST_CATALOG) && optind < argc) {
1066 log_error("Extraneous arguments starting with '%s'", argv[optind]);
1067 return -EINVAL;
1068 }
1069
1070 if ((arg_boot || arg_action == ACTION_LIST_BOOTS) && arg_merge) {
1071 log_error("Using --boot or --list-boots with --merge is not supported.");
1072 return -EINVAL;
1073 }
1074
1075 if (!strv_isempty(arg_system_units) && arg_journal_type == SD_JOURNAL_CURRENT_USER) {
1076 /* Specifying --user and --unit= at the same time makes no sense (as the former excludes the user
1077 * journal, but the latter excludes the system journal, thus resulting in empty output). Let's be nice
1078 * to users, and automatically turn --unit= into --user-unit= if combined with --user. */
1079 r = strv_extend_strv(&arg_user_units, arg_system_units, true);
1080 if (r < 0)
1081 return r;
1082
1083 arg_system_units = strv_free(arg_system_units);
1084 }
1085
1086 #if HAVE_PCRE2
1087 if (arg_pattern) {
1088 unsigned flags;
1089
1090 if (arg_case_sensitive >= 0)
1091 flags = !arg_case_sensitive * PCRE2_CASELESS;
1092 else {
1093 _cleanup_(pcre2_match_data_freep) pcre2_match_data *md = NULL;
1094 bool has_case;
1095 _cleanup_(pcre2_code_freep) pcre2_code *cs = NULL;
1096
1097 md = pcre2_match_data_create(1, NULL);
1098 if (!md)
1099 return log_oom();
1100
1101 r = pattern_compile("[[:upper:]]", 0, &cs);
1102 if (r < 0)
1103 return r;
1104
1105 r = pcre2_match(cs, (PCRE2_SPTR8) arg_pattern, PCRE2_ZERO_TERMINATED, 0, 0, md, NULL);
1106 has_case = r >= 0;
1107
1108 flags = !has_case * PCRE2_CASELESS;
1109 }
1110
1111 log_debug("Doing case %s matching based on %s",
1112 flags & PCRE2_CASELESS ? "insensitive" : "sensitive",
1113 arg_case_sensitive >= 0 ? "request" : "pattern casing");
1114
1115 r = pattern_compile(arg_pattern, flags, &arg_compiled_pattern);
1116 if (r < 0)
1117 return r;
1118 }
1119 #endif
1120
1121 return 1;
1122 }
1123
1124 static int add_matches(sd_journal *j, char **args) {
1125 char **i;
1126 bool have_term = false;
1127
1128 assert(j);
1129
1130 STRV_FOREACH(i, args) {
1131 int r;
1132
1133 if (streq(*i, "+")) {
1134 if (!have_term)
1135 break;
1136 r = sd_journal_add_disjunction(j);
1137 have_term = false;
1138
1139 } else if (path_is_absolute(*i)) {
1140 _cleanup_free_ char *p = NULL, *t = NULL, *t2 = NULL, *interpreter = NULL;
1141 struct stat st;
1142
1143 r = chase_symlinks(*i, NULL, CHASE_TRAIL_SLASH, &p, NULL);
1144 if (r < 0)
1145 return log_error_errno(r, "Couldn't canonicalize path: %m");
1146
1147 if (lstat(p, &st) < 0)
1148 return log_error_errno(errno, "Couldn't stat file: %m");
1149
1150 if (S_ISREG(st.st_mode) && (0111 & st.st_mode)) {
1151 if (executable_is_script(p, &interpreter) > 0) {
1152 _cleanup_free_ char *comm;
1153
1154 comm = strndup(basename(p), 15);
1155 if (!comm)
1156 return log_oom();
1157
1158 t = strjoin("_COMM=", comm);
1159 if (!t)
1160 return log_oom();
1161
1162 /* Append _EXE only if the interpreter is not a link.
1163 Otherwise, it might be outdated often. */
1164 if (lstat(interpreter, &st) == 0 && !S_ISLNK(st.st_mode)) {
1165 t2 = strjoin("_EXE=", interpreter);
1166 if (!t2)
1167 return log_oom();
1168 }
1169 } else {
1170 t = strjoin("_EXE=", p);
1171 if (!t)
1172 return log_oom();
1173 }
1174
1175 r = sd_journal_add_match(j, t, 0);
1176
1177 if (r >=0 && t2)
1178 r = sd_journal_add_match(j, t2, 0);
1179
1180 } else if (S_ISCHR(st.st_mode) || S_ISBLK(st.st_mode)) {
1181 r = add_matches_for_device(j, p);
1182 if (r < 0)
1183 return r;
1184 } else
1185 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
1186 "File is neither a device node, nor regular file, nor executable: %s",
1187 *i);
1188
1189 have_term = true;
1190 } else {
1191 r = sd_journal_add_match(j, *i, 0);
1192 have_term = true;
1193 }
1194
1195 if (r < 0)
1196 return log_error_errno(r, "Failed to add match '%s': %m", *i);
1197 }
1198
1199 if (!strv_isempty(args) && !have_term)
1200 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
1201 "\"+\" can only be used between terms");
1202
1203 return 0;
1204 }
1205
1206 static void boot_id_free_all(BootId *l) {
1207
1208 while (l) {
1209 BootId *i = l;
1210 LIST_REMOVE(boot_list, l, i);
1211 free(i);
1212 }
1213 }
1214
1215 static int discover_next_boot(sd_journal *j,
1216 sd_id128_t previous_boot_id,
1217 bool advance_older,
1218 BootId **ret) {
1219
1220 _cleanup_free_ BootId *next_boot = NULL;
1221 char match[9+32+1] = "_BOOT_ID=";
1222 sd_id128_t boot_id;
1223 int r;
1224
1225 assert(j);
1226 assert(ret);
1227
1228 /* We expect the journal to be on the last position of a boot
1229 * (in relation to the direction we are going), so that the next
1230 * invocation of sd_journal_next/previous will be from a different
1231 * boot. We then collect any information we desire and then jump
1232 * to the last location of the new boot by using a _BOOT_ID match
1233 * coming from the other journal direction. */
1234
1235 /* Make sure we aren't restricted by any _BOOT_ID matches, so that
1236 * we can actually advance to a *different* boot. */
1237 sd_journal_flush_matches(j);
1238
1239 do {
1240 if (advance_older)
1241 r = sd_journal_previous(j);
1242 else
1243 r = sd_journal_next(j);
1244 if (r < 0)
1245 return r;
1246 else if (r == 0)
1247 return 0; /* End of journal, yay. */
1248
1249 r = sd_journal_get_monotonic_usec(j, NULL, &boot_id);
1250 if (r < 0)
1251 return r;
1252
1253 /* We iterate through this in a loop, until the boot ID differs from the previous one. Note that
1254 * normally, this will only require a single iteration, as we seeked to the last entry of the previous
1255 * boot entry already. However, it might happen that the per-journal-field entry arrays are less
1256 * complete than the main entry array, and hence might reference an entry that's not actually the last
1257 * one of the boot ID as last one. Let's hence use the per-field array is initial seek position to
1258 * speed things up, but let's not trust that it is complete, and hence, manually advance as
1259 * necessary. */
1260
1261 } while (sd_id128_equal(boot_id, previous_boot_id));
1262
1263 next_boot = new0(BootId, 1);
1264 if (!next_boot)
1265 return -ENOMEM;
1266
1267 next_boot->id = boot_id;
1268
1269 r = sd_journal_get_realtime_usec(j, &next_boot->first);
1270 if (r < 0)
1271 return r;
1272
1273 /* Now seek to the last occurrence of this boot ID. */
1274 sd_id128_to_string(next_boot->id, match + 9);
1275 r = sd_journal_add_match(j, match, sizeof(match) - 1);
1276 if (r < 0)
1277 return r;
1278
1279 if (advance_older)
1280 r = sd_journal_seek_head(j);
1281 else
1282 r = sd_journal_seek_tail(j);
1283 if (r < 0)
1284 return r;
1285
1286 if (advance_older)
1287 r = sd_journal_next(j);
1288 else
1289 r = sd_journal_previous(j);
1290 if (r < 0)
1291 return r;
1292 else if (r == 0)
1293 return log_debug_errno(SYNTHETIC_ERRNO(ENODATA),
1294 "Whoopsie! We found a boot ID but can't read its last entry."); /* This shouldn't happen. We just came from this very boot ID. */
1295
1296 r = sd_journal_get_realtime_usec(j, &next_boot->last);
1297 if (r < 0)
1298 return r;
1299
1300 *ret = TAKE_PTR(next_boot);
1301
1302 return 0;
1303 }
1304
1305 static int get_boots(
1306 sd_journal *j,
1307 BootId **boots,
1308 sd_id128_t *boot_id,
1309 int offset) {
1310
1311 bool skip_once;
1312 int r, count = 0;
1313 BootId *head = NULL, *tail = NULL, *id;
1314 const bool advance_older = boot_id && offset <= 0;
1315 sd_id128_t previous_boot_id;
1316
1317 assert(j);
1318
1319 /* Adjust for the asymmetry that offset 0 is
1320 * the last (and current) boot, while 1 is considered the
1321 * (chronological) first boot in the journal. */
1322 skip_once = boot_id && sd_id128_is_null(*boot_id) && offset <= 0;
1323
1324 /* Advance to the earliest/latest occurrence of our reference
1325 * boot ID (taking our lookup direction into account), so that
1326 * discover_next_boot() can do its job.
1327 * If no reference is given, the journal head/tail will do,
1328 * they're "virtual" boots after all. */
1329 if (boot_id && !sd_id128_is_null(*boot_id)) {
1330 char match[9+32+1] = "_BOOT_ID=";
1331
1332 sd_journal_flush_matches(j);
1333
1334 sd_id128_to_string(*boot_id, match + 9);
1335 r = sd_journal_add_match(j, match, sizeof(match) - 1);
1336 if (r < 0)
1337 return r;
1338
1339 if (advance_older)
1340 r = sd_journal_seek_head(j); /* seek to oldest */
1341 else
1342 r = sd_journal_seek_tail(j); /* seek to newest */
1343 if (r < 0)
1344 return r;
1345
1346 if (advance_older)
1347 r = sd_journal_next(j); /* read the oldest entry */
1348 else
1349 r = sd_journal_previous(j); /* read the most recently added entry */
1350 if (r < 0)
1351 return r;
1352 else if (r == 0)
1353 goto finish;
1354 else if (offset == 0) {
1355 count = 1;
1356 goto finish;
1357 }
1358
1359 /* At this point the read pointer is positioned at the oldest/newest occurrence of the reference boot
1360 * ID. After flushing the matches, one more invocation of _previous()/_next() will hence place us at
1361 * the following entry, which must then have an older/newer boot ID */
1362 } else {
1363
1364 if (advance_older)
1365 r = sd_journal_seek_tail(j); /* seek to newest */
1366 else
1367 r = sd_journal_seek_head(j); /* seek to oldest */
1368 if (r < 0)
1369 return r;
1370
1371 /* No sd_journal_next()/_previous() here.
1372 *
1373 * At this point the read pointer is positioned after the newest/before the oldest entry in the whole
1374 * journal. The next invocation of _previous()/_next() will hence position us at the newest/oldest
1375 * entry we have. */
1376 }
1377
1378 previous_boot_id = SD_ID128_NULL;
1379 for (;;) {
1380 _cleanup_free_ BootId *current = NULL;
1381
1382 r = discover_next_boot(j, previous_boot_id, advance_older, &current);
1383 if (r < 0) {
1384 boot_id_free_all(head);
1385 return r;
1386 }
1387
1388 if (!current)
1389 break;
1390
1391 previous_boot_id = current->id;
1392
1393 if (boot_id) {
1394 if (!skip_once)
1395 offset += advance_older ? 1 : -1;
1396 skip_once = false;
1397
1398 if (offset == 0) {
1399 count = 1;
1400 *boot_id = current->id;
1401 break;
1402 }
1403 } else {
1404 LIST_FOREACH(boot_list, id, head) {
1405 if (sd_id128_equal(id->id, current->id)) {
1406 /* boot id already stored, something wrong with the journal files */
1407 /* exiting as otherwise this problem would cause forever loop */
1408 goto finish;
1409 }
1410 }
1411 LIST_INSERT_AFTER(boot_list, head, tail, current);
1412 tail = TAKE_PTR(current);
1413 count++;
1414 }
1415 }
1416
1417 finish:
1418 if (boots)
1419 *boots = head;
1420
1421 sd_journal_flush_matches(j);
1422
1423 return count;
1424 }
1425
1426 static int list_boots(sd_journal *j) {
1427 int w, i, count;
1428 BootId *id, *all_ids;
1429
1430 assert(j);
1431
1432 count = get_boots(j, &all_ids, NULL, 0);
1433 if (count < 0)
1434 return log_error_errno(count, "Failed to determine boots: %m");
1435 if (count == 0)
1436 return count;
1437
1438 (void) pager_open(arg_pager_flags);
1439
1440 /* numbers are one less, but we need an extra char for the sign */
1441 w = DECIMAL_STR_WIDTH(count - 1) + 1;
1442
1443 i = 0;
1444 LIST_FOREACH(boot_list, id, all_ids) {
1445 char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX];
1446
1447 printf("% *i " SD_ID128_FORMAT_STR " %s—%s\n",
1448 w, i - count + 1,
1449 SD_ID128_FORMAT_VAL(id->id),
1450 format_timestamp_maybe_utc(a, sizeof(a), id->first),
1451 format_timestamp_maybe_utc(b, sizeof(b), id->last));
1452 i++;
1453 }
1454
1455 boot_id_free_all(all_ids);
1456
1457 return 0;
1458 }
1459
1460 static int add_boot(sd_journal *j) {
1461 char match[9+32+1] = "_BOOT_ID=";
1462 sd_id128_t boot_id;
1463 int r;
1464
1465 assert(j);
1466
1467 if (!arg_boot)
1468 return 0;
1469
1470 /* Take a shortcut and use the current boot_id, which we can do very quickly.
1471 * We can do this only when we logs are coming from the current machine,
1472 * so take the slow path if log location is specified. */
1473 if (arg_boot_offset == 0 && sd_id128_is_null(arg_boot_id) &&
1474 !arg_directory && !arg_file && !arg_root)
1475 return add_match_this_boot(j, arg_machine);
1476
1477 boot_id = arg_boot_id;
1478 r = get_boots(j, NULL, &boot_id, arg_boot_offset);
1479 assert(r <= 1);
1480 if (r <= 0) {
1481 const char *reason = (r == 0) ? "No such boot ID in journal" : strerror_safe(r);
1482
1483 if (sd_id128_is_null(arg_boot_id))
1484 log_error("Data from the specified boot (%+i) is not available: %s",
1485 arg_boot_offset, reason);
1486 else
1487 log_error("Data from the specified boot ("SD_ID128_FORMAT_STR") is not available: %s",
1488 SD_ID128_FORMAT_VAL(arg_boot_id), reason);
1489
1490 return r == 0 ? -ENODATA : r;
1491 }
1492
1493 sd_id128_to_string(boot_id, match + 9);
1494
1495 r = sd_journal_add_match(j, match, sizeof(match) - 1);
1496 if (r < 0)
1497 return log_error_errno(r, "Failed to add match: %m");
1498
1499 r = sd_journal_add_conjunction(j);
1500 if (r < 0)
1501 return log_error_errno(r, "Failed to add conjunction: %m");
1502
1503 return 0;
1504 }
1505
1506 static int add_dmesg(sd_journal *j) {
1507 int r;
1508 assert(j);
1509
1510 if (!arg_dmesg)
1511 return 0;
1512
1513 r = sd_journal_add_match(j, "_TRANSPORT=kernel",
1514 STRLEN("_TRANSPORT=kernel"));
1515 if (r < 0)
1516 return log_error_errno(r, "Failed to add match: %m");
1517
1518 r = sd_journal_add_conjunction(j);
1519 if (r < 0)
1520 return log_error_errno(r, "Failed to add conjunction: %m");
1521
1522 return 0;
1523 }
1524
1525 static int get_possible_units(
1526 sd_journal *j,
1527 const char *fields,
1528 char **patterns,
1529 Set **units) {
1530
1531 _cleanup_set_free_free_ Set *found;
1532 const char *field;
1533 int r;
1534
1535 found = set_new(&string_hash_ops);
1536 if (!found)
1537 return -ENOMEM;
1538
1539 NULSTR_FOREACH(field, fields) {
1540 const void *data;
1541 size_t size;
1542
1543 r = sd_journal_query_unique(j, field);
1544 if (r < 0)
1545 return r;
1546
1547 SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
1548 char **pattern, *eq;
1549 size_t prefix;
1550 _cleanup_free_ char *u = NULL;
1551
1552 eq = memchr(data, '=', size);
1553 if (eq)
1554 prefix = eq - (char*) data + 1;
1555 else
1556 prefix = 0;
1557
1558 u = strndup((char*) data + prefix, size - prefix);
1559 if (!u)
1560 return -ENOMEM;
1561
1562 STRV_FOREACH(pattern, patterns)
1563 if (fnmatch(*pattern, u, FNM_NOESCAPE) == 0) {
1564 log_debug("Matched %s with pattern %s=%s", u, field, *pattern);
1565
1566 r = set_consume(found, u);
1567 u = NULL;
1568 if (r < 0 && r != -EEXIST)
1569 return r;
1570
1571 break;
1572 }
1573 }
1574 }
1575
1576 *units = TAKE_PTR(found);
1577
1578 return 0;
1579 }
1580
1581 /* This list is supposed to return the superset of unit names
1582 * possibly matched by rules added with add_matches_for_unit... */
1583 #define SYSTEM_UNITS \
1584 "_SYSTEMD_UNIT\0" \
1585 "COREDUMP_UNIT\0" \
1586 "UNIT\0" \
1587 "OBJECT_SYSTEMD_UNIT\0" \
1588 "_SYSTEMD_SLICE\0"
1589
1590 /* ... and add_matches_for_user_unit */
1591 #define USER_UNITS \
1592 "_SYSTEMD_USER_UNIT\0" \
1593 "USER_UNIT\0" \
1594 "COREDUMP_USER_UNIT\0" \
1595 "OBJECT_SYSTEMD_USER_UNIT\0" \
1596 "_SYSTEMD_USER_SLICE\0"
1597
1598 static int add_units(sd_journal *j) {
1599 _cleanup_strv_free_ char **patterns = NULL;
1600 int r, count = 0;
1601 char **i;
1602
1603 assert(j);
1604
1605 STRV_FOREACH(i, arg_system_units) {
1606 _cleanup_free_ char *u = NULL;
1607
1608 r = unit_name_mangle(*i, UNIT_NAME_MANGLE_GLOB | (arg_quiet ? 0 : UNIT_NAME_MANGLE_WARN), &u);
1609 if (r < 0)
1610 return r;
1611
1612 if (string_is_glob(u)) {
1613 r = strv_push(&patterns, u);
1614 if (r < 0)
1615 return r;
1616 u = NULL;
1617 } else {
1618 r = add_matches_for_unit(j, u);
1619 if (r < 0)
1620 return r;
1621 r = sd_journal_add_disjunction(j);
1622 if (r < 0)
1623 return r;
1624 count++;
1625 }
1626 }
1627
1628 if (!strv_isempty(patterns)) {
1629 _cleanup_set_free_free_ Set *units = NULL;
1630 Iterator it;
1631 char *u;
1632
1633 r = get_possible_units(j, SYSTEM_UNITS, patterns, &units);
1634 if (r < 0)
1635 return r;
1636
1637 SET_FOREACH(u, units, it) {
1638 r = add_matches_for_unit(j, u);
1639 if (r < 0)
1640 return r;
1641 r = sd_journal_add_disjunction(j);
1642 if (r < 0)
1643 return r;
1644 count++;
1645 }
1646 }
1647
1648 patterns = strv_free(patterns);
1649
1650 STRV_FOREACH(i, arg_user_units) {
1651 _cleanup_free_ char *u = NULL;
1652
1653 r = unit_name_mangle(*i, UNIT_NAME_MANGLE_GLOB | (arg_quiet ? 0 : UNIT_NAME_MANGLE_WARN), &u);
1654 if (r < 0)
1655 return r;
1656
1657 if (string_is_glob(u)) {
1658 r = strv_push(&patterns, u);
1659 if (r < 0)
1660 return r;
1661 u = NULL;
1662 } else {
1663 r = add_matches_for_user_unit(j, u, getuid());
1664 if (r < 0)
1665 return r;
1666 r = sd_journal_add_disjunction(j);
1667 if (r < 0)
1668 return r;
1669 count++;
1670 }
1671 }
1672
1673 if (!strv_isempty(patterns)) {
1674 _cleanup_set_free_free_ Set *units = NULL;
1675 Iterator it;
1676 char *u;
1677
1678 r = get_possible_units(j, USER_UNITS, patterns, &units);
1679 if (r < 0)
1680 return r;
1681
1682 SET_FOREACH(u, units, it) {
1683 r = add_matches_for_user_unit(j, u, getuid());
1684 if (r < 0)
1685 return r;
1686 r = sd_journal_add_disjunction(j);
1687 if (r < 0)
1688 return r;
1689 count++;
1690 }
1691 }
1692
1693 /* Complain if the user request matches but nothing whatsoever was
1694 * found, since otherwise everything would be matched. */
1695 if (!(strv_isempty(arg_system_units) && strv_isempty(arg_user_units)) && count == 0)
1696 return -ENODATA;
1697
1698 r = sd_journal_add_conjunction(j);
1699 if (r < 0)
1700 return r;
1701
1702 return 0;
1703 }
1704
1705 static int add_priorities(sd_journal *j) {
1706 char match[] = "PRIORITY=0";
1707 int i, r;
1708 assert(j);
1709
1710 if (arg_priorities == 0xFF)
1711 return 0;
1712
1713 for (i = LOG_EMERG; i <= LOG_DEBUG; i++)
1714 if (arg_priorities & (1 << i)) {
1715 match[sizeof(match)-2] = '0' + i;
1716
1717 r = sd_journal_add_match(j, match, strlen(match));
1718 if (r < 0)
1719 return log_error_errno(r, "Failed to add match: %m");
1720 }
1721
1722 r = sd_journal_add_conjunction(j);
1723 if (r < 0)
1724 return log_error_errno(r, "Failed to add conjunction: %m");
1725
1726 return 0;
1727 }
1728
1729 static int add_facilities(sd_journal *j) {
1730 void *p;
1731 Iterator it;
1732 int r;
1733
1734 SET_FOREACH(p, arg_facilities, it) {
1735 char match[STRLEN("SYSLOG_FACILITY=") + DECIMAL_STR_MAX(int)];
1736
1737 xsprintf(match, "SYSLOG_FACILITY=%d", PTR_TO_INT(p));
1738
1739 r = sd_journal_add_match(j, match, strlen(match));
1740 if (r < 0)
1741 return log_error_errno(r, "Failed to add match: %m");
1742 }
1743
1744 return 0;
1745 }
1746
1747 static int add_syslog_identifier(sd_journal *j) {
1748 int r;
1749 char **i;
1750
1751 assert(j);
1752
1753 STRV_FOREACH(i, arg_syslog_identifier) {
1754 _cleanup_free_ char *u = NULL;
1755
1756 u = strjoin("SYSLOG_IDENTIFIER=", *i);
1757 if (!u)
1758 return -ENOMEM;
1759 r = sd_journal_add_match(j, u, 0);
1760 if (r < 0)
1761 return r;
1762 r = sd_journal_add_disjunction(j);
1763 if (r < 0)
1764 return r;
1765 }
1766
1767 r = sd_journal_add_conjunction(j);
1768 if (r < 0)
1769 return r;
1770
1771 return 0;
1772 }
1773
1774 static int setup_keys(void) {
1775 #if HAVE_GCRYPT
1776 size_t mpk_size, seed_size, state_size, i;
1777 uint8_t *mpk, *seed, *state;
1778 int fd = -1, r;
1779 sd_id128_t machine, boot;
1780 char *p = NULL, *k = NULL;
1781 uint64_t n;
1782 struct stat st;
1783
1784 r = stat("/var/log/journal", &st);
1785 if (r < 0 && !IN_SET(errno, ENOENT, ENOTDIR))
1786 return log_error_errno(errno, "stat(\"%s\") failed: %m", "/var/log/journal");
1787
1788 if (r < 0 || !S_ISDIR(st.st_mode)) {
1789 log_error("%s is not a directory, must be using persistent logging for FSS.",
1790 "/var/log/journal");
1791 return r < 0 ? -errno : -ENOTDIR;
1792 }
1793
1794 r = sd_id128_get_machine(&machine);
1795 if (r < 0)
1796 return log_error_errno(r, "Failed to get machine ID: %m");
1797
1798 r = sd_id128_get_boot(&boot);
1799 if (r < 0)
1800 return log_error_errno(r, "Failed to get boot ID: %m");
1801
1802 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss",
1803 SD_ID128_FORMAT_VAL(machine)) < 0)
1804 return log_oom();
1805
1806 if (arg_force) {
1807 r = unlink(p);
1808 if (r < 0 && errno != ENOENT) {
1809 r = log_error_errno(errno, "unlink(\"%s\") failed: %m", p);
1810 goto finish;
1811 }
1812 } else if (access(p, F_OK) >= 0) {
1813 log_error("Sealing key file %s exists already. Use --force to recreate.", p);
1814 r = -EEXIST;
1815 goto finish;
1816 }
1817
1818 if (asprintf(&k, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss.tmp.XXXXXX",
1819 SD_ID128_FORMAT_VAL(machine)) < 0) {
1820 r = log_oom();
1821 goto finish;
1822 }
1823
1824 mpk_size = FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR);
1825 mpk = alloca(mpk_size);
1826
1827 seed_size = FSPRG_RECOMMENDED_SEEDLEN;
1828 seed = alloca(seed_size);
1829
1830 state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR);
1831 state = alloca(state_size);
1832
1833 fd = open("/dev/random", O_RDONLY|O_CLOEXEC|O_NOCTTY);
1834 if (fd < 0) {
1835 r = log_error_errno(errno, "Failed to open /dev/random: %m");
1836 goto finish;
1837 }
1838
1839 log_info("Generating seed...");
1840 r = loop_read_exact(fd, seed, seed_size, true);
1841 if (r < 0) {
1842 log_error_errno(r, "Failed to read random seed: %m");
1843 goto finish;
1844 }
1845
1846 log_info("Generating key pair...");
1847 FSPRG_GenMK(NULL, mpk, seed, seed_size, FSPRG_RECOMMENDED_SECPAR);
1848
1849 log_info("Generating sealing key...");
1850 FSPRG_GenState0(state, mpk, seed, seed_size);
1851
1852 assert(arg_interval > 0);
1853
1854 n = now(CLOCK_REALTIME);
1855 n /= arg_interval;
1856
1857 safe_close(fd);
1858 fd = mkostemp_safe(k);
1859 if (fd < 0) {
1860 r = log_error_errno(fd, "Failed to open %s: %m", k);
1861 goto finish;
1862 }
1863
1864 /* Enable secure remove, exclusion from dump, synchronous
1865 * writing and in-place updating */
1866 r = chattr_fd(fd, FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL, FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL, NULL);
1867 if (r < 0)
1868 log_warning_errno(r, "Failed to set file attributes: %m");
1869
1870 struct FSSHeader h = {
1871 .machine_id = machine,
1872 .boot_id = boot,
1873 .header_size = htole64(sizeof(h)),
1874 .start_usec = htole64(n * arg_interval),
1875 .interval_usec = htole64(arg_interval),
1876 .fsprg_secpar = htole16(FSPRG_RECOMMENDED_SECPAR),
1877 .fsprg_state_size = htole64(state_size),
1878 };
1879
1880 memcpy(h.signature, "KSHHRHLP", 8);
1881
1882 r = loop_write(fd, &h, sizeof(h), false);
1883 if (r < 0) {
1884 log_error_errno(r, "Failed to write header: %m");
1885 goto finish;
1886 }
1887
1888 r = loop_write(fd, state, state_size, false);
1889 if (r < 0) {
1890 log_error_errno(r, "Failed to write state: %m");
1891 goto finish;
1892 }
1893
1894 if (link(k, p) < 0) {
1895 r = log_error_errno(errno, "Failed to link file: %m");
1896 goto finish;
1897 }
1898
1899 if (on_tty()) {
1900 fprintf(stderr,
1901 "\n"
1902 "The new key pair has been generated. The %ssecret sealing key%s has been written to\n"
1903 "the following local file. This key file is automatically updated when the\n"
1904 "sealing key is advanced. It should not be used on multiple hosts.\n"
1905 "\n"
1906 "\t%s\n"
1907 "\n"
1908 "Please write down the following %ssecret verification key%s. It should be stored\n"
1909 "at a safe location and should not be saved locally on disk.\n"
1910 "\n\t%s",
1911 ansi_highlight(), ansi_normal(),
1912 p,
1913 ansi_highlight(), ansi_normal(),
1914 ansi_highlight_red());
1915 fflush(stderr);
1916 }
1917 for (i = 0; i < seed_size; i++) {
1918 if (i > 0 && i % 3 == 0)
1919 putchar('-');
1920 printf("%02x", ((uint8_t*) seed)[i]);
1921 }
1922
1923 printf("/%llx-%llx\n", (unsigned long long) n, (unsigned long long) arg_interval);
1924
1925 if (on_tty()) {
1926 char tsb[FORMAT_TIMESPAN_MAX], *hn;
1927
1928 fprintf(stderr,
1929 "%s\n"
1930 "The sealing key is automatically changed every %s.\n",
1931 ansi_normal(),
1932 format_timespan(tsb, sizeof(tsb), arg_interval, 0));
1933
1934 hn = gethostname_malloc();
1935
1936 if (hn) {
1937 hostname_cleanup(hn);
1938 fprintf(stderr, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR ".\n", hn, SD_ID128_FORMAT_VAL(machine));
1939 } else
1940 fprintf(stderr, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR ".\n", SD_ID128_FORMAT_VAL(machine));
1941
1942 #if HAVE_QRENCODE
1943 /* If this is not an UTF-8 system don't print any QR codes */
1944 if (is_locale_utf8()) {
1945 fputs("\nTo transfer the verification key to your phone please scan the QR code below:\n\n", stderr);
1946 print_qr_code(stderr, seed, seed_size, n, arg_interval, hn, machine);
1947 }
1948 #endif
1949 free(hn);
1950 }
1951
1952 r = 0;
1953
1954 finish:
1955 safe_close(fd);
1956
1957 if (k) {
1958 (void) unlink(k);
1959 free(k);
1960 }
1961
1962 free(p);
1963
1964 return r;
1965 #else
1966 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
1967 "Forward-secure sealing not available.");
1968 #endif
1969 }
1970
1971 static int verify(sd_journal *j) {
1972 int r = 0;
1973 Iterator i;
1974 JournalFile *f;
1975
1976 assert(j);
1977
1978 log_show_color(true);
1979
1980 ORDERED_HASHMAP_FOREACH(f, j->files, i) {
1981 int k;
1982 usec_t first = 0, validated = 0, last = 0;
1983
1984 #if HAVE_GCRYPT
1985 if (!arg_verify_key && JOURNAL_HEADER_SEALED(f->header))
1986 log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f->path);
1987 #endif
1988
1989 k = journal_file_verify(f, arg_verify_key, &first, &validated, &last, true);
1990 if (k == -EINVAL) {
1991 /* If the key was invalid give up right-away. */
1992 return k;
1993 } else if (k < 0) {
1994 log_warning_errno(k, "FAIL: %s (%m)", f->path);
1995 r = k;
1996 } else {
1997 char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX], c[FORMAT_TIMESPAN_MAX];
1998 log_info("PASS: %s", f->path);
1999
2000 if (arg_verify_key && JOURNAL_HEADER_SEALED(f->header)) {
2001 if (validated > 0) {
2002 log_info("=> Validated from %s to %s, final %s entries not sealed.",
2003 format_timestamp_maybe_utc(a, sizeof(a), first),
2004 format_timestamp_maybe_utc(b, sizeof(b), validated),
2005 format_timespan(c, sizeof(c), last > validated ? last - validated : 0, 0));
2006 } else if (last > 0)
2007 log_info("=> No sealing yet, %s of entries not sealed.",
2008 format_timespan(c, sizeof(c), last - first, 0));
2009 else
2010 log_info("=> No sealing yet, no entries in file.");
2011 }
2012 }
2013 }
2014
2015 return r;
2016 }
2017
2018 static int simple_varlink_call(const char *option, const char *method) {
2019 _cleanup_(varlink_flush_close_unrefp) Varlink *link = NULL;
2020 const char *error, *fn;
2021 int r;
2022
2023 if (arg_machine)
2024 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "%s is not supported in conjunction with --machine=.", option);
2025
2026 fn = arg_namespace ?
2027 strjoina("/run/systemd/journal.", arg_namespace, "/io.systemd.journal") :
2028 "/run/systemd/journal/io.systemd.journal";
2029
2030 r = varlink_connect_address(&link, fn);
2031 if (r < 0)
2032 return log_error_errno(r, "Failed to connect to %s: %m", fn);
2033
2034 (void) varlink_set_description(link, "journal");
2035 (void) varlink_set_relative_timeout(link, USEC_INFINITY);
2036
2037 r = varlink_call(link, method, NULL, NULL, &error, NULL);
2038 if (r < 0)
2039 return log_error_errno(r, "Failed to execute varlink call: %m");
2040 if (error)
2041 return log_error_errno(SYNTHETIC_ERRNO(ENOANO),
2042 "Failed to execute varlink call: %s", error);
2043
2044 return 0;
2045 }
2046
2047 static int flush_to_var(void) {
2048 return simple_varlink_call("--flush", "io.systemd.Journal.FlushToVar");
2049 }
2050
2051 static int relinquish_var(void) {
2052 return simple_varlink_call("--relinquish-var/--smart-relinquish-var", "io.systemd.Journal.RelinquishVar");
2053 }
2054
2055 static int rotate(void) {
2056 return simple_varlink_call("--rotate", "io.systemd.Journal.Rotate");
2057 }
2058
2059 static int sync_journal(void) {
2060 return simple_varlink_call("--sync", "io.systemd.Journal.Synchronize");
2061 }
2062
2063 static int wait_for_change(sd_journal *j, int poll_fd) {
2064 struct pollfd pollfds[] = {
2065 { .fd = poll_fd, .events = POLLIN },
2066 { .fd = STDOUT_FILENO },
2067 };
2068
2069 struct timespec ts;
2070 usec_t timeout;
2071 int r;
2072
2073 assert(j);
2074 assert(poll_fd >= 0);
2075
2076 /* Much like sd_journal_wait() but also keeps an eye on STDOUT, and exits as soon as we see a POLLHUP on that,
2077 * i.e. when it is closed. */
2078
2079 r = sd_journal_get_timeout(j, &timeout);
2080 if (r < 0)
2081 return log_error_errno(r, "Failed to determine journal waiting time: %m");
2082
2083 if (ppoll(pollfds, ELEMENTSOF(pollfds),
2084 timeout == USEC_INFINITY ? NULL : timespec_store(&ts, timeout), NULL) < 0) {
2085 if (errno == EINTR)
2086 return 0;
2087
2088 return log_error_errno(errno, "Couldn't wait for journal event: %m");
2089 }
2090
2091 if (pollfds[1].revents & (POLLHUP|POLLERR|POLLNVAL)) /* STDOUT has been closed? */
2092 return log_debug_errno(SYNTHETIC_ERRNO(ECANCELED),
2093 "Standard output has been closed.");
2094
2095 if (pollfds[0].revents & POLLNVAL)
2096 return log_debug_errno(SYNTHETIC_ERRNO(EBADF), "Change fd closed?");
2097
2098 r = sd_journal_process(j);
2099 if (r < 0)
2100 return log_error_errno(r, "Failed to process journal events: %m");
2101
2102 return 0;
2103 }
2104
2105 int main(int argc, char *argv[]) {
2106 bool previous_boot_id_valid = false, first_line = true, ellipsized = false, need_seek = false;
2107 bool use_cursor = false, after_cursor = false;
2108 _cleanup_(sd_journal_closep) sd_journal *j = NULL;
2109 sd_id128_t previous_boot_id;
2110 int n_shown = 0, r, poll_fd = -1;
2111
2112 setlocale(LC_ALL, "");
2113 log_setup_cli();
2114
2115 /* Increase max number of open files if we can, we might needs this when browsing journal files, which might be
2116 * split up into many files. */
2117 (void) rlimit_nofile_bump(HIGH_RLIMIT_NOFILE);
2118
2119 r = parse_argv(argc, argv);
2120 if (r <= 0)
2121 goto finish;
2122
2123 signal(SIGWINCH, columns_lines_cache_reset);
2124 sigbus_install();
2125
2126 switch (arg_action) {
2127
2128 case ACTION_NEW_ID128:
2129 r = id128_print_new(ID128_PRINT_PRETTY);
2130 goto finish;
2131
2132 case ACTION_SETUP_KEYS:
2133 r = setup_keys();
2134 goto finish;
2135
2136 case ACTION_LIST_CATALOG:
2137 case ACTION_DUMP_CATALOG:
2138 case ACTION_UPDATE_CATALOG: {
2139 _cleanup_free_ char *database;
2140
2141 database = path_join(arg_root, CATALOG_DATABASE);
2142 if (!database) {
2143 r = log_oom();
2144 goto finish;
2145 }
2146
2147 if (arg_action == ACTION_UPDATE_CATALOG) {
2148 r = catalog_update(database, arg_root, catalog_file_dirs);
2149 if (r < 0)
2150 log_error_errno(r, "Failed to list catalog: %m");
2151 } else {
2152 bool oneline = arg_action == ACTION_LIST_CATALOG;
2153
2154 (void) pager_open(arg_pager_flags);
2155
2156 if (optind < argc)
2157 r = catalog_list_items(stdout, database, oneline, argv + optind);
2158 else
2159 r = catalog_list(stdout, database, oneline);
2160 if (r < 0)
2161 log_error_errno(r, "Failed to list catalog: %m");
2162 }
2163
2164 goto finish;
2165 }
2166
2167 case ACTION_FLUSH:
2168 r = flush_to_var();
2169 goto finish;
2170
2171 case ACTION_RELINQUISH_VAR:
2172 r = relinquish_var();
2173 goto finish;
2174
2175 case ACTION_SYNC:
2176 r = sync_journal();
2177 goto finish;
2178
2179 case ACTION_ROTATE:
2180 r = rotate();
2181 goto finish;
2182
2183 case ACTION_SHOW:
2184 case ACTION_PRINT_HEADER:
2185 case ACTION_VERIFY:
2186 case ACTION_DISK_USAGE:
2187 case ACTION_LIST_BOOTS:
2188 case ACTION_VACUUM:
2189 case ACTION_ROTATE_AND_VACUUM:
2190 case ACTION_LIST_FIELDS:
2191 case ACTION_LIST_FIELD_NAMES:
2192 /* These ones require access to the journal files, continue below. */
2193 break;
2194
2195 default:
2196 assert_not_reached("Unknown action");
2197 }
2198
2199 if (arg_directory)
2200 r = sd_journal_open_directory(&j, arg_directory, arg_journal_type);
2201 else if (arg_root)
2202 r = sd_journal_open_directory(&j, arg_root, arg_journal_type | SD_JOURNAL_OS_ROOT);
2203 else if (arg_file_stdin)
2204 r = sd_journal_open_files_fd(&j, (int[]) { STDIN_FILENO }, 1, 0);
2205 else if (arg_file)
2206 r = sd_journal_open_files(&j, (const char**) arg_file, 0);
2207 else if (arg_machine) {
2208 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2209 _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
2210 _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
2211 int fd;
2212
2213 if (geteuid() != 0) {
2214 /* The file descriptor returned by OpenMachineRootDirectory() will be owned by users/groups of
2215 * the container, thus we need root privileges to override them. */
2216 r = log_error_errno(SYNTHETIC_ERRNO(EPERM), "Using the --machine= switch requires root privileges.");
2217 goto finish;
2218 }
2219
2220 r = sd_bus_open_system(&bus);
2221 if (r < 0) {
2222 log_error_errno(r, "Failed to open system bus: %m");
2223 goto finish;
2224 }
2225
2226 r = sd_bus_call_method(
2227 bus,
2228 "org.freedesktop.machine1",
2229 "/org/freedesktop/machine1",
2230 "org.freedesktop.machine1.Manager",
2231 "OpenMachineRootDirectory",
2232 &error,
2233 &reply,
2234 "s", arg_machine);
2235 if (r < 0) {
2236 log_error_errno(r, "Failed to open root directory: %s", bus_error_message(&error, r));
2237 goto finish;
2238 }
2239
2240 r = sd_bus_message_read(reply, "h", &fd);
2241 if (r < 0) {
2242 bus_log_parse_error(r);
2243 goto finish;
2244 }
2245
2246 fd = fcntl(fd, F_DUPFD_CLOEXEC, 3);
2247 if (fd < 0) {
2248 r = log_error_errno(errno, "Failed to duplicate file descriptor: %m");
2249 goto finish;
2250 }
2251
2252 r = sd_journal_open_directory_fd(&j, fd, SD_JOURNAL_OS_ROOT);
2253 if (r < 0)
2254 safe_close(fd);
2255 } else
2256 r = sd_journal_open_namespace(
2257 &j,
2258 arg_namespace,
2259 (arg_merge ? 0 : SD_JOURNAL_LOCAL_ONLY) |
2260 arg_namespace_flags | arg_journal_type);
2261 if (r < 0) {
2262 log_error_errno(r, "Failed to open %s: %m", arg_directory ?: arg_file ? "files" : "journal");
2263 goto finish;
2264 }
2265
2266 r = journal_access_check_and_warn(j, arg_quiet,
2267 !(arg_journal_type == SD_JOURNAL_CURRENT_USER || arg_user_units));
2268 if (r < 0)
2269 goto finish;
2270
2271 switch (arg_action) {
2272
2273 case ACTION_NEW_ID128:
2274 case ACTION_SETUP_KEYS:
2275 case ACTION_LIST_CATALOG:
2276 case ACTION_DUMP_CATALOG:
2277 case ACTION_UPDATE_CATALOG:
2278 case ACTION_FLUSH:
2279 case ACTION_SYNC:
2280 case ACTION_ROTATE:
2281 assert_not_reached("Unexpected action.");
2282
2283 case ACTION_PRINT_HEADER:
2284 journal_print_header(j);
2285 r = 0;
2286 goto finish;
2287
2288 case ACTION_VERIFY:
2289 r = verify(j);
2290 goto finish;
2291
2292 case ACTION_DISK_USAGE: {
2293 uint64_t bytes = 0;
2294 char sbytes[FORMAT_BYTES_MAX];
2295
2296 r = sd_journal_get_usage(j, &bytes);
2297 if (r < 0)
2298 goto finish;
2299
2300 printf("Archived and active journals take up %s in the file system.\n",
2301 format_bytes(sbytes, sizeof(sbytes), bytes));
2302 goto finish;
2303 }
2304
2305 case ACTION_LIST_BOOTS:
2306 r = list_boots(j);
2307 goto finish;
2308
2309 case ACTION_ROTATE_AND_VACUUM:
2310
2311 r = rotate();
2312 if (r < 0)
2313 goto finish;
2314
2315 _fallthrough_;
2316
2317 case ACTION_VACUUM: {
2318 Directory *d;
2319 Iterator i;
2320
2321 HASHMAP_FOREACH(d, j->directories_by_path, i) {
2322 int q;
2323
2324 q = journal_directory_vacuum(d->path, arg_vacuum_size, arg_vacuum_n_files, arg_vacuum_time, NULL, !arg_quiet);
2325 if (q < 0) {
2326 log_error_errno(q, "Failed to vacuum %s: %m", d->path);
2327 r = q;
2328 }
2329 }
2330
2331 goto finish;
2332 }
2333
2334 case ACTION_LIST_FIELD_NAMES: {
2335 const char *field;
2336
2337 SD_JOURNAL_FOREACH_FIELD(j, field) {
2338 printf("%s\n", field);
2339 n_shown++;
2340 }
2341
2342 r = 0;
2343 goto finish;
2344 }
2345
2346 case ACTION_SHOW:
2347 case ACTION_LIST_FIELDS:
2348 break;
2349
2350 default:
2351 assert_not_reached("Unknown action");
2352 }
2353
2354 if (arg_boot_offset != 0 &&
2355 sd_journal_has_runtime_files(j) > 0 &&
2356 sd_journal_has_persistent_files(j) == 0) {
2357 log_info("Specifying boot ID or boot offset has no effect, no persistent journal was found.");
2358 r = 0;
2359 goto finish;
2360 }
2361 /* add_boot() must be called first!
2362 * It may need to seek the journal to find parent boot IDs. */
2363 r = add_boot(j);
2364 if (r < 0)
2365 goto finish;
2366
2367 r = add_dmesg(j);
2368 if (r < 0)
2369 goto finish;
2370
2371 r = add_units(j);
2372 if (r < 0) {
2373 log_error_errno(r, "Failed to add filter for units: %m");
2374 goto finish;
2375 }
2376
2377 r = add_syslog_identifier(j);
2378 if (r < 0) {
2379 log_error_errno(r, "Failed to add filter for syslog identifiers: %m");
2380 goto finish;
2381 }
2382
2383 r = add_priorities(j);
2384 if (r < 0)
2385 goto finish;
2386
2387 r = add_facilities(j);
2388 if (r < 0)
2389 goto finish;
2390
2391 r = add_matches(j, argv + optind);
2392 if (r < 0)
2393 goto finish;
2394
2395 if (DEBUG_LOGGING) {
2396 _cleanup_free_ char *filter;
2397
2398 filter = journal_make_match_string(j);
2399 if (!filter)
2400 return log_oom();
2401
2402 log_debug("Journal filter: %s", filter);
2403 }
2404
2405 if (arg_action == ACTION_LIST_FIELDS) {
2406 const void *data;
2407 size_t size;
2408
2409 assert(arg_field);
2410
2411 r = sd_journal_set_data_threshold(j, 0);
2412 if (r < 0) {
2413 log_error_errno(r, "Failed to unset data size threshold: %m");
2414 goto finish;
2415 }
2416
2417 r = sd_journal_query_unique(j, arg_field);
2418 if (r < 0) {
2419 log_error_errno(r, "Failed to query unique data objects: %m");
2420 goto finish;
2421 }
2422
2423 SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
2424 const void *eq;
2425
2426 if (arg_lines >= 0 && n_shown >= arg_lines)
2427 break;
2428
2429 eq = memchr(data, '=', size);
2430 if (eq)
2431 printf("%.*s\n", (int) (size - ((const uint8_t*) eq - (const uint8_t*) data + 1)), (const char*) eq + 1);
2432 else
2433 printf("%.*s\n", (int) size, (const char*) data);
2434
2435 n_shown++;
2436 }
2437
2438 r = 0;
2439 goto finish;
2440 }
2441
2442 /* Opening the fd now means the first sd_journal_wait() will actually wait */
2443 if (arg_follow) {
2444 poll_fd = sd_journal_get_fd(j);
2445 if (poll_fd == -EMFILE) {
2446 log_warning_errno(poll_fd, "Insufficient watch descriptors available. Reverting to -n.");
2447 arg_follow = false;
2448 } else if (poll_fd == -EMEDIUMTYPE) {
2449 log_error_errno(poll_fd, "The --follow switch is not supported in conjunction with reading from STDIN.");
2450 goto finish;
2451 } else if (poll_fd < 0) {
2452 log_error_errno(poll_fd, "Failed to get journal fd: %m");
2453 goto finish;
2454 }
2455 }
2456
2457 if (arg_cursor || arg_after_cursor || arg_cursor_file) {
2458 _cleanup_free_ char *cursor_from_file = NULL;
2459 const char *cursor = arg_cursor ?: arg_after_cursor;
2460
2461 if (arg_cursor_file) {
2462 r = read_one_line_file(arg_cursor_file, &cursor_from_file);
2463 if (r < 0 && r != -ENOENT) {
2464 log_error_errno(r, "Failed to read cursor file %s: %m", arg_cursor_file);
2465 goto finish;
2466 }
2467
2468 if (r > 0) {
2469 cursor = cursor_from_file;
2470 after_cursor = true;
2471 }
2472 } else
2473 after_cursor = !!arg_after_cursor;
2474
2475 if (cursor) {
2476 r = sd_journal_seek_cursor(j, cursor);
2477 if (r < 0) {
2478 log_error_errno(r, "Failed to seek to cursor: %m");
2479 goto finish;
2480 }
2481 use_cursor = true;
2482 }
2483 }
2484
2485 if (use_cursor) {
2486 if (!arg_reverse)
2487 r = sd_journal_next_skip(j, 1 + after_cursor);
2488 else
2489 r = sd_journal_previous_skip(j, 1 + after_cursor);
2490
2491 if (after_cursor && r < 2) {
2492 /* We couldn't find the next entry after the cursor. */
2493 if (arg_follow)
2494 need_seek = true;
2495 else
2496 arg_lines = 0;
2497 }
2498
2499 } else if (arg_since_set && !arg_reverse) {
2500 r = sd_journal_seek_realtime_usec(j, arg_since);
2501 if (r < 0) {
2502 log_error_errno(r, "Failed to seek to date: %m");
2503 goto finish;
2504 }
2505 r = sd_journal_next(j);
2506
2507 } else if (arg_until_set && arg_reverse) {
2508 r = sd_journal_seek_realtime_usec(j, arg_until);
2509 if (r < 0) {
2510 log_error_errno(r, "Failed to seek to date: %m");
2511 goto finish;
2512 }
2513 r = sd_journal_previous(j);
2514
2515 } else if (arg_reverse) {
2516 r = sd_journal_seek_tail(j);
2517 if (r < 0) {
2518 log_error_errno(r, "Failed to seek to tail: %m");
2519 goto finish;
2520 }
2521
2522 r = sd_journal_previous(j);
2523
2524 } else if (arg_lines >= 0) {
2525 r = sd_journal_seek_tail(j);
2526 if (r < 0) {
2527 log_error_errno(r, "Failed to seek to tail: %m");
2528 goto finish;
2529 }
2530
2531 r = sd_journal_previous_skip(j, arg_lines);
2532
2533 } else {
2534 r = sd_journal_seek_head(j);
2535 if (r < 0) {
2536 log_error_errno(r, "Failed to seek to head: %m");
2537 goto finish;
2538 }
2539
2540 r = sd_journal_next(j);
2541 }
2542
2543 if (r < 0) {
2544 log_error_errno(r, "Failed to iterate through journal: %m");
2545 goto finish;
2546 }
2547 if (r == 0)
2548 need_seek = true;
2549
2550 if (!arg_follow)
2551 (void) pager_open(arg_pager_flags);
2552
2553 if (!arg_quiet && (arg_lines != 0 || arg_follow)) {
2554 usec_t start, end;
2555 char start_buf[FORMAT_TIMESTAMP_MAX], end_buf[FORMAT_TIMESTAMP_MAX];
2556
2557 r = sd_journal_get_cutoff_realtime_usec(j, &start, &end);
2558 if (r < 0) {
2559 log_error_errno(r, "Failed to get cutoff: %m");
2560 goto finish;
2561 }
2562
2563 if (r > 0) {
2564 if (arg_follow)
2565 printf("-- Logs begin at %s. --\n",
2566 format_timestamp_maybe_utc(start_buf, sizeof(start_buf), start));
2567 else
2568 printf("-- Logs begin at %s, end at %s. --\n",
2569 format_timestamp_maybe_utc(start_buf, sizeof(start_buf), start),
2570 format_timestamp_maybe_utc(end_buf, sizeof(end_buf), end));
2571 }
2572 }
2573
2574 for (;;) {
2575 while (arg_lines < 0 || n_shown < arg_lines || (arg_follow && !first_line)) {
2576 int flags;
2577 size_t highlight[2] = {};
2578
2579 if (need_seek) {
2580 if (!arg_reverse)
2581 r = sd_journal_next(j);
2582 else
2583 r = sd_journal_previous(j);
2584 if (r < 0) {
2585 log_error_errno(r, "Failed to iterate through journal: %m");
2586 goto finish;
2587 }
2588 if (r == 0)
2589 break;
2590 }
2591
2592 if (arg_until_set && !arg_reverse) {
2593 usec_t usec;
2594
2595 r = sd_journal_get_realtime_usec(j, &usec);
2596 if (r < 0) {
2597 log_error_errno(r, "Failed to determine timestamp: %m");
2598 goto finish;
2599 }
2600 if (usec > arg_until)
2601 break;
2602 }
2603
2604 if (arg_since_set && arg_reverse) {
2605 usec_t usec;
2606
2607 r = sd_journal_get_realtime_usec(j, &usec);
2608 if (r < 0) {
2609 log_error_errno(r, "Failed to determine timestamp: %m");
2610 goto finish;
2611 }
2612 if (usec < arg_since)
2613 break;
2614 }
2615
2616 if (!arg_merge && !arg_quiet) {
2617 sd_id128_t boot_id;
2618
2619 r = sd_journal_get_monotonic_usec(j, NULL, &boot_id);
2620 if (r >= 0) {
2621 if (previous_boot_id_valid &&
2622 !sd_id128_equal(boot_id, previous_boot_id))
2623 printf("%s-- Reboot --%s\n",
2624 ansi_highlight(), ansi_normal());
2625
2626 previous_boot_id = boot_id;
2627 previous_boot_id_valid = true;
2628 }
2629 }
2630
2631 #if HAVE_PCRE2
2632 if (arg_compiled_pattern) {
2633 _cleanup_(pcre2_match_data_freep) pcre2_match_data *md = NULL;
2634 const void *message;
2635 size_t len;
2636 PCRE2_SIZE *ovec;
2637
2638 md = pcre2_match_data_create(1, NULL);
2639 if (!md)
2640 return log_oom();
2641
2642 r = sd_journal_get_data(j, "MESSAGE", &message, &len);
2643 if (r < 0) {
2644 if (r == -ENOENT) {
2645 need_seek = true;
2646 continue;
2647 }
2648
2649 log_error_errno(r, "Failed to get MESSAGE field: %m");
2650 goto finish;
2651 }
2652
2653 assert_se(message = startswith(message, "MESSAGE="));
2654
2655 r = pcre2_match(arg_compiled_pattern,
2656 message,
2657 len - strlen("MESSAGE="),
2658 0, /* start at offset 0 in the subject */
2659 0, /* default options */
2660 md,
2661 NULL);
2662 if (r == PCRE2_ERROR_NOMATCH) {
2663 need_seek = true;
2664 continue;
2665 }
2666 if (r < 0) {
2667 unsigned char buf[LINE_MAX];
2668 int r2;
2669
2670 r2 = pcre2_get_error_message(r, buf, sizeof buf);
2671 log_error("Pattern matching failed: %s",
2672 r2 < 0 ? "unknown error" : (char*) buf);
2673 r = -EINVAL;
2674 goto finish;
2675 }
2676
2677 ovec = pcre2_get_ovector_pointer(md);
2678 highlight[0] = ovec[0];
2679 highlight[1] = ovec[1];
2680 }
2681 #endif
2682
2683 flags =
2684 arg_all * OUTPUT_SHOW_ALL |
2685 arg_full * OUTPUT_FULL_WIDTH |
2686 colors_enabled() * OUTPUT_COLOR |
2687 arg_catalog * OUTPUT_CATALOG |
2688 arg_utc * OUTPUT_UTC |
2689 arg_no_hostname * OUTPUT_NO_HOSTNAME;
2690
2691 r = show_journal_entry(stdout, j, arg_output, 0, flags,
2692 arg_output_fields, highlight, &ellipsized);
2693 need_seek = true;
2694 if (r == -EADDRNOTAVAIL)
2695 break;
2696 else if (r < 0)
2697 goto finish;
2698
2699 n_shown++;
2700
2701 /* If journalctl take a long time to process messages, and during that time journal file
2702 * rotation occurs, a journalctl client will keep those rotated files open until it calls
2703 * sd_journal_process(), which typically happens as a result of calling sd_journal_wait() below
2704 * in the "following" case. By periodically calling sd_journal_process() during the processing
2705 * loop we shrink the window of time a client instance has open file descriptors for rotated
2706 * (deleted) journal files. */
2707 if ((n_shown % PROCESS_INOTIFY_INTERVAL) == 0) {
2708 r = sd_journal_process(j);
2709 if (r < 0) {
2710 log_error_errno(r, "Failed to process inotify events: %m");
2711 goto finish;
2712 }
2713 }
2714 }
2715
2716 if (!arg_follow) {
2717 if (n_shown == 0 && !arg_quiet)
2718 printf("-- No entries --\n");
2719 break;
2720 }
2721
2722 fflush(stdout);
2723
2724 r = wait_for_change(j, poll_fd);
2725 if (r < 0)
2726 goto finish;
2727
2728 first_line = false;
2729 }
2730
2731 if (arg_show_cursor || arg_cursor_file) {
2732 _cleanup_free_ char *cursor = NULL;
2733
2734 r = sd_journal_get_cursor(j, &cursor);
2735 if (r < 0 && r != -EADDRNOTAVAIL)
2736 log_error_errno(r, "Failed to get cursor: %m");
2737 else if (r >= 0) {
2738 if (arg_show_cursor)
2739 printf("-- cursor: %s\n", cursor);
2740
2741 if (arg_cursor_file) {
2742 r = write_string_file(arg_cursor_file, cursor,
2743 WRITE_STRING_FILE_CREATE |
2744 WRITE_STRING_FILE_ATOMIC);
2745 if (r < 0)
2746 log_error_errno(r,
2747 "Failed to write new cursor to %s: %m",
2748 arg_cursor_file);
2749 }
2750 }
2751 }
2752
2753 finish:
2754 pager_close();
2755
2756 strv_free(arg_file);
2757
2758 set_free(arg_facilities);
2759 strv_free(arg_syslog_identifier);
2760 strv_free(arg_system_units);
2761 strv_free(arg_user_units);
2762 strv_free(arg_output_fields);
2763
2764 free(arg_root);
2765 free(arg_verify_key);
2766
2767 #if HAVE_PCRE2
2768 if (arg_compiled_pattern) {
2769 pcre2_code_free(arg_compiled_pattern);
2770
2771 /* --grep was used, no error was thrown, but the pattern didn't
2772 * match anything. Let's mimic grep's behavior here and return
2773 * a non-zero exit code, so journalctl --grep can be used
2774 * in scripts and such */
2775 if (r == 0 && n_shown == 0)
2776 r = -ENOENT;
2777 }
2778 #endif
2779
2780 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
2781 }
Unnamed repository; edit this file 'description' to name the repository.