1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
4 #include <selinux/selinux.h>
8 #include <sys/signalfd.h>
9 #include <sys/statvfs.h>
10 #include <linux/sockios.h>
12 #include "sd-daemon.h"
13 #include "sd-journal.h"
14 #include "sd-messages.h"
17 #include "alloc-util.h"
18 #include "audit-util.h"
19 #include "cgroup-util.h"
20 #include "conf-parser.h"
21 #include "creds-util.h"
22 #include "dirent-util.h"
23 #include "extract-word.h"
26 #include "format-util.h"
29 #include "hostname-util.h"
30 #include "id128-util.h"
31 #include "initrd-util.h"
32 #include "iovec-util.h"
33 #include "journal-authenticate.h"
34 #include "journal-file-util.h"
35 #include "journal-internal.h"
36 #include "journal-vacuum.h"
37 #include "journald-audit.h"
38 #include "journald-context.h"
39 #include "journald-kmsg.h"
40 #include "journald-native.h"
41 #include "journald-rate-limit.h"
42 #include "journald-server.h"
43 #include "journald-socket.h"
44 #include "journald-stream.h"
45 #include "journald-syslog.h"
47 #include "memory-util.h"
48 #include "missing_audit.h"
50 #include "parse-util.h"
51 #include "path-util.h"
52 #include "proc-cmdline.h"
53 #include "process-util.h"
55 #include "selinux-util.h"
56 #include "signal-util.h"
57 #include "socket-netlink.h"
58 #include "socket-util.h"
59 #include "stdio-util.h"
60 #include "string-table.h"
61 #include "string-util.h"
62 #include "syslog-util.h"
63 #include "uid-classification.h"
64 #include "user-util.h"
65 #include "varlink-io.systemd.Journal.h"
67 #define USER_JOURNALS_MAX 1024
69 #define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
70 #define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC)
71 #define DEFAULT_RATE_LIMIT_BURST 10000
72 #define DEFAULT_MAX_FILE_USEC USEC_PER_MONTH
74 #define DEFAULT_KMSG_OWN_INTERVAL (5 * USEC_PER_SEC)
75 #define DEFAULT_KMSG_OWN_BURST 50
77 #define RECHECK_SPACE_USEC (30*USEC_PER_SEC)
79 #define NOTIFY_SNDBUF_SIZE (8*1024*1024)
81 /* The period to insert between posting changes for coalescing */
82 #define POST_CHANGE_TIMER_INTERVAL_USEC (250*USEC_PER_MSEC)
84 /* Pick a good default that is likely to fit into AF_UNIX and AF_INET SOCK_DGRAM datagrams, and even leaves some room
85 * for a bit of additional metadata. */
86 #define DEFAULT_LINE_MAX (48*1024)
88 #define DEFERRED_CLOSES_MAX (4096)
90 #define IDLE_TIMEOUT_USEC (30*USEC_PER_SEC)
92 #define FAILED_TO_WRITE_ENTRY_RATELIMIT ((const RateLimit) { .interval = 1 * USEC_PER_SEC, .burst = 1 })
94 static int server_determine_path_usage(
100 _cleanup_closedir_
DIR *d
= NULL
;
110 return log_ratelimit_full_errno(errno
== ENOENT
? LOG_DEBUG
: LOG_ERR
,
111 errno
, JOURNAL_LOG_RATELIMIT
, "Failed to open %s: %m", path
);
113 if (fstatvfs(dirfd(d
), &ss
) < 0)
114 return log_ratelimit_error_errno(errno
, JOURNAL_LOG_RATELIMIT
,
115 "Failed to fstatvfs(%s): %m", path
);
117 *ret_free
= ss
.f_bsize
* ss
.f_bavail
;
119 FOREACH_DIRENT_ALL(de
, d
, break) {
122 if (!endswith(de
->d_name
, ".journal") &&
123 !endswith(de
->d_name
, ".journal~"))
126 if (fstatat(dirfd(d
), de
->d_name
, &st
, AT_SYMLINK_NOFOLLOW
) < 0) {
127 log_debug_errno(errno
, "Failed to stat %s/%s, ignoring: %m", path
, de
->d_name
);
131 if (!S_ISREG(st
.st_mode
))
134 *ret_used
+= (uint64_t) st
.st_blocks
* 512UL;
140 static void cache_space_invalidate(JournalStorageSpace
*space
) {
144 static int cache_space_refresh(Server
*s
, JournalStorage
*storage
) {
145 JournalStorageSpace
*space
;
146 JournalMetrics
*metrics
;
147 uint64_t vfs_used
, vfs_avail
, avail
;
153 metrics
= &storage
->metrics
;
154 space
= &storage
->space
;
156 ts
= now(CLOCK_MONOTONIC
);
158 if (space
->timestamp
!= 0 && usec_add(space
->timestamp
, RECHECK_SPACE_USEC
) > ts
)
161 r
= server_determine_path_usage(s
, storage
->path
, &vfs_used
, &vfs_avail
);
165 space
->vfs_used
= vfs_used
;
166 space
->vfs_available
= vfs_avail
;
168 avail
= LESS_BY(vfs_avail
, metrics
->keep_free
);
170 space
->limit
= CLAMP(vfs_used
+ avail
, metrics
->min_use
, metrics
->max_use
);
171 space
->available
= LESS_BY(space
->limit
, vfs_used
);
172 space
->timestamp
= ts
;
176 static void patch_min_use(JournalStorage
*storage
) {
179 /* Let's bump the min_use limit to the current usage on disk. We do
180 * this when starting up and first opening the journal files. This way
181 * sudden spikes in disk usage will not cause journald to vacuum files
182 * without bounds. Note that this means that only a restart of journald
183 * will make it reset this value. */
185 storage
->metrics
.min_use
= MAX(storage
->metrics
.min_use
, storage
->space
.vfs_used
);
188 static JournalStorage
* server_current_storage(Server
*s
) {
191 return s
->system_journal
? &s
->system_storage
: &s
->runtime_storage
;
194 static int server_determine_space(Server
*s
, uint64_t *available
, uint64_t *limit
) {
200 js
= server_current_storage(s
);
202 r
= cache_space_refresh(s
, js
);
205 *available
= js
->space
.available
;
207 *limit
= js
->space
.limit
;
212 void server_space_usage_message(Server
*s
, JournalStorage
*storage
) {
216 storage
= server_current_storage(s
);
218 if (cache_space_refresh(s
, storage
) < 0)
221 const JournalMetrics
*metrics
= &storage
->metrics
;
223 server_driver_message(s
, 0,
224 "MESSAGE_ID=" SD_MESSAGE_JOURNAL_USAGE_STR
,
225 LOG_MESSAGE("%s (%s) is %s, max %s, %s free.",
226 storage
->name
, storage
->path
,
227 FORMAT_BYTES(storage
->space
.vfs_used
),
228 FORMAT_BYTES(storage
->space
.limit
),
229 FORMAT_BYTES(storage
->space
.available
)),
230 "JOURNAL_NAME=%s", storage
->name
,
231 "JOURNAL_PATH=%s", storage
->path
,
232 "CURRENT_USE=%"PRIu64
, storage
->space
.vfs_used
,
233 "CURRENT_USE_PRETTY=%s", FORMAT_BYTES(storage
->space
.vfs_used
),
234 "MAX_USE=%"PRIu64
, metrics
->max_use
,
235 "MAX_USE_PRETTY=%s", FORMAT_BYTES(metrics
->max_use
),
236 "DISK_KEEP_FREE=%"PRIu64
, metrics
->keep_free
,
237 "DISK_KEEP_FREE_PRETTY=%s", FORMAT_BYTES(metrics
->keep_free
),
238 "DISK_AVAILABLE=%"PRIu64
, storage
->space
.vfs_available
,
239 "DISK_AVAILABLE_PRETTY=%s", FORMAT_BYTES(storage
->space
.vfs_available
),
240 "LIMIT=%"PRIu64
, storage
->space
.limit
,
241 "LIMIT_PRETTY=%s", FORMAT_BYTES(storage
->space
.limit
),
242 "AVAILABLE=%"PRIu64
, storage
->space
.available
,
243 "AVAILABLE_PRETTY=%s", FORMAT_BYTES(storage
->space
.available
),
247 static void server_add_acls(JournalFile
*f
, uid_t uid
) {
253 if (uid_for_system_journal(uid
))
256 r
= fd_add_uid_acl_permission(f
->fd
, uid
, ACL_READ
);
258 log_ratelimit_warning_errno(r
, JOURNAL_LOG_RATELIMIT
,
259 "Failed to set ACL on %s, ignoring: %m", f
->path
);
263 static int server_open_journal(
269 JournalMetrics
*metrics
,
272 _cleanup_(journal_file_offline_closep
) JournalFile
*f
= NULL
;
273 JournalFileFlags file_flags
;
281 (s
->compress
.enabled
? JOURNAL_COMPRESS
: 0) |
282 (seal
? JOURNAL_SEAL
: 0) |
283 JOURNAL_STRICT_ORDER
;
285 set_clear_with_destructor(s
->deferred_closes
, journal_file_offline_close
);
288 r
= journal_file_open_reliably(
293 s
->compress
.threshold_bytes
,
298 r
= journal_file_open(
304 s
->compress
.threshold_bytes
,
307 /* template= */ NULL
,
312 r
= journal_file_enable_post_change_timer(f
, s
->event
, POST_CHANGE_TIMER_INTERVAL_USEC
);
320 static bool server_flushed_flag_is_set(Server
*s
) {
325 /* We don't support the "flushing" concept for namespace instances, we assume them to always have
330 fn
= strjoina(s
->runtime_directory
, "/flushed");
331 return access(fn
, F_OK
) >= 0;
334 static int server_system_journal_open(
336 bool flush_requested
,
337 bool relinquish_requested
) {
342 if (!s
->system_journal
&&
343 IN_SET(s
->storage
, STORAGE_PERSISTENT
, STORAGE_AUTO
) &&
344 (flush_requested
|| server_flushed_flag_is_set(s
)) &&
345 !relinquish_requested
) {
347 /* If in auto mode: first try to create the machine path, but not the prefix.
349 * If in persistent mode: create /var/log/journal and the machine path */
351 if (s
->storage
== STORAGE_PERSISTENT
)
352 (void) mkdir_parents(s
->system_storage
.path
, 0755);
354 (void) mkdir(s
->system_storage
.path
, 0755);
356 fn
= strjoina(s
->system_storage
.path
, "/system.journal");
357 r
= server_open_journal(
359 /* reliably= */ true,
363 &s
->system_storage
.metrics
,
366 server_add_acls(s
->system_journal
, 0);
367 (void) cache_space_refresh(s
, &s
->system_storage
);
368 patch_min_use(&s
->system_storage
);
370 if (!IN_SET(r
, -ENOENT
, -EROFS
))
371 log_ratelimit_warning_errno(r
, JOURNAL_LOG_RATELIMIT
,
372 "Failed to open system journal: %m");
377 /* If the runtime journal is open, and we're post-flush, we're recovering from a failed
378 * system journal rotate (ENOSPC) for which the runtime journal was reopened.
380 * Perform an implicit flush to var, leaving the runtime journal closed, now that the system
383 if (!flush_requested
)
384 (void) server_flush_to_var(s
, true);
387 if (!s
->runtime_journal
&&
388 (s
->storage
!= STORAGE_NONE
)) {
390 fn
= strjoina(s
->runtime_storage
.path
, "/system.journal");
392 if (!s
->system_journal
|| relinquish_requested
) {
394 /* OK, we really need the runtime journal, so create it if necessary. */
396 (void) mkdir_parents(s
->runtime_storage
.path
, 0755);
397 (void) mkdir(s
->runtime_storage
.path
, 0750);
399 r
= server_open_journal(
401 /* reliably= */ true,
405 &s
->runtime_storage
.metrics
,
406 &s
->runtime_journal
);
408 return log_ratelimit_warning_errno(r
, JOURNAL_LOG_RATELIMIT
,
409 "Failed to open runtime journal: %m");
411 } else if (!server_flushed_flag_is_set(s
)) {
412 /* Try to open the runtime journal, but only if it already exists, so that we can
413 * flush it into the system journal */
415 r
= server_open_journal(
417 /* reliably= */ false,
421 &s
->runtime_storage
.metrics
,
422 &s
->runtime_journal
);
425 log_ratelimit_warning_errno(r
, JOURNAL_LOG_RATELIMIT
,
426 "Failed to open runtime journal: %m");
432 if (s
->runtime_journal
) {
433 server_add_acls(s
->runtime_journal
, 0);
434 (void) cache_space_refresh(s
, &s
->runtime_storage
);
435 patch_min_use(&s
->runtime_storage
);
442 static int server_find_user_journal(Server
*s
, uid_t uid
, JournalFile
**ret
) {
443 _cleanup_(journal_file_offline_closep
) JournalFile
*f
= NULL
;
444 _cleanup_free_
char *p
= NULL
;
447 assert(!uid_for_system_journal(uid
));
449 f
= ordered_hashmap_get(s
->user_journals
, UID_TO_PTR(uid
));
453 if (asprintf(&p
, "%s/user-" UID_FMT
".journal", s
->system_storage
.path
, uid
) < 0)
456 /* Too many open? Then let's close one (or more) */
457 while (ordered_hashmap_size(s
->user_journals
) >= USER_JOURNALS_MAX
) {
460 assert_se(first
= ordered_hashmap_steal_first(s
->user_journals
));
461 (void) journal_file_offline_close(first
);
464 r
= server_open_journal(
466 /* reliably= */ true,
470 &s
->system_storage
.metrics
,
475 r
= ordered_hashmap_put(s
->user_journals
, UID_TO_PTR(uid
), f
);
479 server_add_acls(f
, uid
);
486 static JournalFile
* server_find_journal(Server
*s
, uid_t uid
) {
491 /* A rotate that fails to create the new journal (ENOSPC) leaves the rotated journal as NULL. Unless
492 * we revisit opening, even after space is made available we'll continue to return NULL indefinitely.
494 * system_journal_open() is a noop if the journals are already open, so we can just call it here to
495 * recover from failed rotates (or anything else that's left the journals as NULL).
497 * Fixes https://github.com/systemd/systemd/issues/3968 */
498 (void) server_system_journal_open(s
, /* flush_requested= */ false, /* relinquish_requested= */ false);
500 /* We split up user logs only on /var, not on /run. If the runtime file is open, we write to it
501 * exclusively, in order to guarantee proper order as soon as we flush /run to /var and close the
504 if (s
->runtime_journal
)
505 return s
->runtime_journal
;
507 /* If we are not in persistent mode, then we need return NULL immediately rather than opening a
508 * persistent journal of any sort.
510 * Fixes https://github.com/systemd/systemd/issues/20390 */
511 if (!IN_SET(s
->storage
, STORAGE_AUTO
, STORAGE_PERSISTENT
))
514 if (!uid_for_system_journal(uid
)) {
515 JournalFile
*f
= NULL
;
517 r
= server_find_user_journal(s
, uid
, &f
);
519 return ASSERT_PTR(f
);
521 log_warning_errno(r
, "Failed to open user journal file, falling back to system journal: %m");
524 return s
->system_journal
;
527 static int server_do_rotate(
534 JournalFileFlags file_flags
;
543 (s
->compress
.enabled
? JOURNAL_COMPRESS
: 0)|
544 (seal
? JOURNAL_SEAL
: 0) |
545 JOURNAL_STRICT_ORDER
;
547 r
= journal_file_rotate(f
, s
->mmap
, file_flags
, s
->compress
.threshold_bytes
, s
->deferred_closes
);
550 return log_ratelimit_error_errno(r
, JOURNAL_LOG_RATELIMIT
,
551 "Failed to rotate %s: %m", (*f
)->path
);
553 return log_ratelimit_error_errno(r
, JOURNAL_LOG_RATELIMIT
,
554 "Failed to create new %s journal: %m", name
);
557 server_add_acls(*f
, uid
);
561 static void server_process_deferred_closes(Server
*s
) {
564 /* Perform any deferred closes which aren't still offlining. */
565 SET_FOREACH(f
, s
->deferred_closes
) {
566 if (journal_file_is_offlining(f
))
569 (void) set_remove(s
->deferred_closes
, f
);
570 (void) journal_file_offline_close(f
);
574 static void server_vacuum_deferred_closes(Server
*s
) {
577 /* Make some room in the deferred closes list, so that it doesn't grow without bounds */
578 if (set_size(s
->deferred_closes
) < DEFERRED_CLOSES_MAX
)
581 /* Let's first remove all journal files that might already have completed closing */
582 server_process_deferred_closes(s
);
584 /* And now, let's close some more until we reach the limit again. */
585 while (set_size(s
->deferred_closes
) >= DEFERRED_CLOSES_MAX
) {
588 assert_se(f
= set_steal_first(s
->deferred_closes
));
589 journal_file_offline_close(f
);
593 static int server_archive_offline_user_journals(Server
*s
) {
594 _cleanup_closedir_
DIR *d
= NULL
;
599 d
= opendir(s
->system_storage
.path
);
604 return log_ratelimit_error_errno(errno
, JOURNAL_LOG_RATELIMIT
,
605 "Failed to open %s: %m", s
->system_storage
.path
);
609 _cleanup_free_
char *full
= NULL
;
610 _cleanup_close_
int fd
= -EBADF
;
616 de
= readdir_no_dot(d
);
619 log_ratelimit_warning_errno(errno
, JOURNAL_LOG_RATELIMIT
,
620 "Failed to enumerate %s, ignoring: %m",
621 s
->system_storage
.path
);
625 r
= journal_file_parse_uid_from_filename(de
->d_name
, &uid
);
627 /* Don't warn if the file is not an online or offline user journal. */
629 log_warning_errno(r
, "Failed to parse UID from file name '%s', ignoring: %m", de
->d_name
);
633 /* Already rotated in the above loop? i.e. is it an open user journal? */
634 if (ordered_hashmap_contains(s
->user_journals
, UID_TO_PTR(uid
)))
637 full
= path_join(s
->system_storage
.path
, de
->d_name
);
641 fd
= openat(dirfd(d
), de
->d_name
, O_RDWR
|O_CLOEXEC
|O_NOCTTY
|O_NOFOLLOW
|O_NONBLOCK
);
643 log_ratelimit_full_errno(IN_SET(errno
, ELOOP
, ENOENT
) ? LOG_DEBUG
: LOG_WARNING
,
644 errno
, JOURNAL_LOG_RATELIMIT
,
645 "Failed to open journal file '%s' for rotation: %m", full
);
649 /* Make some room in the set of deferred close()s */
650 server_vacuum_deferred_closes(s
);
652 /* Open the file briefly, so that we can archive it */
653 r
= journal_file_open(
657 (s
->compress
.enabled
? JOURNAL_COMPRESS
: 0) |
658 (s
->seal
? JOURNAL_SEAL
: 0), /* strict order does not matter here */
660 s
->compress
.threshold_bytes
,
661 &s
->system_storage
.metrics
,
663 /* template= */ NULL
,
666 log_ratelimit_warning_errno(r
, JOURNAL_LOG_RATELIMIT
,
667 "Failed to read journal file %s for rotation, trying to move it out of the way: %m",
670 r
= journal_file_dispose(dirfd(d
), de
->d_name
);
672 log_ratelimit_warning_errno(r
, JOURNAL_LOG_RATELIMIT
,
673 "Failed to move %s out of the way, ignoring: %m",
676 log_debug("Successfully moved %s out of the way.", full
);
681 TAKE_FD(fd
); /* Donated to journal_file_open() */
683 journal_file_write_final_tag(f
);
684 r
= journal_file_archive(f
, NULL
);
686 log_debug_errno(r
, "Failed to archive journal file '%s', ignoring: %m", full
);
688 journal_file_initiate_close(TAKE_PTR(f
), s
->deferred_closes
);
694 void server_rotate(Server
*s
) {
699 log_debug("Rotating...");
701 /* First, rotate the system journal (either in its runtime flavour or in its runtime flavour) */
702 (void) server_do_rotate(s
, &s
->runtime_journal
, "runtime", /* seal= */ false, /* uid= */ 0);
703 (void) server_do_rotate(s
, &s
->system_journal
, "system", s
->seal
, /* uid= */ 0);
705 /* Then, rotate all user journals we have open (keeping them open) */
706 ORDERED_HASHMAP_FOREACH_KEY(f
, k
, s
->user_journals
) {
707 r
= server_do_rotate(s
, &f
, "user", s
->seal
, PTR_TO_UID(k
));
709 ordered_hashmap_replace(s
->user_journals
, k
, f
);
711 /* Old file has been closed and deallocated */
712 ordered_hashmap_remove(s
->user_journals
, k
);
715 /* Finally, also rotate all user journals we currently do not have open. (But do so only if we
716 * actually have access to /var, i.e. are not in the log-to-runtime-journal mode). */
717 if (!s
->runtime_journal
)
718 (void) server_archive_offline_user_journals(s
);
720 server_process_deferred_closes(s
);
723 static void server_rotate_journal(Server
*s
, JournalFile
*f
, uid_t uid
) {
729 /* This is similar to server_rotate(), but rotates only specified journal file.
731 * 💣💣💣 This invalidate 'f', and the caller cannot reuse the passed JournalFile object. 💣💣💣 */
733 if (f
== s
->system_journal
)
734 (void) server_do_rotate(s
, &s
->system_journal
, "system", s
->seal
, /* uid= */ 0);
735 else if (f
== s
->runtime_journal
)
736 (void) server_do_rotate(s
, &s
->runtime_journal
, "runtime", /* seal= */ false, /* uid= */ 0);
738 assert(ordered_hashmap_get(s
->user_journals
, UID_TO_PTR(uid
)) == f
);
739 r
= server_do_rotate(s
, &f
, "user", s
->seal
, uid
);
741 ordered_hashmap_replace(s
->user_journals
, UID_TO_PTR(uid
), f
);
743 /* Old file has been closed and deallocated */
744 ordered_hashmap_remove(s
->user_journals
, UID_TO_PTR(uid
));
747 server_process_deferred_closes(s
);
750 void server_sync(Server
*s
) {
754 if (s
->system_journal
) {
755 r
= journal_file_set_offline(s
->system_journal
, false);
757 log_ratelimit_warning_errno(r
, JOURNAL_LOG_RATELIMIT
,
758 "Failed to sync system journal, ignoring: %m");
761 ORDERED_HASHMAP_FOREACH(f
, s
->user_journals
) {
762 r
= journal_file_set_offline(f
, false);
764 log_ratelimit_warning_errno(r
, JOURNAL_LOG_RATELIMIT
,
765 "Failed to sync user journal, ignoring: %m");
768 if (s
->sync_event_source
) {
769 r
= sd_event_source_set_enabled(s
->sync_event_source
, SD_EVENT_OFF
);
771 log_ratelimit_error_errno(r
, JOURNAL_LOG_RATELIMIT
,
772 "Failed to disable sync timer source: %m");
775 s
->sync_scheduled
= false;
778 static void server_do_vacuum(Server
*s
, JournalStorage
*storage
, bool verbose
) {
785 (void) cache_space_refresh(s
, storage
);
788 server_space_usage_message(s
, storage
);
790 r
= journal_directory_vacuum(storage
->path
, storage
->space
.limit
,
791 storage
->metrics
.n_max_files
, s
->max_retention_usec
,
792 &s
->oldest_file_usec
, verbose
);
793 if (r
< 0 && r
!= -ENOENT
)
794 log_ratelimit_warning_errno(r
, JOURNAL_LOG_RATELIMIT
,
795 "Failed to vacuum %s, ignoring: %m", storage
->path
);
797 cache_space_invalidate(&storage
->space
);
800 void server_vacuum(Server
*s
, bool verbose
) {
803 log_debug("Vacuuming...");
805 s
->oldest_file_usec
= 0;
807 if (s
->system_journal
)
808 server_do_vacuum(s
, &s
->system_storage
, verbose
);
809 if (s
->runtime_journal
)
810 server_do_vacuum(s
, &s
->runtime_storage
, verbose
);
813 static void server_cache_machine_id(Server
*s
) {
819 r
= sd_id128_get_machine(&id
);
823 sd_id128_to_string(id
, stpcpy(s
->machine_id_field
, "_MACHINE_ID="));
826 static void server_cache_boot_id(Server
*s
) {
832 r
= sd_id128_get_boot(&id
);
836 sd_id128_to_string(id
, stpcpy(s
->boot_id_field
, "_BOOT_ID="));
839 static void server_cache_hostname(Server
*s
) {
840 _cleanup_free_
char *t
= NULL
;
845 t
= gethostname_malloc();
849 x
= strjoin("_HOSTNAME=", t
);
853 free_and_replace(s
->hostname_field
, x
);
856 static bool shall_try_append_again(JournalFile
*f
, int r
) {
859 case -E2BIG
: /* Hit configured limit */
860 case -EFBIG
: /* Hit fs limit */
861 case -EDQUOT
: /* Quota limit hit */
862 case -ENOSPC
: /* Disk full */
863 log_debug_errno(r
, "%s: Allocation limit reached, rotating.", f
->path
);
866 case -EROFS
: /* Read-only file system */
867 /* When appending an entry fails if shall_try_append_again returns true, the journal is
868 * rotated. If the FS is read-only, rotation will fail and s->system_journal will be set to
869 * NULL. After that, when find_journal will try to open the journal since s->system_journal
870 * will be NULL, it will open the runtime journal. */
871 log_ratelimit_warning_errno(r
, JOURNAL_LOG_RATELIMIT
, "%s: Read-only file system, rotating.", f
->path
);
874 case -EIO
: /* I/O error of some kind (mmap) */
875 log_ratelimit_warning_errno(r
, JOURNAL_LOG_RATELIMIT
, "%s: IO error, rotating.", f
->path
);
878 case -EHOSTDOWN
: /* Other machine */
879 log_ratelimit_info_errno(r
, JOURNAL_LOG_RATELIMIT
, "%s: Journal file from other machine, rotating.", f
->path
);
882 case -EBUSY
: /* Unclean shutdown */
883 log_ratelimit_info_errno(r
, JOURNAL_LOG_RATELIMIT
, "%s: Unclean shutdown, rotating.", f
->path
);
886 case -EPROTONOSUPPORT
: /* Unsupported feature */
887 log_ratelimit_info_errno(r
, JOURNAL_LOG_RATELIMIT
, "%s: Unsupported feature, rotating.", f
->path
);
890 case -EBADMSG
: /* Corrupted */
891 case -ENODATA
: /* Truncated */
892 case -ESHUTDOWN
: /* Already archived */
893 case -EADDRNOTAVAIL
: /* Referenced object offset out of bounds */
894 log_ratelimit_info_errno(r
, JOURNAL_LOG_RATELIMIT
, "%s: Journal file corrupted, rotating.", f
->path
);
897 case -EIDRM
: /* Journal file has been deleted */
898 log_ratelimit_info_errno(r
, JOURNAL_LOG_RATELIMIT
, "%s: Journal file has been deleted, rotating.", f
->path
);
901 case -EREMCHG
: /* Wallclock time (CLOCK_REALTIME) jumped backwards relative to last journal entry */
902 log_ratelimit_info_errno(r
, JOURNAL_LOG_RATELIMIT
, "%s: Realtime clock jumped backwards relative to last journal entry, rotating.", f
->path
);
905 case -ENOTNAM
: /* Monotonic time (CLOCK_MONOTONIC) jumped backwards relative to last journal entry with the same boot ID */
906 log_ratelimit_info_errno(
908 JOURNAL_LOG_RATELIMIT
,
909 "%s: Monotonic clock jumped backwards relative to last journal entry with the same boot ID, rotating.",
913 case -EILSEQ
: /* seqnum ID last used in the file doesn't match the one we'd passed when writing an entry to it */
914 log_ratelimit_info_errno(r
, JOURNAL_LOG_RATELIMIT
, "%s: Journal file uses a different sequence number ID, rotating.", f
->path
);
918 log_ratelimit_error_errno(r
, JOURNAL_LOG_RATELIMIT
, "%s: Underlying file system does not support memory mapping or another required file system feature.", f
->path
);
922 log_ratelimit_error_errno(r
, JOURNAL_LOG_RATELIMIT
, "%s: Unexpected error while writing to journal file: %m", f
->path
);
927 static void server_write_to_journal(
930 const struct iovec
*iovec
,
934 bool vacuumed
= false;
935 struct dual_timestamp ts
;
943 /* Get the closest, linearized time we have for this log event from the event loop. (Note that we do not use
944 * the source time, and not even the time the event was originally seen, but instead simply the time we started
945 * processing it, as we want strictly linear ordering in what we write out.) */
946 assert_se(sd_event_now(s
->event
, CLOCK_REALTIME
, &ts
.realtime
) >= 0);
947 assert_se(sd_event_now(s
->event
, CLOCK_MONOTONIC
, &ts
.monotonic
) >= 0);
949 if (ts
.realtime
< s
->last_realtime_clock
) {
950 /* When the time jumps backwards, let's immediately rotate. Of course, this should not happen during
951 * regular operation. However, when it does happen, then we should make sure that we start fresh files
952 * to ensure that the entries in the journal files are strictly ordered by time, in order to ensure
953 * bisection works correctly. */
955 log_ratelimit_info(JOURNAL_LOG_RATELIMIT
, "Time jumped backwards, rotating.");
957 server_vacuum(s
, /* verbose = */ false);
961 f
= server_find_journal(s
, uid
);
965 if (journal_file_rotate_suggested(f
, s
->max_file_usec
, LOG_DEBUG
)) {
967 log_ratelimit_warning(JOURNAL_LOG_RATELIMIT
,
968 "Suppressing rotation, as we already rotated immediately before write attempt. Giving up.");
972 log_debug("%s: Journal header limits reached or header out-of-date, rotating.", f
->path
);
974 server_rotate_journal(s
, TAKE_PTR(f
), uid
);
975 server_vacuum(s
, /* verbose = */ false);
978 f
= server_find_journal(s
, uid
);
983 s
->last_realtime_clock
= ts
.realtime
;
985 r
= journal_file_append_entry(
992 /* ret_object= */ NULL
,
993 /* ret_offset= */ NULL
);
995 server_schedule_sync(s
, priority
);
999 log_debug_errno(r
, "Failed to write entry to %s (%zu items, %zu bytes): %m", f
->path
, n
, iovec_total_size(iovec
, n
));
1001 if (!shall_try_append_again(f
, r
))
1004 log_ratelimit_warning_errno(r
, JOURNAL_LOG_RATELIMIT
,
1005 "Suppressing rotation, as we already rotated immediately before write attempt. Giving up.");
1009 server_rotate_journal(s
, TAKE_PTR(f
), uid
);
1010 server_vacuum(s
, /* verbose = */ false);
1012 f
= server_find_journal(s
, uid
);
1016 log_debug_errno(r
, "Retrying write.");
1017 r
= journal_file_append_entry(
1020 /* boot_id= */ NULL
,
1024 /* ret_object= */ NULL
,
1025 /* ret_offset= */ NULL
);
1027 log_ratelimit_error_errno(r
, FAILED_TO_WRITE_ENTRY_RATELIMIT
,
1028 "Failed to write entry to %s (%zu items, %zu bytes) despite vacuuming, ignoring: %m",
1029 f
->path
, n
, iovec_total_size(iovec
, n
));
1031 server_schedule_sync(s
, priority
);
1034 #define IOVEC_ADD_NUMERIC_FIELD(iovec, n, value, type, isset, format, field) \
1035 if (isset(value)) { \
1037 k = newa(char, STRLEN(field "=") + DECIMAL_STR_MAX(type) + 1); \
1038 sprintf(k, field "=" format, value); \
1039 iovec[n++] = IOVEC_MAKE_STRING(k); \
1042 #define IOVEC_ADD_STRING_FIELD(iovec, n, value, field) \
1043 if (!isempty(value)) { \
1045 k = strjoina(field "=", value); \
1046 iovec[n++] = IOVEC_MAKE_STRING(k); \
1049 #define IOVEC_ADD_ID128_FIELD(iovec, n, value, field) \
1050 if (!sd_id128_is_null(value)) { \
1052 k = newa(char, STRLEN(field "=") + SD_ID128_STRING_MAX); \
1053 sd_id128_to_string(value, stpcpy(k, field "=")); \
1054 iovec[n++] = IOVEC_MAKE_STRING(k); \
1057 #define IOVEC_ADD_SIZED_FIELD(iovec, n, value, value_size, field) \
1058 if (value_size > 0) { \
1060 k = newa(char, STRLEN(field "=") + value_size + 1); \
1061 *((char*) mempcpy(stpcpy(k, field "="), value, value_size)) = 0; \
1062 iovec[n++] = IOVEC_MAKE_STRING(k); \
1065 static void server_dispatch_message_real(
1067 struct iovec
*iovec
, size_t n
, size_t m
,
1068 const ClientContext
*c
,
1069 const struct timeval
*tv
,
1073 char source_time
[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t
)];
1074 _unused_ _cleanup_free_
char *cmdline1
= NULL
, *cmdline2
= NULL
;
1082 N_IOVEC_META_FIELDS
+
1083 (pid_is_valid(object_pid
) ? N_IOVEC_OBJECT_FIELDS
: 0) +
1084 client_context_extra_fields_n_iovec(c
) <= m
);
1087 IOVEC_ADD_NUMERIC_FIELD(iovec
, n
, c
->pid
, pid_t
, pid_is_valid
, PID_FMT
, "_PID");
1088 IOVEC_ADD_NUMERIC_FIELD(iovec
, n
, c
->uid
, uid_t
, uid_is_valid
, UID_FMT
, "_UID");
1089 IOVEC_ADD_NUMERIC_FIELD(iovec
, n
, c
->gid
, gid_t
, gid_is_valid
, GID_FMT
, "_GID");
1091 IOVEC_ADD_STRING_FIELD(iovec
, n
, c
->comm
, "_COMM"); /* At most TASK_COMM_LENGTH (16 bytes) */
1092 IOVEC_ADD_STRING_FIELD(iovec
, n
, c
->exe
, "_EXE"); /* A path, so at most PATH_MAX (4096 bytes) */
1095 /* At most _SC_ARG_MAX (2MB usually), which is too much to put on stack.
1096 * Let's use a heap allocation for this one. */
1097 cmdline1
= set_iovec_string_field(iovec
, &n
, "_CMDLINE=", c
->cmdline
);
1099 IOVEC_ADD_STRING_FIELD(iovec
, n
, c
->capeff
, "_CAP_EFFECTIVE"); /* Read from /proc/.../status */
1100 IOVEC_ADD_SIZED_FIELD(iovec
, n
, c
->label
, c
->label_size
, "_SELINUX_CONTEXT");
1101 IOVEC_ADD_NUMERIC_FIELD(iovec
, n
, c
->auditid
, uint32_t, audit_session_is_valid
, "%" PRIu32
, "_AUDIT_SESSION");
1102 IOVEC_ADD_NUMERIC_FIELD(iovec
, n
, c
->loginuid
, uid_t
, uid_is_valid
, UID_FMT
, "_AUDIT_LOGINUID");
1104 IOVEC_ADD_STRING_FIELD(iovec
, n
, c
->cgroup
, "_SYSTEMD_CGROUP"); /* A path */
1105 IOVEC_ADD_STRING_FIELD(iovec
, n
, c
->session
, "_SYSTEMD_SESSION");
1106 IOVEC_ADD_NUMERIC_FIELD(iovec
, n
, c
->owner_uid
, uid_t
, uid_is_valid
, UID_FMT
, "_SYSTEMD_OWNER_UID");
1107 IOVEC_ADD_STRING_FIELD(iovec
, n
, c
->unit
, "_SYSTEMD_UNIT"); /* Unit names are bounded by UNIT_NAME_MAX */
1108 IOVEC_ADD_STRING_FIELD(iovec
, n
, c
->user_unit
, "_SYSTEMD_USER_UNIT");
1109 IOVEC_ADD_STRING_FIELD(iovec
, n
, c
->slice
, "_SYSTEMD_SLICE");
1110 IOVEC_ADD_STRING_FIELD(iovec
, n
, c
->user_slice
, "_SYSTEMD_USER_SLICE");
1112 IOVEC_ADD_ID128_FIELD(iovec
, n
, c
->invocation_id
, "_SYSTEMD_INVOCATION_ID");
1114 if (c
->extra_fields_n_iovec
> 0) {
1115 memcpy(iovec
+ n
, c
->extra_fields_iovec
, c
->extra_fields_n_iovec
* sizeof(struct iovec
));
1116 n
+= c
->extra_fields_n_iovec
;
1122 if (pid_is_valid(object_pid
) && client_context_get(s
, object_pid
, NULL
, NULL
, 0, NULL
, &o
) >= 0) {
1124 IOVEC_ADD_NUMERIC_FIELD(iovec
, n
, o
->pid
, pid_t
, pid_is_valid
, PID_FMT
, "OBJECT_PID");
1125 IOVEC_ADD_NUMERIC_FIELD(iovec
, n
, o
->uid
, uid_t
, uid_is_valid
, UID_FMT
, "OBJECT_UID");
1126 IOVEC_ADD_NUMERIC_FIELD(iovec
, n
, o
->gid
, gid_t
, gid_is_valid
, GID_FMT
, "OBJECT_GID");
1128 /* See above for size limits, only ->cmdline may be large, so use a heap allocation for it. */
1129 IOVEC_ADD_STRING_FIELD(iovec
, n
, o
->comm
, "OBJECT_COMM");
1130 IOVEC_ADD_STRING_FIELD(iovec
, n
, o
->exe
, "OBJECT_EXE");
1132 cmdline2
= set_iovec_string_field(iovec
, &n
, "OBJECT_CMDLINE=", o
->cmdline
);
1134 IOVEC_ADD_STRING_FIELD(iovec
, n
, o
->capeff
, "OBJECT_CAP_EFFECTIVE");
1135 IOVEC_ADD_SIZED_FIELD(iovec
, n
, o
->label
, o
->label_size
, "OBJECT_SELINUX_CONTEXT");
1136 IOVEC_ADD_NUMERIC_FIELD(iovec
, n
, o
->auditid
, uint32_t, audit_session_is_valid
, "%" PRIu32
, "OBJECT_AUDIT_SESSION");
1137 IOVEC_ADD_NUMERIC_FIELD(iovec
, n
, o
->loginuid
, uid_t
, uid_is_valid
, UID_FMT
, "OBJECT_AUDIT_LOGINUID");
1139 IOVEC_ADD_STRING_FIELD(iovec
, n
, o
->cgroup
, "OBJECT_SYSTEMD_CGROUP");
1140 IOVEC_ADD_STRING_FIELD(iovec
, n
, o
->session
, "OBJECT_SYSTEMD_SESSION");
1141 IOVEC_ADD_NUMERIC_FIELD(iovec
, n
, o
->owner_uid
, uid_t
, uid_is_valid
, UID_FMT
, "OBJECT_SYSTEMD_OWNER_UID");
1142 IOVEC_ADD_STRING_FIELD(iovec
, n
, o
->unit
, "OBJECT_SYSTEMD_UNIT");
1143 IOVEC_ADD_STRING_FIELD(iovec
, n
, o
->user_unit
, "OBJECT_SYSTEMD_USER_UNIT");
1144 IOVEC_ADD_STRING_FIELD(iovec
, n
, o
->slice
, "OBJECT_SYSTEMD_SLICE");
1145 IOVEC_ADD_STRING_FIELD(iovec
, n
, o
->user_slice
, "OBJECT_SYSTEMD_USER_SLICE");
1147 IOVEC_ADD_ID128_FIELD(iovec
, n
, o
->invocation_id
, "OBJECT_SYSTEMD_INVOCATION_ID");
1153 sprintf(source_time
, "_SOURCE_REALTIME_TIMESTAMP=" USEC_FMT
, timeval_load(tv
));
1154 iovec
[n
++] = IOVEC_MAKE_STRING(source_time
);
1157 /* Note that strictly speaking storing the boot id here is
1158 * redundant since the entry includes this in-line
1159 * anyway. However, we need this indexed, too. */
1160 if (!isempty(s
->boot_id_field
))
1161 iovec
[n
++] = IOVEC_MAKE_STRING(s
->boot_id_field
);
1163 if (!isempty(s
->machine_id_field
))
1164 iovec
[n
++] = IOVEC_MAKE_STRING(s
->machine_id_field
);
1166 if (!isempty(s
->hostname_field
))
1167 iovec
[n
++] = IOVEC_MAKE_STRING(s
->hostname_field
);
1169 if (!isempty(s
->namespace_field
))
1170 iovec
[n
++] = IOVEC_MAKE_STRING(s
->namespace_field
);
1172 iovec
[n
++] = in_initrd() ? IOVEC_MAKE_STRING("_RUNTIME_SCOPE=initrd") : IOVEC_MAKE_STRING("_RUNTIME_SCOPE=system");
1175 if (s
->split_mode
== SPLIT_UID
&& c
&& uid_is_valid(c
->uid
))
1176 /* Split up strictly by (non-root) UID */
1177 journal_uid
= c
->uid
;
1178 else if (s
->split_mode
== SPLIT_LOGIN
&& c
&& c
->uid
> 0 && uid_is_valid(c
->owner_uid
))
1179 /* Split up by login UIDs. We do this only if the
1180 * realuid is not root, in order not to accidentally
1181 * leak privileged information to the user that is
1182 * logged by a privileged process that is part of an
1183 * unprivileged session. */
1184 journal_uid
= c
->owner_uid
;
1188 (void) server_forward_socket(s
, iovec
, n
, priority
);
1190 server_write_to_journal(s
, journal_uid
, iovec
, n
, priority
);
1193 void server_driver_message(Server
*s
, pid_t object_pid
, const char *message_id
, const char *format
, ...) {
1195 struct iovec
*iovec
;
1203 m
= N_IOVEC_META_FIELDS
+ 5 + N_IOVEC_PAYLOAD_FIELDS
+ client_context_extra_fields_n_iovec(s
->my_context
) + N_IOVEC_OBJECT_FIELDS
;
1204 iovec
= newa(struct iovec
, m
);
1206 assert_cc(3 == LOG_FAC(LOG_DAEMON
));
1207 iovec
[n
++] = IOVEC_MAKE_STRING("SYSLOG_FACILITY=3");
1208 iovec
[n
++] = IOVEC_MAKE_STRING("SYSLOG_IDENTIFIER=systemd-journald");
1210 iovec
[n
++] = IOVEC_MAKE_STRING("_TRANSPORT=driver");
1211 assert_cc(6 == LOG_INFO
);
1212 iovec
[n
++] = IOVEC_MAKE_STRING("PRIORITY=6");
1215 iovec
[n
++] = IOVEC_MAKE_STRING(message_id
);
1218 va_start(ap
, format
);
1219 r
= log_format_iovec(iovec
, m
, &n
, false, 0, format
, ap
);
1220 /* Error handling below */
1224 server_dispatch_message_real(s
, iovec
, n
, m
, s
->my_context
, /* tv= */ NULL
, LOG_INFO
, object_pid
);
1227 free(iovec
[k
++].iov_base
);
1230 /* We failed to format the message. Emit a warning instead. */
1234 xsprintf(buf
, "MESSAGE=Entry printing failed: %m");
1237 iovec
[n
++] = IOVEC_MAKE_STRING("PRIORITY=4");
1238 iovec
[n
++] = IOVEC_MAKE_STRING(buf
);
1239 server_dispatch_message_real(s
, iovec
, n
, m
, s
->my_context
, /* tv= */ NULL
, LOG_INFO
, object_pid
);
1243 void server_dispatch_message(
1245 struct iovec
*iovec
, size_t n
, size_t m
,
1247 const struct timeval
*tv
,
1251 uint64_t available
= 0;
1255 assert(iovec
|| n
== 0);
1260 if (LOG_PRI(priority
) > s
->max_level_store
)
1263 /* Stop early in case the information will not be stored
1265 if (s
->storage
== STORAGE_NONE
)
1269 (void) server_determine_space(s
, &available
, /* limit= */ NULL
);
1271 rl
= journal_ratelimit_test(s
->ratelimit
, c
->unit
, c
->log_ratelimit_interval
, c
->log_ratelimit_burst
, priority
& LOG_PRIMASK
, available
);
1275 /* Write a suppression message if we suppressed something */
1277 server_driver_message(s
, c
->pid
,
1278 "MESSAGE_ID=" SD_MESSAGE_JOURNAL_DROPPED_STR
,
1279 LOG_MESSAGE("Suppressed %i messages from %s", rl
- 1, c
->unit
),
1280 "N_DROPPED=%i", rl
- 1,
1284 server_dispatch_message_real(s
, iovec
, n
, m
, c
, tv
, priority
, object_pid
);
1287 int server_flush_to_var(Server
*s
, bool require_flag_file
) {
1288 sd_journal
*j
= NULL
;
1296 if (!IN_SET(s
->storage
, STORAGE_AUTO
, STORAGE_PERSISTENT
))
1299 if (s
->namespace) /* Flushing concept does not exist for namespace instances */
1302 if (!s
->runtime_journal
) /* Nothing to flush? */
1305 if (require_flag_file
&& !server_flushed_flag_is_set(s
))
1308 (void) server_system_journal_open(s
, /* flush_requested=*/ true, /* relinquish_requested= */ false);
1310 if (!s
->system_journal
)
1313 /* Reset current seqnum data to avoid unnecessary rotation when switching to system journal.
1314 * See issue #30092. */
1317 log_debug("Flushing to %s...", s
->system_storage
.path
);
1319 start
= now(CLOCK_MONOTONIC
);
1321 r
= sd_journal_open(&j
, SD_JOURNAL_RUNTIME_ONLY
);
1323 return log_ratelimit_error_errno(r
, JOURNAL_LOG_RATELIMIT
,
1324 "Failed to read runtime journal: %m");
1326 sd_journal_set_data_threshold(j
, 0);
1328 SD_JOURNAL_FOREACH(j
) {
1332 f
= j
->current_file
;
1333 assert(f
&& f
->current_offset
> 0);
1337 r
= journal_file_move_to_object(f
, OBJECT_ENTRY
, f
->current_offset
, &o
);
1339 log_ratelimit_error_errno(r
, JOURNAL_LOG_RATELIMIT
, "Can't read entry: %m");
1343 r
= journal_file_copy_entry(
1353 if (!shall_try_append_again(s
->system_journal
, r
)) {
1354 log_ratelimit_error_errno(r
, JOURNAL_LOG_RATELIMIT
, "Can't write entry: %m");
1358 log_ratelimit_info(JOURNAL_LOG_RATELIMIT
, "Rotating system journal.");
1360 server_rotate_journal(s
, s
->system_journal
, /* uid = */ 0);
1361 server_vacuum(s
, /* verbose = */ false);
1363 if (!s
->system_journal
) {
1364 log_ratelimit_notice(JOURNAL_LOG_RATELIMIT
,
1365 "Didn't flush runtime journal since rotation of system journal wasn't successful.");
1370 log_debug("Retrying write.");
1371 r
= journal_file_copy_entry(
1379 log_ratelimit_error_errno(r
, JOURNAL_LOG_RATELIMIT
, "Can't write entry: %m");
1387 if (s
->system_journal
)
1388 journal_file_post_change(s
->system_journal
);
1390 /* Save parent directories of runtime journals before closing runtime journals. */
1391 _cleanup_strv_free_
char **dirs
= NULL
;
1392 (void) journal_get_directories(j
, &dirs
);
1394 /* First, close all runtime journals opened in the above. */
1395 sd_journal_close(j
);
1397 /* Offline and close the 'main' runtime journal file. */
1398 s
->runtime_journal
= journal_file_offline_close(s
->runtime_journal
);
1400 /* Remove the runtime directory if the all entries are successfully flushed to /var/. */
1402 (void) rm_rf(s
->runtime_storage
.path
, REMOVE_ROOT
);
1404 /* The initrd may have a different machine ID from the host's one. Typically, that happens
1405 * when our tests running on qemu, as the host's initrd is picked as is without updating
1406 * the machine ID in the initrd with the one used in the image. Even in such the case, the
1407 * runtime journals in the subdirectory named with the initrd's machine ID are flushed to
1408 * the persistent journal. To make not the runtime journal flushed multiple times, let's
1409 * also remove the runtime directories. */
1410 STRV_FOREACH(p
, dirs
)
1411 (void) rm_rf(*p
, REMOVE_ROOT
);
1414 server_driver_message(s
, 0, NULL
,
1415 LOG_MESSAGE("Time spent on flushing to %s is %s for %u entries.",
1416 s
->system_storage
.path
,
1417 FORMAT_TIMESPAN(usec_sub_unsigned(now(CLOCK_MONOTONIC
), start
), 0),
1421 fn
= strjoina(s
->runtime_directory
, "/flushed");
1424 log_ratelimit_warning_errno(k
, JOURNAL_LOG_RATELIMIT
,
1425 "Failed to touch %s, ignoring: %m", fn
);
1427 server_refresh_idle_timer(s
);
1431 static int server_relinquish_var(Server
*s
) {
1435 if (s
->storage
== STORAGE_NONE
)
1438 if (s
->namespace) /* Concept does not exist for namespaced instances */
1441 if (s
->runtime_journal
&& !s
->system_journal
)
1444 log_debug("Relinquishing %s...", s
->system_storage
.path
);
1446 (void) server_system_journal_open(s
, /* flush_requested */ false, /* relinquish_requested=*/ true);
1448 s
->system_journal
= journal_file_offline_close(s
->system_journal
);
1449 ordered_hashmap_clear_with_destructor(s
->user_journals
, journal_file_offline_close
);
1450 set_clear_with_destructor(s
->deferred_closes
, journal_file_offline_close
);
1452 fn
= strjoina(s
->runtime_directory
, "/flushed");
1453 if (unlink(fn
) < 0 && errno
!= ENOENT
)
1454 log_ratelimit_warning_errno(errno
, JOURNAL_LOG_RATELIMIT
,
1455 "Failed to unlink %s, ignoring: %m", fn
);
1457 server_refresh_idle_timer(s
);
1461 int server_process_datagram(
1462 sd_event_source
*es
,
1467 size_t label_len
= 0, m
;
1468 Server
*s
= ASSERT_PTR(userdata
);
1469 struct ucred
*ucred
= NULL
;
1470 struct timeval tv_buf
, *tv
= NULL
;
1471 struct cmsghdr
*cmsg
;
1475 int *fds
= NULL
, v
= 0;
1478 /* We use NAME_MAX space for the SELinux label here. The kernel currently enforces no limit, but
1479 * according to suggestions from the SELinux people this will change and it will probably be
1480 * identical to NAME_MAX. For now we use that, but this should be updated one day when the final
1483 * Here, we need to explicitly initialize the buffer with zero, as glibc has a bug in
1484 * __convert_scm_timestamps(), which assumes the buffer is initialized. See #20741. */
1485 CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct ucred
)) +
1486 CMSG_SPACE_TIMEVAL
+
1487 CMSG_SPACE(sizeof(int)) + /* fd */
1488 CMSG_SPACE(NAME_MAX
) /* selinux label */) control
= {};
1490 union sockaddr_union sa
= {};
1492 struct msghdr msghdr
= {
1495 .msg_control
= &control
,
1496 .msg_controllen
= sizeof(control
),
1498 .msg_namelen
= sizeof(sa
),
1501 assert(fd
== s
->native_fd
|| fd
== s
->syslog_fd
|| fd
== s
->audit_fd
);
1503 if (revents
!= EPOLLIN
)
1504 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
1505 "Got invalid event from epoll for datagram fd: %" PRIx32
,
1508 /* Try to get the right size, if we can. (Not all sockets support SIOCINQ, hence we just try, but don't rely on
1510 (void) ioctl(fd
, SIOCINQ
, &v
);
1512 /* Fix it up, if it is too small. We use the same fixed value as auditd here. Awful! */
1513 m
= PAGE_ALIGN(MAX3((size_t) v
+ 1,
1515 ALIGN(sizeof(struct nlmsghdr
)) + ALIGN((size_t) MAX_AUDIT_MESSAGE_LENGTH
)) + 1);
1517 if (!GREEDY_REALLOC(s
->buffer
, m
))
1520 iovec
= IOVEC_MAKE(s
->buffer
, MALLOC_ELEMENTSOF(s
->buffer
) - 1); /* Leave room for trailing NUL we add later */
1522 n
= recvmsg_safe(fd
, &msghdr
, MSG_DONTWAIT
|MSG_CMSG_CLOEXEC
);
1524 if (ERRNO_IS_TRANSIENT(n
))
1527 log_ratelimit_warning(JOURNAL_LOG_RATELIMIT
,
1528 "Got message with truncated control data (too many fds sent?), ignoring.");
1531 return log_ratelimit_error_errno(n
, JOURNAL_LOG_RATELIMIT
, "recvmsg() failed: %m");
1534 CMSG_FOREACH(cmsg
, &msghdr
)
1535 if (cmsg
->cmsg_level
== SOL_SOCKET
&&
1536 cmsg
->cmsg_type
== SCM_CREDENTIALS
&&
1537 cmsg
->cmsg_len
== CMSG_LEN(sizeof(struct ucred
))) {
1539 ucred
= CMSG_TYPED_DATA(cmsg
, struct ucred
);
1540 } else if (cmsg
->cmsg_level
== SOL_SOCKET
&&
1541 cmsg
->cmsg_type
== SCM_SECURITY
) {
1543 label
= CMSG_TYPED_DATA(cmsg
, char);
1544 label_len
= cmsg
->cmsg_len
- CMSG_LEN(0);
1545 } else if (cmsg
->cmsg_level
== SOL_SOCKET
&&
1546 cmsg
->cmsg_type
== SCM_TIMESTAMP
&&
1547 cmsg
->cmsg_len
== CMSG_LEN(sizeof(struct timeval
))) {
1549 tv
= memcpy(&tv_buf
, CMSG_DATA(cmsg
), sizeof(struct timeval
));
1550 } else if (cmsg
->cmsg_level
== SOL_SOCKET
&&
1551 cmsg
->cmsg_type
== SCM_RIGHTS
) {
1553 fds
= CMSG_TYPED_DATA(cmsg
, int);
1554 n_fds
= (cmsg
->cmsg_len
- CMSG_LEN(0)) / sizeof(int);
1557 /* And a trailing NUL, just in case */
1560 if (fd
== s
->syslog_fd
) {
1561 if (n
> 0 && n_fds
== 0)
1562 server_process_syslog_message(s
, s
->buffer
, n
, ucred
, tv
, label
, label_len
);
1564 log_ratelimit_warning(JOURNAL_LOG_RATELIMIT
,
1565 "Got file descriptors via syslog socket. Ignoring.");
1567 } else if (fd
== s
->native_fd
) {
1568 if (n
> 0 && n_fds
== 0)
1569 server_process_native_message(s
, s
->buffer
, n
, ucred
, tv
, label
, label_len
);
1570 else if (n
== 0 && n_fds
== 1)
1571 (void) server_process_native_file(s
, fds
[0], ucred
, tv
, label
, label_len
);
1573 log_ratelimit_warning(JOURNAL_LOG_RATELIMIT
,
1574 "Got too many file descriptors via native socket. Ignoring.");
1577 assert(fd
== s
->audit_fd
);
1579 if (n
> 0 && n_fds
== 0)
1580 server_process_audit_message(s
, s
->buffer
, n
, ucred
, &sa
, msghdr
.msg_namelen
);
1582 log_ratelimit_warning(JOURNAL_LOG_RATELIMIT
,
1583 "Got file descriptors via audit socket. Ignoring.");
1586 close_many(fds
, n_fds
);
1588 server_refresh_idle_timer(s
);
1592 static void server_full_flush(Server
*s
) {
1595 (void) server_flush_to_var(s
, false);
1597 server_vacuum(s
, false);
1599 server_space_usage_message(s
, NULL
);
1601 server_refresh_idle_timer(s
);
1604 static int dispatch_sigusr1(sd_event_source
*es
, const struct signalfd_siginfo
*si
, void *userdata
) {
1605 Server
*s
= ASSERT_PTR(userdata
);
1608 log_error("Received SIGUSR1 signal from PID %u, but flushing runtime journals not supported for namespaced instances.", si
->ssi_pid
);
1612 log_info("Received SIGUSR1 signal from PID %u, as request to flush runtime journal.", si
->ssi_pid
);
1613 server_full_flush(s
);
1618 static void server_full_rotate(Server
*s
) {
1625 server_vacuum(s
, true);
1627 if (s
->system_journal
)
1628 patch_min_use(&s
->system_storage
);
1629 if (s
->runtime_journal
)
1630 patch_min_use(&s
->runtime_storage
);
1632 /* Let clients know when the most recent rotation happened. */
1633 fn
= strjoina(s
->runtime_directory
, "/rotated");
1634 r
= write_timestamp_file_atomic(fn
, now(CLOCK_MONOTONIC
));
1636 log_ratelimit_warning_errno(r
, JOURNAL_LOG_RATELIMIT
,
1637 "Failed to write %s, ignoring: %m", fn
);
1640 static int dispatch_sigusr2(sd_event_source
*es
, const struct signalfd_siginfo
*si
, void *userdata
) {
1641 Server
*s
= ASSERT_PTR(userdata
);
1643 log_info("Received SIGUSR2 signal from PID %u, as request to rotate journal, rotating.", si
->ssi_pid
);
1644 server_full_rotate(s
);
1649 static int dispatch_sigterm(sd_event_source
*es
, const struct signalfd_siginfo
*si
, void *userdata
) {
1650 _cleanup_(sd_event_source_disable_unrefp
) sd_event_source
*news
= NULL
;
1651 Server
*s
= ASSERT_PTR(userdata
);
1654 log_received_signal(LOG_INFO
, si
);
1656 (void) sd_event_source_set_enabled(es
, SD_EVENT_OFF
); /* Make sure this handler is called at most once */
1658 /* So on one hand we want to ensure that SIGTERMs are definitely handled in appropriate, bounded
1659 * time. On the other hand we want that everything pending is first comprehensively processed and
1660 * written to disk. These goals are incompatible, hence we try to find a middle ground: we'll process
1661 * SIGTERM with high priority, but from the handler (this one right here) we'll install two new event
1662 * sources: one low priority idle one that will issue the exit once everything else is processed (and
1663 * which is hopefully the regular, clean codepath); and one high priority timer that acts as safety
1664 * net: if our idle handler isn't run within 10s, we'll exit anyway.
1666 * TLDR: we'll exit either when everything is processed, or after 10s max, depending on what happens
1669 * Note that exiting before the idle event is hit doesn't typically mean that we lose any data, as
1670 * messages will remain queued in the sockets they came in from, and thus can be processed when we
1671 * start up next – unless we are going down for the final system shutdown, in which case everything
1674 r
= sd_event_add_defer(s
->event
, &news
, NULL
, NULL
); /* NULL handler means → exit when triggered */
1676 log_error_errno(r
, "Failed to allocate exit idle event handler: %m");
1680 (void) sd_event_source_set_description(news
, "exit-idle");
1682 /* Run everything relevant before this. */
1683 r
= sd_event_source_set_priority(news
, SD_EVENT_PRIORITY_NORMAL
+20);
1685 log_error_errno(r
, "Failed to adjust priority of exit idle event handler: %m");
1689 /* Give up ownership, so that this event source is freed automatically when the event loop is freed. */
1690 r
= sd_event_source_set_floating(news
, true);
1692 log_error_errno(r
, "Failed to make exit idle event handler floating: %m");
1696 news
= sd_event_source_unref(news
);
1698 r
= sd_event_add_time_relative(s
->event
, &news
, CLOCK_MONOTONIC
, 10 * USEC_PER_SEC
, 0, NULL
, NULL
);
1700 log_error_errno(r
, "Failed to allocate exit timeout event handler: %m");
1704 (void) sd_event_source_set_description(news
, "exit-timeout");
1706 r
= sd_event_source_set_priority(news
, SD_EVENT_PRIORITY_IMPORTANT
-20); /* This is a safety net, with highest priority */
1708 log_error_errno(r
, "Failed to adjust priority of exit timeout event handler: %m");
1712 r
= sd_event_source_set_floating(news
, true);
1714 log_error_errno(r
, "Failed to make exit timeout event handler floating: %m");
1718 news
= sd_event_source_unref(news
);
1720 log_debug("Exit event sources are now pending.");
1724 sd_event_exit(s
->event
, 0);
1728 static void server_full_sync(Server
*s
) {
1736 /* Let clients know when the most recent sync happened. */
1737 fn
= strjoina(s
->runtime_directory
, "/synced");
1738 r
= write_timestamp_file_atomic(fn
, now(CLOCK_MONOTONIC
));
1740 log_ratelimit_warning_errno(r
, JOURNAL_LOG_RATELIMIT
,
1741 "Failed to write %s, ignoring: %m", fn
);
1746 static int dispatch_sigrtmin1(sd_event_source
*es
, const struct signalfd_siginfo
*si
, void *userdata
) {
1747 Server
*s
= ASSERT_PTR(userdata
);
1749 log_debug("Received SIGRTMIN1 signal from PID %u, as request to sync.", si
->ssi_pid
);
1750 server_full_sync(s
);
1755 static int server_setup_signals(Server
*s
) {
1760 assert_se(sigprocmask_many(SIG_SETMASK
, NULL
, SIGINT
, SIGTERM
, SIGUSR1
, SIGUSR2
, SIGRTMIN
+1, SIGRTMIN
+18) >= 0);
1762 r
= sd_event_add_signal(s
->event
, &s
->sigusr1_event_source
, SIGUSR1
, dispatch_sigusr1
, s
);
1766 r
= sd_event_add_signal(s
->event
, &s
->sigusr2_event_source
, SIGUSR2
, dispatch_sigusr2
, s
);
1770 r
= sd_event_add_signal(s
->event
, &s
->sigterm_event_source
, SIGTERM
, dispatch_sigterm
, s
);
1774 /* Let's process SIGTERM early, so that we definitely react to it */
1775 r
= sd_event_source_set_priority(s
->sigterm_event_source
, SD_EVENT_PRIORITY_IMPORTANT
-10);
1779 /* When journald is invoked on the terminal (when debugging), it's useful if C-c is handled
1780 * equivalent to SIGTERM. */
1781 r
= sd_event_add_signal(s
->event
, &s
->sigint_event_source
, SIGINT
, dispatch_sigterm
, s
);
1785 r
= sd_event_source_set_priority(s
->sigint_event_source
, SD_EVENT_PRIORITY_IMPORTANT
-10);
1789 /* SIGRTMIN+1 causes an immediate sync. We process this very late, so that everything else queued at
1790 * this point is really written to disk. Clients can watch /run/systemd/journal/synced with inotify
1791 * until its mtime changes to see when a sync happened. */
1792 r
= sd_event_add_signal(s
->event
, &s
->sigrtmin1_event_source
, SIGRTMIN
+1, dispatch_sigrtmin1
, s
);
1796 r
= sd_event_source_set_priority(s
->sigrtmin1_event_source
, SD_EVENT_PRIORITY_NORMAL
+15);
1800 r
= sd_event_add_signal(s
->event
, NULL
, SIGRTMIN
+18, sigrtmin18_handler
, &s
->sigrtmin18_info
);
1807 static int parse_proc_cmdline_item(const char *key
, const char *value
, void *data
) {
1808 Server
*s
= ASSERT_PTR(data
);
1811 if (proc_cmdline_key_streq(key
, "systemd.journald.forward_to_syslog")) {
1813 r
= value
? parse_boolean(value
) : true;
1815 log_warning("Failed to parse forward to syslog switch \"%s\". Ignoring.", value
);
1817 s
->forward_to_syslog
= r
;
1819 } else if (proc_cmdline_key_streq(key
, "systemd.journald.forward_to_kmsg")) {
1821 r
= value
? parse_boolean(value
) : true;
1823 log_warning("Failed to parse forward to kmsg switch \"%s\". Ignoring.", value
);
1825 s
->forward_to_kmsg
= r
;
1827 } else if (proc_cmdline_key_streq(key
, "systemd.journald.forward_to_console")) {
1829 r
= value
? parse_boolean(value
) : true;
1831 log_warning("Failed to parse forward to console switch \"%s\". Ignoring.", value
);
1833 s
->forward_to_console
= r
;
1835 } else if (proc_cmdline_key_streq(key
, "systemd.journald.forward_to_wall")) {
1837 r
= value
? parse_boolean(value
) : true;
1839 log_warning("Failed to parse forward to wall switch \"%s\". Ignoring.", value
);
1841 s
->forward_to_wall
= r
;
1843 } else if (proc_cmdline_key_streq(key
, "systemd.journald.max_level_console")) {
1845 if (proc_cmdline_value_missing(key
, value
))
1848 r
= log_level_from_string(value
);
1850 log_warning("Failed to parse max level console value \"%s\". Ignoring.", value
);
1852 s
->max_level_console
= r
;
1854 } else if (proc_cmdline_key_streq(key
, "systemd.journald.max_level_store")) {
1856 if (proc_cmdline_value_missing(key
, value
))
1859 r
= log_level_from_string(value
);
1861 log_warning("Failed to parse max level store value \"%s\". Ignoring.", value
);
1863 s
->max_level_store
= r
;
1865 } else if (proc_cmdline_key_streq(key
, "systemd.journald.max_level_syslog")) {
1867 if (proc_cmdline_value_missing(key
, value
))
1870 r
= log_level_from_string(value
);
1872 log_warning("Failed to parse max level syslog value \"%s\". Ignoring.", value
);
1874 s
->max_level_syslog
= r
;
1876 } else if (proc_cmdline_key_streq(key
, "systemd.journald.max_level_kmsg")) {
1878 if (proc_cmdline_value_missing(key
, value
))
1881 r
= log_level_from_string(value
);
1883 log_warning("Failed to parse max level kmsg value \"%s\". Ignoring.", value
);
1885 s
->max_level_kmsg
= r
;
1887 } else if (proc_cmdline_key_streq(key
, "systemd.journald.max_level_wall")) {
1889 if (proc_cmdline_value_missing(key
, value
))
1892 r
= log_level_from_string(value
);
1894 log_warning("Failed to parse max level wall value \"%s\". Ignoring.", value
);
1896 s
->max_level_wall
= r
;
1898 } else if (proc_cmdline_key_streq(key
, "systemd.journald.max_level_socket")) {
1900 if (proc_cmdline_value_missing(key
, value
))
1903 r
= log_level_from_string(value
);
1905 log_warning("Failed to parse max level socket value \"%s\". Ignoring.", value
);
1907 s
->max_level_socket
= r
;
1909 } else if (startswith(key
, "systemd.journald"))
1910 log_warning("Unknown journald kernel command line option \"%s\". Ignoring.", key
);
1912 /* do not warn about state here, since probably systemd already did */
1916 static int server_parse_config_file(Server
*s
) {
1917 const char *conf_file
;
1922 conf_file
= strjoina("systemd/journald@", s
->namespace, ".conf");
1924 conf_file
= "systemd/journald.conf";
1926 return config_parse_standard_file_with_dropins(
1929 config_item_perf_lookup
, journald_gperf_lookup
,
1934 static int server_dispatch_sync(sd_event_source
*es
, usec_t t
, void *userdata
) {
1935 Server
*s
= ASSERT_PTR(userdata
);
1941 int server_schedule_sync(Server
*s
, int priority
) {
1946 if (priority
<= LOG_CRIT
) {
1947 /* Immediately sync to disk when this is of priority CRIT, ALERT, EMERG */
1952 if (!s
->event
|| sd_event_get_state(s
->event
) == SD_EVENT_FINISHED
) {
1953 /* Shutting down the server? Let's sync immediately. */
1958 if (s
->sync_scheduled
)
1961 if (s
->sync_interval_usec
> 0) {
1963 if (!s
->sync_event_source
) {
1964 r
= sd_event_add_time_relative(
1966 &s
->sync_event_source
,
1968 s
->sync_interval_usec
, 0,
1969 server_dispatch_sync
, s
);
1973 r
= sd_event_source_set_priority(s
->sync_event_source
, SD_EVENT_PRIORITY_IMPORTANT
);
1975 r
= sd_event_source_set_time_relative(s
->sync_event_source
, s
->sync_interval_usec
);
1979 r
= sd_event_source_set_enabled(s
->sync_event_source
, SD_EVENT_ONESHOT
);
1984 s
->sync_scheduled
= true;
1990 static int dispatch_hostname_change(sd_event_source
*es
, int fd
, uint32_t revents
, void *userdata
) {
1991 Server
*s
= ASSERT_PTR(userdata
);
1993 server_cache_hostname(s
);
1997 static int server_open_hostname(Server
*s
) {
2002 s
->hostname_fd
= open("/proc/sys/kernel/hostname",
2003 O_RDONLY
|O_CLOEXEC
|O_NONBLOCK
|O_NOCTTY
);
2004 if (s
->hostname_fd
< 0)
2005 return log_error_errno(errno
, "Failed to open /proc/sys/kernel/hostname: %m");
2007 r
= sd_event_add_io(s
->event
, &s
->hostname_event_source
, s
->hostname_fd
, 0, dispatch_hostname_change
, s
);
2009 /* kernels prior to 3.2 don't support polling this file. Ignore
2012 log_warning_errno(r
, "Failed to register hostname fd in event loop, ignoring: %m");
2013 s
->hostname_fd
= safe_close(s
->hostname_fd
);
2017 return log_error_errno(r
, "Failed to register hostname fd in event loop: %m");
2020 r
= sd_event_source_set_priority(s
->hostname_event_source
, SD_EVENT_PRIORITY_IMPORTANT
-10);
2022 return log_error_errno(r
, "Failed to adjust priority of hostname event source: %m");
2027 static int dispatch_notify_event(sd_event_source
*es
, int fd
, uint32_t revents
, void *userdata
) {
2028 Server
*s
= ASSERT_PTR(userdata
);
2031 assert(s
->notify_event_source
== es
);
2032 assert(s
->notify_fd
== fd
);
2034 /* The $NOTIFY_SOCKET is writable again, now send exactly one
2035 * message on it. Either it's the watchdog event, the initial
2036 * READY=1 event or an stdout stream event. If there's nothing
2037 * to write anymore, turn our event source off. The next time
2038 * there's something to send it will be turned on again. */
2040 if (!s
->sent_notify_ready
) {
2041 static const char p
[] = "READY=1\n"
2042 "STATUS=Processing requests...";
2044 if (send(s
->notify_fd
, p
, strlen(p
), MSG_DONTWAIT
) < 0) {
2045 if (errno
== EAGAIN
)
2048 return log_error_errno(errno
, "Failed to send READY=1 notification message: %m");
2051 s
->sent_notify_ready
= true;
2052 log_debug("Sent READY=1 notification.");
2054 } else if (s
->send_watchdog
) {
2055 static const char p
[] = "WATCHDOG=1";
2057 if (send(s
->notify_fd
, p
, strlen(p
), MSG_DONTWAIT
) < 0) {
2058 if (errno
== EAGAIN
)
2061 return log_error_errno(errno
, "Failed to send WATCHDOG=1 notification message: %m");
2064 s
->send_watchdog
= false;
2065 log_debug("Sent WATCHDOG=1 notification.");
2067 } else if (s
->stdout_streams_notify_queue
)
2068 /* Dispatch one stream notification event */
2069 stdout_stream_send_notify(s
->stdout_streams_notify_queue
);
2071 /* Leave us enabled if there's still more to do. */
2072 if (s
->send_watchdog
|| s
->stdout_streams_notify_queue
)
2075 /* There was nothing to do anymore, let's turn ourselves off. */
2076 r
= sd_event_source_set_enabled(es
, SD_EVENT_OFF
);
2078 return log_error_errno(r
, "Failed to turn off notify event source: %m");
2083 static int dispatch_watchdog(sd_event_source
*es
, uint64_t usec
, void *userdata
) {
2084 Server
*s
= ASSERT_PTR(userdata
);
2087 s
->send_watchdog
= true;
2089 r
= sd_event_source_set_enabled(s
->notify_event_source
, SD_EVENT_ON
);
2091 log_warning_errno(r
, "Failed to turn on notify event source: %m");
2093 r
= sd_event_source_set_time(s
->watchdog_event_source
, usec
+ s
->watchdog_usec
/ 2);
2095 return log_error_errno(r
, "Failed to restart watchdog event source: %m");
2097 r
= sd_event_source_set_enabled(s
->watchdog_event_source
, SD_EVENT_ON
);
2099 return log_error_errno(r
, "Failed to enable watchdog event source: %m");
2104 static int server_connect_notify(Server
*s
) {
2105 union sockaddr_union sa
;
2111 assert(s
->notify_fd
< 0);
2112 assert(!s
->notify_event_source
);
2115 * So here's the problem: we'd like to send notification messages to PID 1, but we cannot do that via
2116 * sd_notify(), since that's synchronous, and we might end up blocking on it. Specifically: given
2117 * that PID 1 might block on dbus-daemon during IPC, and dbus-daemon is logging to us, and might
2118 * hence block on us, we might end up in a deadlock if we block on sending PID 1 notification
2119 * messages — by generating a full blocking circle. To avoid this, let's create a non-blocking
2120 * socket, and connect it to the notification socket, and then wait for POLLOUT before we send
2121 * anything. This should efficiently avoid any deadlocks, as we'll never block on PID 1, hence PID 1
2122 * can safely block on dbus-daemon which can safely block on us again.
2124 * Don't think that this issue is real? It is, see: https://github.com/systemd/systemd/issues/1505
2127 e
= getenv("NOTIFY_SOCKET");
2131 r
= sockaddr_un_set_path(&sa
.un
, e
);
2133 return log_error_errno(r
, "NOTIFY_SOCKET set to invalid value '%s': %m", e
);
2136 s
->notify_fd
= socket(AF_UNIX
, SOCK_DGRAM
|SOCK_CLOEXEC
|SOCK_NONBLOCK
, 0);
2137 if (s
->notify_fd
< 0)
2138 return log_error_errno(errno
, "Failed to create notify socket: %m");
2140 (void) fd_inc_sndbuf(s
->notify_fd
, NOTIFY_SNDBUF_SIZE
);
2142 r
= connect(s
->notify_fd
, &sa
.sa
, sa_len
);
2144 return log_error_errno(errno
, "Failed to connect to notify socket: %m");
2146 r
= sd_event_add_io(s
->event
, &s
->notify_event_source
, s
->notify_fd
, EPOLLOUT
, dispatch_notify_event
, s
);
2148 return log_error_errno(r
, "Failed to watch notification socket: %m");
2150 if (sd_watchdog_enabled(false, &s
->watchdog_usec
) > 0) {
2151 s
->send_watchdog
= true;
2153 r
= sd_event_add_time_relative(s
->event
, &s
->watchdog_event_source
, CLOCK_MONOTONIC
, s
->watchdog_usec
/2, s
->watchdog_usec
/4, dispatch_watchdog
, s
);
2155 return log_error_errno(r
, "Failed to add watchdog time event: %m");
2158 /* This should fire pretty soon, which we'll use to send the READY=1 event. */
2163 static int synchronize_second_half(sd_event_source
*event_source
, void *userdata
) {
2164 Varlink
*link
= ASSERT_PTR(userdata
);
2168 assert_se(s
= varlink_get_userdata(link
));
2170 /* This is the "second half" of the Synchronize() varlink method. This function is called as deferred
2171 * event source at a low priority to ensure the synchronization completes after all queued log
2172 * messages are processed. */
2173 server_full_sync(s
);
2175 /* Let's get rid of the event source now, by marking it as non-floating again. It then has no ref
2176 * anymore and is immediately destroyed after we return from this function, i.e. from this event
2177 * source handler at the end. */
2178 r
= sd_event_source_set_floating(event_source
, false);
2180 return log_error_errno(r
, "Failed to mark event source as non-floating: %m");
2182 return varlink_reply(link
, NULL
);
2185 static void synchronize_destroy(void *userdata
) {
2186 varlink_unref(userdata
);
2189 static int vl_method_synchronize(Varlink
*link
, JsonVariant
*parameters
, VarlinkMethodFlags flags
, void *userdata
) {
2190 _cleanup_(sd_event_source_unrefp
) sd_event_source
*event_source
= NULL
;
2191 Server
*s
= ASSERT_PTR(userdata
);
2196 if (json_variant_elements(parameters
) > 0)
2197 return varlink_error_invalid_parameter(link
, parameters
);
2199 log_info("Received client request to sync journal.");
2201 /* We don't do the main work now, but instead enqueue a deferred event loop job which will do
2202 * it. That job is scheduled at low priority, so that we return from this method call only after all
2203 * queued but not processed log messages are written to disk, so that this method call returning can
2204 * be used as nice synchronization point. */
2205 r
= sd_event_add_defer(s
->event
, &event_source
, synchronize_second_half
, link
);
2207 return log_error_errno(r
, "Failed to allocate defer event source: %m");
2209 r
= sd_event_source_set_destroy_callback(event_source
, synchronize_destroy
);
2211 return log_error_errno(r
, "Failed to set event source destroy callback: %m");
2213 varlink_ref(link
); /* The varlink object is now left to the destroy callback to unref */
2215 r
= sd_event_source_set_priority(event_source
, SD_EVENT_PRIORITY_NORMAL
+15);
2217 return log_error_errno(r
, "Failed to set defer event source priority: %m");
2219 /* Give up ownership of this event source. It will now be destroyed along with event loop itself,
2220 * unless it destroys itself earlier. */
2221 r
= sd_event_source_set_floating(event_source
, true);
2223 return log_error_errno(r
, "Failed to mark event source as floating: %m");
2225 (void) sd_event_source_set_description(event_source
, "deferred-sync");
2230 static int vl_method_rotate(Varlink
*link
, JsonVariant
*parameters
, VarlinkMethodFlags flags
, void *userdata
) {
2231 Server
*s
= ASSERT_PTR(userdata
);
2235 if (json_variant_elements(parameters
) > 0)
2236 return varlink_error_invalid_parameter(link
, parameters
);
2238 log_info("Received client request to rotate journal, rotating.");
2239 server_full_rotate(s
);
2241 return varlink_reply(link
, NULL
);
2244 static int vl_method_flush_to_var(Varlink
*link
, JsonVariant
*parameters
, VarlinkMethodFlags flags
, void *userdata
) {
2245 Server
*s
= ASSERT_PTR(userdata
);
2249 if (json_variant_elements(parameters
) > 0)
2250 return varlink_error_invalid_parameter(link
, parameters
);
2252 return varlink_error(link
, "io.systemd.Journal.NotSupportedByNamespaces", NULL
);
2254 log_info("Received client request to flush runtime journal.");
2255 server_full_flush(s
);
2257 return varlink_reply(link
, NULL
);
2260 static int vl_method_relinquish_var(Varlink
*link
, JsonVariant
*parameters
, VarlinkMethodFlags flags
, void *userdata
) {
2261 Server
*s
= ASSERT_PTR(userdata
);
2265 if (json_variant_elements(parameters
) > 0)
2266 return varlink_error_invalid_parameter(link
, parameters
);
2268 return varlink_error(link
, "io.systemd.Journal.NotSupportedByNamespaces", NULL
);
2270 log_info("Received client request to relinquish %s access.", s
->system_storage
.path
);
2271 server_relinquish_var(s
);
2273 return varlink_reply(link
, NULL
);
2276 static int vl_connect(VarlinkServer
*server
, Varlink
*link
, void *userdata
) {
2277 Server
*s
= ASSERT_PTR(userdata
);
2282 (void) server_start_or_stop_idle_timer(s
); /* maybe we are no longer idle */
2287 static void vl_disconnect(VarlinkServer
*server
, Varlink
*link
, void *userdata
) {
2288 Server
*s
= ASSERT_PTR(userdata
);
2293 (void) server_start_or_stop_idle_timer(s
); /* maybe we are idle now */
2296 static int server_open_varlink(Server
*s
, const char *socket
, int fd
) {
2301 r
= varlink_server_new(&s
->varlink_server
, VARLINK_SERVER_ROOT_ONLY
|VARLINK_SERVER_INHERIT_USERDATA
);
2305 varlink_server_set_userdata(s
->varlink_server
, s
);
2307 r
= varlink_server_add_interface(s
->varlink_server
, &vl_interface_io_systemd_Journal
);
2309 return log_error_errno(r
, "Failed to add Journal interface to varlink server: %m");
2311 r
= varlink_server_bind_method_many(
2313 "io.systemd.Journal.Synchronize", vl_method_synchronize
,
2314 "io.systemd.Journal.Rotate", vl_method_rotate
,
2315 "io.systemd.Journal.FlushToVar", vl_method_flush_to_var
,
2316 "io.systemd.Journal.RelinquishVar", vl_method_relinquish_var
);
2320 r
= varlink_server_bind_connect(s
->varlink_server
, vl_connect
);
2324 r
= varlink_server_bind_disconnect(s
->varlink_server
, vl_disconnect
);
2329 r
= varlink_server_listen_address(s
->varlink_server
, socket
, 0600);
2331 r
= varlink_server_listen_fd(s
->varlink_server
, fd
);
2335 r
= varlink_server_attach_event(s
->varlink_server
, s
->event
, SD_EVENT_PRIORITY_NORMAL
);
2342 int server_map_seqnum_file(
2348 _cleanup_free_
char *fn
= NULL
;
2349 _cleanup_close_
int fd
= -EBADF
;
2358 fn
= path_join(s
->runtime_directory
, fname
);
2362 fd
= open(fn
, O_RDWR
|O_CREAT
|O_CLOEXEC
|O_NOCTTY
|O_NOFOLLOW
, 0644);
2366 r
= posix_fallocate_loop(fd
, 0, size
);
2370 p
= mmap(NULL
, size
, PROT_READ
|PROT_WRITE
, MAP_SHARED
, fd
, 0);
2371 if (p
== MAP_FAILED
)
2378 void server_unmap_seqnum_file(void *p
, size_t size
) {
2384 assert_se(munmap(p
, size
) >= 0);
2387 static bool server_is_idle(Server
*s
) {
2390 /* The server for the main namespace is never idle */
2394 /* If a retention maximum is set larger than the idle time we need to be running to enforce it, hence
2395 * turn off the idle logic. */
2396 if (s
->max_retention_usec
> IDLE_TIMEOUT_USEC
)
2399 /* We aren't idle if we have a varlink client */
2400 if (varlink_server_current_connections(s
->varlink_server
) > 0)
2403 /* If we have stdout streams we aren't idle */
2404 if (s
->n_stdout_streams
> 0)
2410 static int server_idle_handler(sd_event_source
*source
, uint64_t usec
, void *userdata
) {
2411 Server
*s
= ASSERT_PTR(userdata
);
2415 log_debug("Server is idle, exiting.");
2416 sd_event_exit(s
->event
, 0);
2420 int server_start_or_stop_idle_timer(Server
*s
) {
2421 _cleanup_(sd_event_source_unrefp
) sd_event_source
*source
= NULL
;
2426 if (!server_is_idle(s
)) {
2427 s
->idle_event_source
= sd_event_source_disable_unref(s
->idle_event_source
);
2431 if (s
->idle_event_source
)
2434 r
= sd_event_add_time_relative(s
->event
, &source
, CLOCK_MONOTONIC
, IDLE_TIMEOUT_USEC
, 0, server_idle_handler
, s
);
2436 return log_error_errno(r
, "Failed to allocate idle timer: %m");
2438 r
= sd_event_source_set_priority(source
, SD_EVENT_PRIORITY_IDLE
);
2440 return log_error_errno(r
, "Failed to set idle timer priority: %m");
2442 (void) sd_event_source_set_description(source
, "idle-timer");
2444 s
->idle_event_source
= TAKE_PTR(source
);
2448 int server_refresh_idle_timer(Server
*s
) {
2453 if (!s
->idle_event_source
)
2456 r
= sd_event_source_set_time_relative(s
->idle_event_source
, IDLE_TIMEOUT_USEC
);
2458 return log_error_errno(r
, "Failed to refresh idle timer: %m");
2463 static int server_set_namespace(Server
*s
, const char *namespace) {
2469 if (!log_namespace_name_valid(namespace))
2470 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Specified namespace name not valid, refusing: %s", namespace);
2472 s
->namespace = strdup(namespace);
2476 s
->namespace_field
= strjoin("_NAMESPACE=", namespace);
2477 if (!s
->namespace_field
)
2483 static int server_memory_pressure(sd_event_source
*es
, void *userdata
) {
2484 Server
*s
= ASSERT_PTR(userdata
);
2486 log_info("Under memory pressure, flushing caches.");
2488 /* Flushed the cached info we might have about client processes */
2489 client_context_flush_regular(s
);
2491 /* Let's also close all user files (but keep the system/runtime one open) */
2493 JournalFile
*first
= ordered_hashmap_steal_first(s
->user_journals
);
2498 (void) journal_file_offline_close(first
);
2501 sd_event_trim_memory();
2506 static int server_setup_memory_pressure(Server
*s
) {
2511 r
= sd_event_add_memory_pressure(s
->event
, NULL
, server_memory_pressure
, s
);
2513 log_full_errno(ERRNO_IS_NOT_SUPPORTED(r
) || ERRNO_IS_PRIVILEGE(r
) || (r
== -EHOSTDOWN
) ? LOG_DEBUG
: LOG_NOTICE
, r
,
2514 "Failed to install memory pressure event source, ignoring: %m");
2519 static void server_load_credentials(Server
*s
) {
2520 _cleanup_free_
void *data
= NULL
;
2525 r
= read_credential("journal.forward_to_socket", &data
, NULL
);
2527 log_debug_errno(r
, "Failed to read credential journal.forward_to_socket, ignoring: %m");
2529 r
= socket_address_parse(&s
->forward_to_socket
, data
);
2531 log_debug_errno(r
, "Failed to parse socket address '%s' from credential journal.forward_to_socket, ignoring: %m", (char *) data
);
2536 r
= read_credential("journal.storage", &data
, NULL
);
2538 log_debug_errno(r
, "Failed to read credential journal.storage, ignoring: %m");
2540 r
= storage_from_string(data
);
2542 log_debug_errno(r
, "Failed to parse storage '%s' from credential journal.storage, ignoring: %m", (char *) data
);
2548 int server_new(Server
**ret
) {
2549 _cleanup_(server_freep
) Server
*s
= NULL
;
2558 .syslog_fd
= -EBADF
,
2559 .native_fd
= -EBADF
,
2560 .stdout_fd
= -EBADF
,
2561 .dev_kmsg_fd
= -EBADF
,
2563 .hostname_fd
= -EBADF
,
2564 .notify_fd
= -EBADF
,
2565 .forward_socket_fd
= -EBADF
,
2567 .compress
.enabled
= true,
2568 .compress
.threshold_bytes
= UINT64_MAX
,
2573 .watchdog_usec
= USEC_INFINITY
,
2575 .sync_interval_usec
= DEFAULT_SYNC_INTERVAL_USEC
,
2576 .sync_scheduled
= false,
2578 .ratelimit_interval
= DEFAULT_RATE_LIMIT_INTERVAL
,
2579 .ratelimit_burst
= DEFAULT_RATE_LIMIT_BURST
,
2581 .forward_to_wall
= true,
2582 .forward_to_socket
= { .sockaddr
.sa
.sa_family
= AF_UNSPEC
},
2584 .max_file_usec
= DEFAULT_MAX_FILE_USEC
,
2586 .max_level_store
= LOG_DEBUG
,
2587 .max_level_syslog
= LOG_DEBUG
,
2588 .max_level_kmsg
= LOG_NOTICE
,
2589 .max_level_console
= LOG_INFO
,
2590 .max_level_wall
= LOG_EMERG
,
2591 .max_level_socket
= LOG_DEBUG
,
2593 .line_max
= DEFAULT_LINE_MAX
,
2595 .runtime_storage
.name
= "Runtime Journal",
2596 .system_storage
.name
= "System Journal",
2598 .kmsg_own_ratelimit
= {
2599 .interval
= DEFAULT_KMSG_OWN_INTERVAL
,
2600 .burst
= DEFAULT_KMSG_OWN_BURST
,
2603 .sigrtmin18_info
.memory_pressure_handler
= server_memory_pressure
,
2604 .sigrtmin18_info
.memory_pressure_userdata
= s
,
2611 int server_init(Server
*s
, const char *namespace) {
2612 const char *native_socket
, *syslog_socket
, *stdout_socket
, *varlink_socket
, *e
;
2613 _cleanup_fdset_free_ FDSet
*fds
= NULL
;
2614 int n
, r
, varlink_fd
= -EBADF
;
2619 r
= server_set_namespace(s
, namespace);
2623 /* By default, only read from /dev/kmsg if are the main namespace */
2624 s
->read_kmsg
= !s
->namespace;
2625 s
->storage
= s
->namespace ? STORAGE_PERSISTENT
: STORAGE_AUTO
;
2627 journal_reset_metrics(&s
->system_storage
.metrics
);
2628 journal_reset_metrics(&s
->runtime_storage
.metrics
);
2630 server_load_credentials(s
);
2631 server_parse_config_file(s
);
2633 if (!s
->namespace) {
2634 /* Parse kernel command line, but only if we are not a namespace instance */
2635 r
= proc_cmdline_parse(parse_proc_cmdline_item
, s
, PROC_CMDLINE_STRIP_RD_PREFIX
);
2637 log_warning_errno(r
, "Failed to parse kernel command line, ignoring: %m");
2640 if (!!s
->ratelimit_interval
!= !!s
->ratelimit_burst
) { /* One set to 0 and the other not? */
2641 log_debug("Setting both rate limit interval and burst from "USEC_FMT
",%u to 0,0",
2642 s
->ratelimit_interval
, s
->ratelimit_burst
);
2643 s
->ratelimit_interval
= s
->ratelimit_burst
= 0;
2646 e
= getenv("RUNTIME_DIRECTORY");
2648 s
->runtime_directory
= strdup(e
);
2649 else if (s
->namespace)
2650 s
->runtime_directory
= strjoin("/run/systemd/journal.", s
->namespace);
2652 s
->runtime_directory
= strdup("/run/systemd/journal");
2653 if (!s
->runtime_directory
)
2656 (void) mkdir_p(s
->runtime_directory
, 0755);
2658 s
->user_journals
= ordered_hashmap_new(NULL
);
2659 if (!s
->user_journals
)
2662 s
->mmap
= mmap_cache_new();
2666 s
->deferred_closes
= set_new(NULL
);
2667 if (!s
->deferred_closes
)
2670 r
= sd_event_default(&s
->event
);
2672 return log_error_errno(r
, "Failed to create event loop: %m");
2674 n
= sd_listen_fds(true);
2676 return log_error_errno(n
, "Failed to read listening file descriptors from environment: %m");
2678 native_socket
= strjoina(s
->runtime_directory
, "/socket");
2679 stdout_socket
= strjoina(s
->runtime_directory
, "/stdout");
2680 syslog_socket
= strjoina(s
->runtime_directory
, "/dev-log");
2681 varlink_socket
= strjoina(s
->runtime_directory
, "/io.systemd.journal");
2683 for (int fd
= SD_LISTEN_FDS_START
; fd
< SD_LISTEN_FDS_START
+ n
; fd
++)
2685 if (sd_is_socket_unix(fd
, SOCK_DGRAM
, -1, native_socket
, 0) > 0) {
2687 if (s
->native_fd
>= 0)
2688 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
2689 "Too many native sockets passed.");
2693 } else if (sd_is_socket_unix(fd
, SOCK_STREAM
, 1, stdout_socket
, 0) > 0) {
2695 if (s
->stdout_fd
>= 0)
2696 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
2697 "Too many stdout sockets passed.");
2701 } else if (sd_is_socket_unix(fd
, SOCK_DGRAM
, -1, syslog_socket
, 0) > 0) {
2703 if (s
->syslog_fd
>= 0)
2704 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
2705 "Too many /dev/log sockets passed.");
2709 } else if (sd_is_socket_unix(fd
, SOCK_STREAM
, 1, varlink_socket
, 0) > 0) {
2711 if (varlink_fd
>= 0)
2712 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
2713 "Too many varlink sockets passed.");
2716 } else if (sd_is_socket(fd
, AF_NETLINK
, SOCK_RAW
, -1) > 0) {
2718 if (s
->audit_fd
>= 0)
2719 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
2720 "Too many audit sockets passed.");
2732 r
= fdset_put(fds
, fd
);
2737 /* Try to restore streams, but don't bother if this fails */
2738 (void) server_restore_streams(s
, fds
);
2740 if (!fdset_isempty(fds
)) {
2741 log_warning("%u unknown file descriptors passed, closing.", fdset_size(fds
));
2742 fds
= fdset_free(fds
);
2745 no_sockets
= s
->native_fd
< 0 && s
->stdout_fd
< 0 && s
->syslog_fd
< 0 && s
->audit_fd
< 0 && varlink_fd
< 0;
2747 /* always open stdout, syslog, native, and kmsg sockets */
2749 /* systemd-journald.socket: /run/systemd/journal/stdout */
2750 r
= server_open_stdout_socket(s
, stdout_socket
);
2754 /* systemd-journald-dev-log.socket: /run/systemd/journal/dev-log */
2755 r
= server_open_syslog_socket(s
, syslog_socket
);
2759 /* systemd-journald.socket: /run/systemd/journal/socket */
2760 r
= server_open_native_socket(s
, native_socket
);
2765 r
= server_open_dev_kmsg(s
);
2769 /* Unless we got *some* sockets and not audit, open audit socket */
2770 if (s
->audit_fd
>= 0 || no_sockets
) {
2771 log_info("Collecting audit messages is enabled.");
2773 r
= server_open_audit(s
);
2777 log_info("Collecting audit messages is disabled.");
2779 r
= server_open_varlink(s
, varlink_socket
, varlink_fd
);
2783 r
= server_map_seqnum_file(s
, "seqnum", sizeof(SeqnumData
), (void**) &s
->seqnum
);
2785 return log_error_errno(r
, "Failed to map main seqnum file: %m");
2787 r
= server_open_kernel_seqnum(s
);
2791 r
= server_open_hostname(s
);
2795 r
= server_setup_signals(s
);
2799 r
= server_setup_memory_pressure(s
);
2803 s
->ratelimit
= journal_ratelimit_new();
2807 r
= cg_get_root_path(&s
->cgroup_root
);
2809 return log_error_errno(r
, "Failed to acquire cgroup root path: %m");
2811 server_cache_hostname(s
);
2812 server_cache_boot_id(s
);
2813 server_cache_machine_id(s
);
2816 s
->runtime_storage
.path
= strjoin("/run/log/journal/", SERVER_MACHINE_ID(s
), ".", s
->namespace);
2818 s
->runtime_storage
.path
= strjoin("/run/log/journal/", SERVER_MACHINE_ID(s
));
2819 if (!s
->runtime_storage
.path
)
2822 e
= getenv("LOGS_DIRECTORY");
2824 s
->system_storage
.path
= strdup(e
);
2825 else if (s
->namespace)
2826 s
->system_storage
.path
= strjoin("/var/log/journal/", SERVER_MACHINE_ID(s
), ".", s
->namespace);
2828 s
->system_storage
.path
= strjoin("/var/log/journal/", SERVER_MACHINE_ID(s
));
2829 if (!s
->system_storage
.path
)
2832 (void) server_connect_notify(s
);
2834 (void) client_context_acquire_default(s
);
2836 r
= server_system_journal_open(s
, /* flush_requested= */ false, /* relinquish_requested= */ false);
2840 server_start_or_stop_idle_timer(s
);
2845 void server_maybe_append_tags(Server
*s
) {
2850 n
= now(CLOCK_REALTIME
);
2852 if (s
->system_journal
)
2853 journal_file_maybe_append_tag(s
->system_journal
, n
);
2855 ORDERED_HASHMAP_FOREACH(f
, s
->user_journals
)
2856 journal_file_maybe_append_tag(f
, n
);
2860 Server
* server_free(Server
*s
) {
2865 free(s
->namespace_field
);
2867 set_free_with_destructor(s
->deferred_closes
, journal_file_offline_close
);
2869 while (s
->stdout_streams
)
2870 stdout_stream_free(s
->stdout_streams
);
2872 client_context_flush_all(s
);
2874 (void) journal_file_offline_close(s
->system_journal
);
2875 (void) journal_file_offline_close(s
->runtime_journal
);
2877 ordered_hashmap_free_with_destructor(s
->user_journals
, journal_file_offline_close
);
2879 varlink_server_unref(s
->varlink_server
);
2881 sd_event_source_unref(s
->syslog_event_source
);
2882 sd_event_source_unref(s
->native_event_source
);
2883 sd_event_source_unref(s
->stdout_event_source
);
2884 sd_event_source_unref(s
->dev_kmsg_event_source
);
2885 sd_event_source_unref(s
->audit_event_source
);
2886 sd_event_source_unref(s
->sync_event_source
);
2887 sd_event_source_unref(s
->sigusr1_event_source
);
2888 sd_event_source_unref(s
->sigusr2_event_source
);
2889 sd_event_source_unref(s
->sigterm_event_source
);
2890 sd_event_source_unref(s
->sigint_event_source
);
2891 sd_event_source_unref(s
->sigrtmin1_event_source
);
2892 sd_event_source_unref(s
->hostname_event_source
);
2893 sd_event_source_unref(s
->notify_event_source
);
2894 sd_event_source_unref(s
->watchdog_event_source
);
2895 sd_event_source_unref(s
->idle_event_source
);
2896 sd_event_unref(s
->event
);
2898 safe_close(s
->syslog_fd
);
2899 safe_close(s
->native_fd
);
2900 safe_close(s
->stdout_fd
);
2901 safe_close(s
->dev_kmsg_fd
);
2902 safe_close(s
->audit_fd
);
2903 safe_close(s
->hostname_fd
);
2904 safe_close(s
->notify_fd
);
2905 safe_close(s
->forward_socket_fd
);
2908 journal_ratelimit_free(s
->ratelimit
);
2910 server_unmap_seqnum_file(s
->seqnum
, sizeof(*s
->seqnum
));
2911 server_unmap_seqnum_file(s
->kernel_seqnum
, sizeof(*s
->kernel_seqnum
));
2915 free(s
->cgroup_root
);
2916 free(s
->hostname_field
);
2917 free(s
->runtime_storage
.path
);
2918 free(s
->system_storage
.path
);
2919 free(s
->runtime_directory
);
2921 mmap_cache_unref(s
->mmap
);
2926 static const char* const storage_table
[_STORAGE_MAX
] = {
2927 [STORAGE_AUTO
] = "auto",
2928 [STORAGE_VOLATILE
] = "volatile",
2929 [STORAGE_PERSISTENT
] = "persistent",
2930 [STORAGE_NONE
] = "none"
2933 DEFINE_STRING_TABLE_LOOKUP(storage
, Storage
);
2934 DEFINE_CONFIG_PARSE_ENUM(config_parse_storage
, storage
, Storage
, "Failed to parse storage setting");
2936 static const char* const split_mode_table
[_SPLIT_MAX
] = {
2937 [SPLIT_LOGIN
] = "login",
2938 [SPLIT_UID
] = "uid",
2939 [SPLIT_NONE
] = "none",
2942 DEFINE_STRING_TABLE_LOOKUP(split_mode
, SplitMode
);
2943 DEFINE_CONFIG_PARSE_ENUM(config_parse_split_mode
, split_mode
, SplitMode
, "Failed to parse split mode setting");
2945 int config_parse_line_max(
2947 const char *filename
,
2949 const char *section
,
2950 unsigned section_line
,
2957 size_t *sz
= ASSERT_PTR(data
);
2964 if (isempty(rvalue
))
2965 /* Empty assignment means default */
2966 *sz
= DEFAULT_LINE_MAX
;
2970 r
= parse_size(rvalue
, 1024, &v
);
2972 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse LineMax= value, ignoring: %s", rvalue
);
2977 /* Why specify 79 here as minimum line length? Simply, because the most common traditional
2978 * terminal size is 80ch, and it might make sense to break one character before the natural
2979 * line break would occur on that. */
2980 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "LineMax= too small, clamping to 79: %s", rvalue
);
2982 } else if (v
> (uint64_t) (SSIZE_MAX
-1)) {
2983 /* So, why specify SSIZE_MAX-1 here? Because that's one below the largest size value read()
2984 * can return, and we need one extra byte for the trailing NUL byte. Of course IRL such large
2985 * memory allocations will fail anyway, hence this limit is mostly theoretical anyway, as we'll
2986 * fail much earlier anyway. */
2987 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "LineMax= too large, clamping to %" PRIu64
": %s", (uint64_t) (SSIZE_MAX
-1), rvalue
);
2996 int config_parse_compress(
2998 const char *filename
,
3000 const char *section
,
3001 unsigned section_line
,
3008 JournalCompressOptions
* compress
= ASSERT_PTR(data
);
3015 if (isempty(rvalue
)) {
3016 compress
->enabled
= true;
3017 compress
->threshold_bytes
= UINT64_MAX
;
3018 } else if (streq(rvalue
, "1")) {
3019 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
3020 "Compress= ambiguously specified as 1, enabling compression with default threshold");
3021 compress
->enabled
= true;
3022 } else if (streq(rvalue
, "0")) {
3023 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
3024 "Compress= ambiguously specified as 0, disabling compression");
3025 compress
->enabled
= false;
3027 r
= parse_boolean(rvalue
);
3029 r
= parse_size(rvalue
, 1024, &compress
->threshold_bytes
);
3031 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3032 "Failed to parse Compress= value, ignoring: %s", rvalue
);
3034 compress
->enabled
= true;
3036 compress
->enabled
= r
;
3042 int config_parse_forward_to_socket(
3044 const char *filename
,
3046 const char *section
,
3047 unsigned section_line
,
3054 SocketAddress
* addr
= ASSERT_PTR(data
);
3061 if (isempty(rvalue
))
3062 *addr
= (SocketAddress
) { .sockaddr
.sa
.sa_family
= AF_UNSPEC
};
3064 r
= socket_address_parse(addr
, rvalue
);
3066 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3067 "Failed to parse ForwardToSocket= value, ignoring: %s", rvalue
);