]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/journal/journald-server.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
journal: Add journal.storage credential
[thirdparty/systemd.git] / src / journal / journald-server.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #if HAVE_SELINUX
4 #include <selinux/selinux.h>
5 #endif
6 #include <sys/ioctl.h>
7 #include <sys/mman.h>
8 #include <sys/signalfd.h>
9 #include <sys/statvfs.h>
10 #include <linux/sockios.h>
11
12 #include "sd-daemon.h"
13 #include "sd-journal.h"
14 #include "sd-messages.h"
15
16 #include "acl-util.h"
17 #include "alloc-util.h"
18 #include "audit-util.h"
19 #include "cgroup-util.h"
20 #include "conf-parser.h"
21 #include "creds-util.h"
22 #include "dirent-util.h"
23 #include "extract-word.h"
24 #include "fd-util.h"
25 #include "fileio.h"
26 #include "format-util.h"
27 #include "fs-util.h"
28 #include "hashmap.h"
29 #include "hostname-util.h"
30 #include "id128-util.h"
31 #include "initrd-util.h"
32 #include "iovec-util.h"
33 #include "journal-authenticate.h"
34 #include "journal-file-util.h"
35 #include "journal-internal.h"
36 #include "journal-vacuum.h"
37 #include "journald-audit.h"
38 #include "journald-context.h"
39 #include "journald-kmsg.h"
40 #include "journald-native.h"
41 #include "journald-rate-limit.h"
42 #include "journald-server.h"
43 #include "journald-socket.h"
44 #include "journald-stream.h"
45 #include "journald-syslog.h"
46 #include "log.h"
47 #include "memory-util.h"
48 #include "missing_audit.h"
49 #include "mkdir.h"
50 #include "parse-util.h"
51 #include "path-util.h"
52 #include "proc-cmdline.h"
53 #include "process-util.h"
54 #include "rm-rf.h"
55 #include "selinux-util.h"
56 #include "signal-util.h"
57 #include "socket-netlink.h"
58 #include "socket-util.h"
59 #include "stdio-util.h"
60 #include "string-table.h"
61 #include "string-util.h"
62 #include "syslog-util.h"
63 #include "uid-classification.h"
64 #include "user-util.h"
65 #include "varlink-io.systemd.Journal.h"
66
67 #define USER_JOURNALS_MAX 1024
68
69 #define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
70 #define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC)
71 #define DEFAULT_RATE_LIMIT_BURST 10000
72 #define DEFAULT_MAX_FILE_USEC USEC_PER_MONTH
73
74 #define DEFAULT_KMSG_OWN_INTERVAL (5 * USEC_PER_SEC)
75 #define DEFAULT_KMSG_OWN_BURST 50
76
77 #define RECHECK_SPACE_USEC (30*USEC_PER_SEC)
78
79 #define NOTIFY_SNDBUF_SIZE (8*1024*1024)
80
81 /* The period to insert between posting changes for coalescing */
82 #define POST_CHANGE_TIMER_INTERVAL_USEC (250*USEC_PER_MSEC)
83
84 /* Pick a good default that is likely to fit into AF_UNIX and AF_INET SOCK_DGRAM datagrams, and even leaves some room
85 * for a bit of additional metadata. */
86 #define DEFAULT_LINE_MAX (48*1024)
87
88 #define DEFERRED_CLOSES_MAX (4096)
89
90 #define IDLE_TIMEOUT_USEC (30*USEC_PER_SEC)
91
92 #define FAILED_TO_WRITE_ENTRY_RATELIMIT ((const RateLimit) { .interval = 1 * USEC_PER_SEC, .burst = 1 })
93
94 static int server_determine_path_usage(
95 Server *s,
96 const char *path,
97 uint64_t *ret_used,
98 uint64_t *ret_free) {
99
100 _cleanup_closedir_ DIR *d = NULL;
101 struct statvfs ss;
102
103 assert(s);
104 assert(path);
105 assert(ret_used);
106 assert(ret_free);
107
108 d = opendir(path);
109 if (!d)
110 return log_ratelimit_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR,
111 errno, JOURNAL_LOG_RATELIMIT, "Failed to open %s: %m", path);
112
113 if (fstatvfs(dirfd(d), &ss) < 0)
114 return log_ratelimit_error_errno(errno, JOURNAL_LOG_RATELIMIT,
115 "Failed to fstatvfs(%s): %m", path);
116
117 *ret_free = ss.f_bsize * ss.f_bavail;
118 *ret_used = 0;
119 FOREACH_DIRENT_ALL(de, d, break) {
120 struct stat st;
121
122 if (!endswith(de->d_name, ".journal") &&
123 !endswith(de->d_name, ".journal~"))
124 continue;
125
126 if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
127 log_debug_errno(errno, "Failed to stat %s/%s, ignoring: %m", path, de->d_name);
128 continue;
129 }
130
131 if (!S_ISREG(st.st_mode))
132 continue;
133
134 *ret_used += (uint64_t) st.st_blocks * 512UL;
135 }
136
137 return 0;
138 }
139
140 static void cache_space_invalidate(JournalStorageSpace *space) {
141 zero(*space);
142 }
143
144 static int cache_space_refresh(Server *s, JournalStorage *storage) {
145 JournalStorageSpace *space;
146 JournalMetrics *metrics;
147 uint64_t vfs_used, vfs_avail, avail;
148 usec_t ts;
149 int r;
150
151 assert(s);
152
153 metrics = &storage->metrics;
154 space = &storage->space;
155
156 ts = now(CLOCK_MONOTONIC);
157
158 if (space->timestamp != 0 && usec_add(space->timestamp, RECHECK_SPACE_USEC) > ts)
159 return 0;
160
161 r = server_determine_path_usage(s, storage->path, &vfs_used, &vfs_avail);
162 if (r < 0)
163 return r;
164
165 space->vfs_used = vfs_used;
166 space->vfs_available = vfs_avail;
167
168 avail = LESS_BY(vfs_avail, metrics->keep_free);
169
170 space->limit = CLAMP(vfs_used + avail, metrics->min_use, metrics->max_use);
171 space->available = LESS_BY(space->limit, vfs_used);
172 space->timestamp = ts;
173 return 1;
174 }
175
176 static void patch_min_use(JournalStorage *storage) {
177 assert(storage);
178
179 /* Let's bump the min_use limit to the current usage on disk. We do
180 * this when starting up and first opening the journal files. This way
181 * sudden spikes in disk usage will not cause journald to vacuum files
182 * without bounds. Note that this means that only a restart of journald
183 * will make it reset this value. */
184
185 storage->metrics.min_use = MAX(storage->metrics.min_use, storage->space.vfs_used);
186 }
187
188 static JournalStorage* server_current_storage(Server *s) {
189 assert(s);
190
191 return s->system_journal ? &s->system_storage : &s->runtime_storage;
192 }
193
194 static int server_determine_space(Server *s, uint64_t *available, uint64_t *limit) {
195 JournalStorage *js;
196 int r;
197
198 assert(s);
199
200 js = server_current_storage(s);
201
202 r = cache_space_refresh(s, js);
203 if (r >= 0) {
204 if (available)
205 *available = js->space.available;
206 if (limit)
207 *limit = js->space.limit;
208 }
209 return r;
210 }
211
212 void server_space_usage_message(Server *s, JournalStorage *storage) {
213 assert(s);
214
215 if (!storage)
216 storage = server_current_storage(s);
217
218 if (cache_space_refresh(s, storage) < 0)
219 return;
220
221 const JournalMetrics *metrics = &storage->metrics;
222
223 server_driver_message(s, 0,
224 "MESSAGE_ID=" SD_MESSAGE_JOURNAL_USAGE_STR,
225 LOG_MESSAGE("%s (%s) is %s, max %s, %s free.",
226 storage->name, storage->path,
227 FORMAT_BYTES(storage->space.vfs_used),
228 FORMAT_BYTES(storage->space.limit),
229 FORMAT_BYTES(storage->space.available)),
230 "JOURNAL_NAME=%s", storage->name,
231 "JOURNAL_PATH=%s", storage->path,
232 "CURRENT_USE=%"PRIu64, storage->space.vfs_used,
233 "CURRENT_USE_PRETTY=%s", FORMAT_BYTES(storage->space.vfs_used),
234 "MAX_USE=%"PRIu64, metrics->max_use,
235 "MAX_USE_PRETTY=%s", FORMAT_BYTES(metrics->max_use),
236 "DISK_KEEP_FREE=%"PRIu64, metrics->keep_free,
237 "DISK_KEEP_FREE_PRETTY=%s", FORMAT_BYTES(metrics->keep_free),
238 "DISK_AVAILABLE=%"PRIu64, storage->space.vfs_available,
239 "DISK_AVAILABLE_PRETTY=%s", FORMAT_BYTES(storage->space.vfs_available),
240 "LIMIT=%"PRIu64, storage->space.limit,
241 "LIMIT_PRETTY=%s", FORMAT_BYTES(storage->space.limit),
242 "AVAILABLE=%"PRIu64, storage->space.available,
243 "AVAILABLE_PRETTY=%s", FORMAT_BYTES(storage->space.available),
244 NULL);
245 }
246
247 static void server_add_acls(JournalFile *f, uid_t uid) {
248 assert(f);
249
250 #if HAVE_ACL
251 int r;
252
253 if (uid_for_system_journal(uid))
254 return;
255
256 r = fd_add_uid_acl_permission(f->fd, uid, ACL_READ);
257 if (r < 0)
258 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
259 "Failed to set ACL on %s, ignoring: %m", f->path);
260 #endif
261 }
262
263 static int server_open_journal(
264 Server *s,
265 bool reliably,
266 const char *fname,
267 int open_flags,
268 bool seal,
269 JournalMetrics *metrics,
270 JournalFile **ret) {
271
272 _cleanup_(journal_file_offline_closep) JournalFile *f = NULL;
273 JournalFileFlags file_flags;
274 int r;
275
276 assert(s);
277 assert(fname);
278 assert(ret);
279
280 file_flags =
281 (s->compress.enabled ? JOURNAL_COMPRESS : 0) |
282 (seal ? JOURNAL_SEAL : 0) |
283 JOURNAL_STRICT_ORDER;
284
285 set_clear_with_destructor(s->deferred_closes, journal_file_offline_close);
286
287 if (reliably)
288 r = journal_file_open_reliably(
289 fname,
290 open_flags,
291 file_flags,
292 0640,
293 s->compress.threshold_bytes,
294 metrics,
295 s->mmap,
296 &f);
297 else
298 r = journal_file_open(
299 /* fd= */ -EBADF,
300 fname,
301 open_flags,
302 file_flags,
303 0640,
304 s->compress.threshold_bytes,
305 metrics,
306 s->mmap,
307 /* template= */ NULL,
308 &f);
309 if (r < 0)
310 return r;
311
312 r = journal_file_enable_post_change_timer(f, s->event, POST_CHANGE_TIMER_INTERVAL_USEC);
313 if (r < 0)
314 return r;
315
316 *ret = TAKE_PTR(f);
317 return r;
318 }
319
320 static bool server_flushed_flag_is_set(Server *s) {
321 const char *fn;
322
323 assert(s);
324
325 /* We don't support the "flushing" concept for namespace instances, we assume them to always have
326 * access to /var */
327 if (s->namespace)
328 return true;
329
330 fn = strjoina(s->runtime_directory, "/flushed");
331 return access(fn, F_OK) >= 0;
332 }
333
334 static int server_system_journal_open(
335 Server *s,
336 bool flush_requested,
337 bool relinquish_requested) {
338
339 const char *fn;
340 int r = 0;
341
342 if (!s->system_journal &&
343 IN_SET(s->storage, STORAGE_PERSISTENT, STORAGE_AUTO) &&
344 (flush_requested || server_flushed_flag_is_set(s)) &&
345 !relinquish_requested) {
346
347 /* If in auto mode: first try to create the machine path, but not the prefix.
348 *
349 * If in persistent mode: create /var/log/journal and the machine path */
350
351 if (s->storage == STORAGE_PERSISTENT)
352 (void) mkdir_parents(s->system_storage.path, 0755);
353
354 (void) mkdir(s->system_storage.path, 0755);
355
356 fn = strjoina(s->system_storage.path, "/system.journal");
357 r = server_open_journal(
358 s,
359 /* reliably= */ true,
360 fn,
361 O_RDWR|O_CREAT,
362 s->seal,
363 &s->system_storage.metrics,
364 &s->system_journal);
365 if (r >= 0) {
366 server_add_acls(s->system_journal, 0);
367 (void) cache_space_refresh(s, &s->system_storage);
368 patch_min_use(&s->system_storage);
369 } else {
370 if (!IN_SET(r, -ENOENT, -EROFS))
371 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
372 "Failed to open system journal: %m");
373
374 r = 0;
375 }
376
377 /* If the runtime journal is open, and we're post-flush, we're recovering from a failed
378 * system journal rotate (ENOSPC) for which the runtime journal was reopened.
379 *
380 * Perform an implicit flush to var, leaving the runtime journal closed, now that the system
381 * journal is back.
382 */
383 if (!flush_requested)
384 (void) server_flush_to_var(s, true);
385 }
386
387 if (!s->runtime_journal &&
388 (s->storage != STORAGE_NONE)) {
389
390 fn = strjoina(s->runtime_storage.path, "/system.journal");
391
392 if (!s->system_journal || relinquish_requested) {
393
394 /* OK, we really need the runtime journal, so create it if necessary. */
395
396 (void) mkdir_parents(s->runtime_storage.path, 0755);
397 (void) mkdir(s->runtime_storage.path, 0750);
398
399 r = server_open_journal(
400 s,
401 /* reliably= */ true,
402 fn,
403 O_RDWR|O_CREAT,
404 /* seal= */ false,
405 &s->runtime_storage.metrics,
406 &s->runtime_journal);
407 if (r < 0)
408 return log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
409 "Failed to open runtime journal: %m");
410
411 } else if (!server_flushed_flag_is_set(s)) {
412 /* Try to open the runtime journal, but only if it already exists, so that we can
413 * flush it into the system journal */
414
415 r = server_open_journal(
416 s,
417 /* reliably= */ false,
418 fn,
419 O_RDWR,
420 /* seal= */ false,
421 &s->runtime_storage.metrics,
422 &s->runtime_journal);
423 if (r < 0) {
424 if (r != -ENOENT)
425 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
426 "Failed to open runtime journal: %m");
427
428 r = 0;
429 }
430 }
431
432 if (s->runtime_journal) {
433 server_add_acls(s->runtime_journal, 0);
434 (void) cache_space_refresh(s, &s->runtime_storage);
435 patch_min_use(&s->runtime_storage);
436 }
437 }
438
439 return r;
440 }
441
442 static int server_find_user_journal(Server *s, uid_t uid, JournalFile **ret) {
443 _cleanup_(journal_file_offline_closep) JournalFile *f = NULL;
444 _cleanup_free_ char *p = NULL;
445 int r;
446
447 assert(!uid_for_system_journal(uid));
448
449 f = ordered_hashmap_get(s->user_journals, UID_TO_PTR(uid));
450 if (f)
451 goto found;
452
453 if (asprintf(&p, "%s/user-" UID_FMT ".journal", s->system_storage.path, uid) < 0)
454 return log_oom();
455
456 /* Too many open? Then let's close one (or more) */
457 while (ordered_hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
458 JournalFile *first;
459
460 assert_se(first = ordered_hashmap_steal_first(s->user_journals));
461 (void) journal_file_offline_close(first);
462 }
463
464 r = server_open_journal(
465 s,
466 /* reliably= */ true,
467 p,
468 O_RDWR|O_CREAT,
469 s->seal,
470 &s->system_storage.metrics,
471 &f);
472 if (r < 0)
473 return r;
474
475 r = ordered_hashmap_put(s->user_journals, UID_TO_PTR(uid), f);
476 if (r < 0)
477 return r;
478
479 server_add_acls(f, uid);
480
481 found:
482 *ret = TAKE_PTR(f);
483 return 0;
484 }
485
486 static JournalFile* server_find_journal(Server *s, uid_t uid) {
487 int r;
488
489 assert(s);
490
491 /* A rotate that fails to create the new journal (ENOSPC) leaves the rotated journal as NULL. Unless
492 * we revisit opening, even after space is made available we'll continue to return NULL indefinitely.
493 *
494 * system_journal_open() is a noop if the journals are already open, so we can just call it here to
495 * recover from failed rotates (or anything else that's left the journals as NULL).
496 *
497 * Fixes https://github.com/systemd/systemd/issues/3968 */
498 (void) server_system_journal_open(s, /* flush_requested= */ false, /* relinquish_requested= */ false);
499
500 /* We split up user logs only on /var, not on /run. If the runtime file is open, we write to it
501 * exclusively, in order to guarantee proper order as soon as we flush /run to /var and close the
502 * runtime file. */
503
504 if (s->runtime_journal)
505 return s->runtime_journal;
506
507 /* If we are not in persistent mode, then we need return NULL immediately rather than opening a
508 * persistent journal of any sort.
509 *
510 * Fixes https://github.com/systemd/systemd/issues/20390 */
511 if (!IN_SET(s->storage, STORAGE_AUTO, STORAGE_PERSISTENT))
512 return NULL;
513
514 if (!uid_for_system_journal(uid)) {
515 JournalFile *f = NULL;
516
517 r = server_find_user_journal(s, uid, &f);
518 if (r >= 0)
519 return ASSERT_PTR(f);
520
521 log_warning_errno(r, "Failed to open user journal file, falling back to system journal: %m");
522 }
523
524 return s->system_journal;
525 }
526
527 static int server_do_rotate(
528 Server *s,
529 JournalFile **f,
530 const char* name,
531 bool seal,
532 uint32_t uid) {
533
534 JournalFileFlags file_flags;
535 int r;
536
537 assert(s);
538
539 if (!*f)
540 return -EINVAL;
541
542 file_flags =
543 (s->compress.enabled ? JOURNAL_COMPRESS : 0)|
544 (seal ? JOURNAL_SEAL : 0) |
545 JOURNAL_STRICT_ORDER;
546
547 r = journal_file_rotate(f, s->mmap, file_flags, s->compress.threshold_bytes, s->deferred_closes);
548 if (r < 0) {
549 if (*f)
550 return log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT,
551 "Failed to rotate %s: %m", (*f)->path);
552 else
553 return log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT,
554 "Failed to create new %s journal: %m", name);
555 }
556
557 server_add_acls(*f, uid);
558 return r;
559 }
560
561 static void server_process_deferred_closes(Server *s) {
562 JournalFile *f;
563
564 /* Perform any deferred closes which aren't still offlining. */
565 SET_FOREACH(f, s->deferred_closes) {
566 if (journal_file_is_offlining(f))
567 continue;
568
569 (void) set_remove(s->deferred_closes, f);
570 (void) journal_file_offline_close(f);
571 }
572 }
573
574 static void server_vacuum_deferred_closes(Server *s) {
575 assert(s);
576
577 /* Make some room in the deferred closes list, so that it doesn't grow without bounds */
578 if (set_size(s->deferred_closes) < DEFERRED_CLOSES_MAX)
579 return;
580
581 /* Let's first remove all journal files that might already have completed closing */
582 server_process_deferred_closes(s);
583
584 /* And now, let's close some more until we reach the limit again. */
585 while (set_size(s->deferred_closes) >= DEFERRED_CLOSES_MAX) {
586 JournalFile *f;
587
588 assert_se(f = set_steal_first(s->deferred_closes));
589 journal_file_offline_close(f);
590 }
591 }
592
593 static int server_archive_offline_user_journals(Server *s) {
594 _cleanup_closedir_ DIR *d = NULL;
595 int r;
596
597 assert(s);
598
599 d = opendir(s->system_storage.path);
600 if (!d) {
601 if (errno == ENOENT)
602 return 0;
603
604 return log_ratelimit_error_errno(errno, JOURNAL_LOG_RATELIMIT,
605 "Failed to open %s: %m", s->system_storage.path);
606 }
607
608 for (;;) {
609 _cleanup_free_ char *full = NULL;
610 _cleanup_close_ int fd = -EBADF;
611 struct dirent *de;
612 JournalFile *f;
613 uid_t uid;
614
615 errno = 0;
616 de = readdir_no_dot(d);
617 if (!de) {
618 if (errno != 0)
619 log_ratelimit_warning_errno(errno, JOURNAL_LOG_RATELIMIT,
620 "Failed to enumerate %s, ignoring: %m",
621 s->system_storage.path);
622 break;
623 }
624
625 r = journal_file_parse_uid_from_filename(de->d_name, &uid);
626 if (r < 0) {
627 /* Don't warn if the file is not an online or offline user journal. */
628 if (r != -EREMOTE)
629 log_warning_errno(r, "Failed to parse UID from file name '%s', ignoring: %m", de->d_name);
630 continue;
631 }
632
633 /* Already rotated in the above loop? i.e. is it an open user journal? */
634 if (ordered_hashmap_contains(s->user_journals, UID_TO_PTR(uid)))
635 continue;
636
637 full = path_join(s->system_storage.path, de->d_name);
638 if (!full)
639 return log_oom();
640
641 fd = openat(dirfd(d), de->d_name, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW|O_NONBLOCK);
642 if (fd < 0) {
643 log_ratelimit_full_errno(IN_SET(errno, ELOOP, ENOENT) ? LOG_DEBUG : LOG_WARNING,
644 errno, JOURNAL_LOG_RATELIMIT,
645 "Failed to open journal file '%s' for rotation: %m", full);
646 continue;
647 }
648
649 /* Make some room in the set of deferred close()s */
650 server_vacuum_deferred_closes(s);
651
652 /* Open the file briefly, so that we can archive it */
653 r = journal_file_open(
654 fd,
655 full,
656 O_RDWR,
657 (s->compress.enabled ? JOURNAL_COMPRESS : 0) |
658 (s->seal ? JOURNAL_SEAL : 0), /* strict order does not matter here */
659 0640,
660 s->compress.threshold_bytes,
661 &s->system_storage.metrics,
662 s->mmap,
663 /* template= */ NULL,
664 &f);
665 if (r < 0) {
666 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
667 "Failed to read journal file %s for rotation, trying to move it out of the way: %m",
668 full);
669
670 r = journal_file_dispose(dirfd(d), de->d_name);
671 if (r < 0)
672 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
673 "Failed to move %s out of the way, ignoring: %m",
674 full);
675 else
676 log_debug("Successfully moved %s out of the way.", full);
677
678 continue;
679 }
680
681 TAKE_FD(fd); /* Donated to journal_file_open() */
682
683 journal_file_write_final_tag(f);
684 r = journal_file_archive(f, NULL);
685 if (r < 0)
686 log_debug_errno(r, "Failed to archive journal file '%s', ignoring: %m", full);
687
688 journal_file_initiate_close(TAKE_PTR(f), s->deferred_closes);
689 }
690
691 return 0;
692 }
693
694 void server_rotate(Server *s) {
695 JournalFile *f;
696 void *k;
697 int r;
698
699 log_debug("Rotating...");
700
701 /* First, rotate the system journal (either in its runtime flavour or in its runtime flavour) */
702 (void) server_do_rotate(s, &s->runtime_journal, "runtime", /* seal= */ false, /* uid= */ 0);
703 (void) server_do_rotate(s, &s->system_journal, "system", s->seal, /* uid= */ 0);
704
705 /* Then, rotate all user journals we have open (keeping them open) */
706 ORDERED_HASHMAP_FOREACH_KEY(f, k, s->user_journals) {
707 r = server_do_rotate(s, &f, "user", s->seal, PTR_TO_UID(k));
708 if (r >= 0)
709 ordered_hashmap_replace(s->user_journals, k, f);
710 else if (!f)
711 /* Old file has been closed and deallocated */
712 ordered_hashmap_remove(s->user_journals, k);
713 }
714
715 /* Finally, also rotate all user journals we currently do not have open. (But do so only if we
716 * actually have access to /var, i.e. are not in the log-to-runtime-journal mode). */
717 if (!s->runtime_journal)
718 (void) server_archive_offline_user_journals(s);
719
720 server_process_deferred_closes(s);
721 }
722
723 static void server_rotate_journal(Server *s, JournalFile *f, uid_t uid) {
724 int r;
725
726 assert(s);
727 assert(f);
728
729 /* This is similar to server_rotate(), but rotates only specified journal file.
730 *
731 * 💣💣💣 This invalidate 'f', and the caller cannot reuse the passed JournalFile object. 💣💣💣 */
732
733 if (f == s->system_journal)
734 (void) server_do_rotate(s, &s->system_journal, "system", s->seal, /* uid= */ 0);
735 else if (f == s->runtime_journal)
736 (void) server_do_rotate(s, &s->runtime_journal, "runtime", /* seal= */ false, /* uid= */ 0);
737 else {
738 assert(ordered_hashmap_get(s->user_journals, UID_TO_PTR(uid)) == f);
739 r = server_do_rotate(s, &f, "user", s->seal, uid);
740 if (r >= 0)
741 ordered_hashmap_replace(s->user_journals, UID_TO_PTR(uid), f);
742 else if (!f)
743 /* Old file has been closed and deallocated */
744 ordered_hashmap_remove(s->user_journals, UID_TO_PTR(uid));
745 }
746
747 server_process_deferred_closes(s);
748 }
749
750 void server_sync(Server *s) {
751 JournalFile *f;
752 int r;
753
754 if (s->system_journal) {
755 r = journal_file_set_offline(s->system_journal, false);
756 if (r < 0)
757 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
758 "Failed to sync system journal, ignoring: %m");
759 }
760
761 ORDERED_HASHMAP_FOREACH(f, s->user_journals) {
762 r = journal_file_set_offline(f, false);
763 if (r < 0)
764 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
765 "Failed to sync user journal, ignoring: %m");
766 }
767
768 if (s->sync_event_source) {
769 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_OFF);
770 if (r < 0)
771 log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT,
772 "Failed to disable sync timer source: %m");
773 }
774
775 s->sync_scheduled = false;
776 }
777
778 static void server_do_vacuum(Server *s, JournalStorage *storage, bool verbose) {
779
780 int r;
781
782 assert(s);
783 assert(storage);
784
785 (void) cache_space_refresh(s, storage);
786
787 if (verbose)
788 server_space_usage_message(s, storage);
789
790 r = journal_directory_vacuum(storage->path, storage->space.limit,
791 storage->metrics.n_max_files, s->max_retention_usec,
792 &s->oldest_file_usec, verbose);
793 if (r < 0 && r != -ENOENT)
794 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
795 "Failed to vacuum %s, ignoring: %m", storage->path);
796
797 cache_space_invalidate(&storage->space);
798 }
799
800 void server_vacuum(Server *s, bool verbose) {
801 assert(s);
802
803 log_debug("Vacuuming...");
804
805 s->oldest_file_usec = 0;
806
807 if (s->system_journal)
808 server_do_vacuum(s, &s->system_storage, verbose);
809 if (s->runtime_journal)
810 server_do_vacuum(s, &s->runtime_storage, verbose);
811 }
812
813 static void server_cache_machine_id(Server *s) {
814 sd_id128_t id;
815 int r;
816
817 assert(s);
818
819 r = sd_id128_get_machine(&id);
820 if (r < 0)
821 return;
822
823 sd_id128_to_string(id, stpcpy(s->machine_id_field, "_MACHINE_ID="));
824 }
825
826 static void server_cache_boot_id(Server *s) {
827 sd_id128_t id;
828 int r;
829
830 assert(s);
831
832 r = sd_id128_get_boot(&id);
833 if (r < 0)
834 return;
835
836 sd_id128_to_string(id, stpcpy(s->boot_id_field, "_BOOT_ID="));
837 }
838
839 static void server_cache_hostname(Server *s) {
840 _cleanup_free_ char *t = NULL;
841 char *x;
842
843 assert(s);
844
845 t = gethostname_malloc();
846 if (!t)
847 return;
848
849 x = strjoin("_HOSTNAME=", t);
850 if (!x)
851 return;
852
853 free_and_replace(s->hostname_field, x);
854 }
855
856 static bool shall_try_append_again(JournalFile *f, int r) {
857 switch (r) {
858
859 case -E2BIG: /* Hit configured limit */
860 case -EFBIG: /* Hit fs limit */
861 case -EDQUOT: /* Quota limit hit */
862 case -ENOSPC: /* Disk full */
863 log_debug_errno(r, "%s: Allocation limit reached, rotating.", f->path);
864 return true;
865
866 case -EROFS: /* Read-only file system */
867 /* When appending an entry fails if shall_try_append_again returns true, the journal is
868 * rotated. If the FS is read-only, rotation will fail and s->system_journal will be set to
869 * NULL. After that, when find_journal will try to open the journal since s->system_journal
870 * will be NULL, it will open the runtime journal. */
871 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Read-only file system, rotating.", f->path);
872 return true;
873
874 case -EIO: /* I/O error of some kind (mmap) */
875 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT, "%s: IO error, rotating.", f->path);
876 return true;
877
878 case -EHOSTDOWN: /* Other machine */
879 log_ratelimit_info_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Journal file from other machine, rotating.", f->path);
880 return true;
881
882 case -EBUSY: /* Unclean shutdown */
883 log_ratelimit_info_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Unclean shutdown, rotating.", f->path);
884 return true;
885
886 case -EPROTONOSUPPORT: /* Unsupported feature */
887 log_ratelimit_info_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Unsupported feature, rotating.", f->path);
888 return true;
889
890 case -EBADMSG: /* Corrupted */
891 case -ENODATA: /* Truncated */
892 case -ESHUTDOWN: /* Already archived */
893 case -EADDRNOTAVAIL: /* Referenced object offset out of bounds */
894 log_ratelimit_info_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Journal file corrupted, rotating.", f->path);
895 return true;
896
897 case -EIDRM: /* Journal file has been deleted */
898 log_ratelimit_info_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Journal file has been deleted, rotating.", f->path);
899 return true;
900
901 case -EREMCHG: /* Wallclock time (CLOCK_REALTIME) jumped backwards relative to last journal entry */
902 log_ratelimit_info_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Realtime clock jumped backwards relative to last journal entry, rotating.", f->path);
903 return true;
904
905 case -ENOTNAM: /* Monotonic time (CLOCK_MONOTONIC) jumped backwards relative to last journal entry with the same boot ID */
906 log_ratelimit_info_errno(
907 r,
908 JOURNAL_LOG_RATELIMIT,
909 "%s: Monotonic clock jumped backwards relative to last journal entry with the same boot ID, rotating.",
910 f->path);
911 return true;
912
913 case -EILSEQ: /* seqnum ID last used in the file doesn't match the one we'd passed when writing an entry to it */
914 log_ratelimit_info_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Journal file uses a different sequence number ID, rotating.", f->path);
915 return true;
916
917 case -EAFNOSUPPORT:
918 log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Underlying file system does not support memory mapping or another required file system feature.", f->path);
919 return false;
920
921 default:
922 log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT, "%s: Unexpected error while writing to journal file: %m", f->path);
923 return false;
924 }
925 }
926
927 static void server_write_to_journal(
928 Server *s,
929 uid_t uid,
930 const struct iovec *iovec,
931 size_t n,
932 int priority) {
933
934 bool vacuumed = false;
935 struct dual_timestamp ts;
936 JournalFile *f;
937 int r;
938
939 assert(s);
940 assert(iovec);
941 assert(n > 0);
942
943 /* Get the closest, linearized time we have for this log event from the event loop. (Note that we do not use
944 * the source time, and not even the time the event was originally seen, but instead simply the time we started
945 * processing it, as we want strictly linear ordering in what we write out.) */
946 assert_se(sd_event_now(s->event, CLOCK_REALTIME, &ts.realtime) >= 0);
947 assert_se(sd_event_now(s->event, CLOCK_MONOTONIC, &ts.monotonic) >= 0);
948
949 if (ts.realtime < s->last_realtime_clock) {
950 /* When the time jumps backwards, let's immediately rotate. Of course, this should not happen during
951 * regular operation. However, when it does happen, then we should make sure that we start fresh files
952 * to ensure that the entries in the journal files are strictly ordered by time, in order to ensure
953 * bisection works correctly. */
954
955 log_ratelimit_info(JOURNAL_LOG_RATELIMIT, "Time jumped backwards, rotating.");
956 server_rotate(s);
957 server_vacuum(s, /* verbose = */ false);
958 vacuumed = true;
959 }
960
961 f = server_find_journal(s, uid);
962 if (!f)
963 return;
964
965 if (journal_file_rotate_suggested(f, s->max_file_usec, LOG_DEBUG)) {
966 if (vacuumed) {
967 log_ratelimit_warning(JOURNAL_LOG_RATELIMIT,
968 "Suppressing rotation, as we already rotated immediately before write attempt. Giving up.");
969 return;
970 }
971
972 log_debug("%s: Journal header limits reached or header out-of-date, rotating.", f->path);
973
974 server_rotate_journal(s, TAKE_PTR(f), uid);
975 server_vacuum(s, /* verbose = */ false);
976 vacuumed = true;
977
978 f = server_find_journal(s, uid);
979 if (!f)
980 return;
981 }
982
983 s->last_realtime_clock = ts.realtime;
984
985 r = journal_file_append_entry(
986 f,
987 &ts,
988 /* boot_id= */ NULL,
989 iovec, n,
990 &s->seqnum->seqnum,
991 &s->seqnum->id,
992 /* ret_object= */ NULL,
993 /* ret_offset= */ NULL);
994 if (r >= 0) {
995 server_schedule_sync(s, priority);
996 return;
997 }
998
999 log_debug_errno(r, "Failed to write entry to %s (%zu items, %zu bytes): %m", f->path, n, iovec_total_size(iovec, n));
1000
1001 if (!shall_try_append_again(f, r))
1002 return;
1003 if (vacuumed) {
1004 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
1005 "Suppressing rotation, as we already rotated immediately before write attempt. Giving up.");
1006 return;
1007 }
1008
1009 server_rotate_journal(s, TAKE_PTR(f), uid);
1010 server_vacuum(s, /* verbose = */ false);
1011
1012 f = server_find_journal(s, uid);
1013 if (!f)
1014 return;
1015
1016 log_debug_errno(r, "Retrying write.");
1017 r = journal_file_append_entry(
1018 f,
1019 &ts,
1020 /* boot_id= */ NULL,
1021 iovec, n,
1022 &s->seqnum->seqnum,
1023 &s->seqnum->id,
1024 /* ret_object= */ NULL,
1025 /* ret_offset= */ NULL);
1026 if (r < 0)
1027 log_ratelimit_error_errno(r, FAILED_TO_WRITE_ENTRY_RATELIMIT,
1028 "Failed to write entry to %s (%zu items, %zu bytes) despite vacuuming, ignoring: %m",
1029 f->path, n, iovec_total_size(iovec, n));
1030 else
1031 server_schedule_sync(s, priority);
1032 }
1033
1034 #define IOVEC_ADD_NUMERIC_FIELD(iovec, n, value, type, isset, format, field) \
1035 if (isset(value)) { \
1036 char *k; \
1037 k = newa(char, STRLEN(field "=") + DECIMAL_STR_MAX(type) + 1); \
1038 sprintf(k, field "=" format, value); \
1039 iovec[n++] = IOVEC_MAKE_STRING(k); \
1040 }
1041
1042 #define IOVEC_ADD_STRING_FIELD(iovec, n, value, field) \
1043 if (!isempty(value)) { \
1044 char *k; \
1045 k = strjoina(field "=", value); \
1046 iovec[n++] = IOVEC_MAKE_STRING(k); \
1047 }
1048
1049 #define IOVEC_ADD_ID128_FIELD(iovec, n, value, field) \
1050 if (!sd_id128_is_null(value)) { \
1051 char *k; \
1052 k = newa(char, STRLEN(field "=") + SD_ID128_STRING_MAX); \
1053 sd_id128_to_string(value, stpcpy(k, field "=")); \
1054 iovec[n++] = IOVEC_MAKE_STRING(k); \
1055 }
1056
1057 #define IOVEC_ADD_SIZED_FIELD(iovec, n, value, value_size, field) \
1058 if (value_size > 0) { \
1059 char *k; \
1060 k = newa(char, STRLEN(field "=") + value_size + 1); \
1061 *((char*) mempcpy(stpcpy(k, field "="), value, value_size)) = 0; \
1062 iovec[n++] = IOVEC_MAKE_STRING(k); \
1063 } \
1064
1065 static void server_dispatch_message_real(
1066 Server *s,
1067 struct iovec *iovec, size_t n, size_t m,
1068 const ClientContext *c,
1069 const struct timeval *tv,
1070 int priority,
1071 pid_t object_pid) {
1072
1073 char source_time[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)];
1074 _unused_ _cleanup_free_ char *cmdline1 = NULL, *cmdline2 = NULL;
1075 uid_t journal_uid;
1076 ClientContext *o;
1077
1078 assert(s);
1079 assert(iovec);
1080 assert(n > 0);
1081 assert(n +
1082 N_IOVEC_META_FIELDS +
1083 (pid_is_valid(object_pid) ? N_IOVEC_OBJECT_FIELDS : 0) +
1084 client_context_extra_fields_n_iovec(c) <= m);
1085
1086 if (c) {
1087 IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->pid, pid_t, pid_is_valid, PID_FMT, "_PID");
1088 IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->uid, uid_t, uid_is_valid, UID_FMT, "_UID");
1089 IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->gid, gid_t, gid_is_valid, GID_FMT, "_GID");
1090
1091 IOVEC_ADD_STRING_FIELD(iovec, n, c->comm, "_COMM"); /* At most TASK_COMM_LENGTH (16 bytes) */
1092 IOVEC_ADD_STRING_FIELD(iovec, n, c->exe, "_EXE"); /* A path, so at most PATH_MAX (4096 bytes) */
1093
1094 if (c->cmdline)
1095 /* At most _SC_ARG_MAX (2MB usually), which is too much to put on stack.
1096 * Let's use a heap allocation for this one. */
1097 cmdline1 = set_iovec_string_field(iovec, &n, "_CMDLINE=", c->cmdline);
1098
1099 IOVEC_ADD_STRING_FIELD(iovec, n, c->capeff, "_CAP_EFFECTIVE"); /* Read from /proc/.../status */
1100 IOVEC_ADD_SIZED_FIELD(iovec, n, c->label, c->label_size, "_SELINUX_CONTEXT");
1101 IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->auditid, uint32_t, audit_session_is_valid, "%" PRIu32, "_AUDIT_SESSION");
1102 IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->loginuid, uid_t, uid_is_valid, UID_FMT, "_AUDIT_LOGINUID");
1103
1104 IOVEC_ADD_STRING_FIELD(iovec, n, c->cgroup, "_SYSTEMD_CGROUP"); /* A path */
1105 IOVEC_ADD_STRING_FIELD(iovec, n, c->session, "_SYSTEMD_SESSION");
1106 IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->owner_uid, uid_t, uid_is_valid, UID_FMT, "_SYSTEMD_OWNER_UID");
1107 IOVEC_ADD_STRING_FIELD(iovec, n, c->unit, "_SYSTEMD_UNIT"); /* Unit names are bounded by UNIT_NAME_MAX */
1108 IOVEC_ADD_STRING_FIELD(iovec, n, c->user_unit, "_SYSTEMD_USER_UNIT");
1109 IOVEC_ADD_STRING_FIELD(iovec, n, c->slice, "_SYSTEMD_SLICE");
1110 IOVEC_ADD_STRING_FIELD(iovec, n, c->user_slice, "_SYSTEMD_USER_SLICE");
1111
1112 IOVEC_ADD_ID128_FIELD(iovec, n, c->invocation_id, "_SYSTEMD_INVOCATION_ID");
1113
1114 if (c->extra_fields_n_iovec > 0) {
1115 memcpy(iovec + n, c->extra_fields_iovec, c->extra_fields_n_iovec * sizeof(struct iovec));
1116 n += c->extra_fields_n_iovec;
1117 }
1118 }
1119
1120 assert(n <= m);
1121
1122 if (pid_is_valid(object_pid) && client_context_get(s, object_pid, NULL, NULL, 0, NULL, &o) >= 0) {
1123
1124 IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->pid, pid_t, pid_is_valid, PID_FMT, "OBJECT_PID");
1125 IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->uid, uid_t, uid_is_valid, UID_FMT, "OBJECT_UID");
1126 IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->gid, gid_t, gid_is_valid, GID_FMT, "OBJECT_GID");
1127
1128 /* See above for size limits, only ->cmdline may be large, so use a heap allocation for it. */
1129 IOVEC_ADD_STRING_FIELD(iovec, n, o->comm, "OBJECT_COMM");
1130 IOVEC_ADD_STRING_FIELD(iovec, n, o->exe, "OBJECT_EXE");
1131 if (o->cmdline)
1132 cmdline2 = set_iovec_string_field(iovec, &n, "OBJECT_CMDLINE=", o->cmdline);
1133
1134 IOVEC_ADD_STRING_FIELD(iovec, n, o->capeff, "OBJECT_CAP_EFFECTIVE");
1135 IOVEC_ADD_SIZED_FIELD(iovec, n, o->label, o->label_size, "OBJECT_SELINUX_CONTEXT");
1136 IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->auditid, uint32_t, audit_session_is_valid, "%" PRIu32, "OBJECT_AUDIT_SESSION");
1137 IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->loginuid, uid_t, uid_is_valid, UID_FMT, "OBJECT_AUDIT_LOGINUID");
1138
1139 IOVEC_ADD_STRING_FIELD(iovec, n, o->cgroup, "OBJECT_SYSTEMD_CGROUP");
1140 IOVEC_ADD_STRING_FIELD(iovec, n, o->session, "OBJECT_SYSTEMD_SESSION");
1141 IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->owner_uid, uid_t, uid_is_valid, UID_FMT, "OBJECT_SYSTEMD_OWNER_UID");
1142 IOVEC_ADD_STRING_FIELD(iovec, n, o->unit, "OBJECT_SYSTEMD_UNIT");
1143 IOVEC_ADD_STRING_FIELD(iovec, n, o->user_unit, "OBJECT_SYSTEMD_USER_UNIT");
1144 IOVEC_ADD_STRING_FIELD(iovec, n, o->slice, "OBJECT_SYSTEMD_SLICE");
1145 IOVEC_ADD_STRING_FIELD(iovec, n, o->user_slice, "OBJECT_SYSTEMD_USER_SLICE");
1146
1147 IOVEC_ADD_ID128_FIELD(iovec, n, o->invocation_id, "OBJECT_SYSTEMD_INVOCATION_ID");
1148 }
1149
1150 assert(n <= m);
1151
1152 if (tv) {
1153 sprintf(source_time, "_SOURCE_REALTIME_TIMESTAMP=" USEC_FMT, timeval_load(tv));
1154 iovec[n++] = IOVEC_MAKE_STRING(source_time);
1155 }
1156
1157 /* Note that strictly speaking storing the boot id here is
1158 * redundant since the entry includes this in-line
1159 * anyway. However, we need this indexed, too. */
1160 if (!isempty(s->boot_id_field))
1161 iovec[n++] = IOVEC_MAKE_STRING(s->boot_id_field);
1162
1163 if (!isempty(s->machine_id_field))
1164 iovec[n++] = IOVEC_MAKE_STRING(s->machine_id_field);
1165
1166 if (!isempty(s->hostname_field))
1167 iovec[n++] = IOVEC_MAKE_STRING(s->hostname_field);
1168
1169 if (!isempty(s->namespace_field))
1170 iovec[n++] = IOVEC_MAKE_STRING(s->namespace_field);
1171
1172 iovec[n++] = in_initrd() ? IOVEC_MAKE_STRING("_RUNTIME_SCOPE=initrd") : IOVEC_MAKE_STRING("_RUNTIME_SCOPE=system");
1173 assert(n <= m);
1174
1175 if (s->split_mode == SPLIT_UID && c && uid_is_valid(c->uid))
1176 /* Split up strictly by (non-root) UID */
1177 journal_uid = c->uid;
1178 else if (s->split_mode == SPLIT_LOGIN && c && c->uid > 0 && uid_is_valid(c->owner_uid))
1179 /* Split up by login UIDs. We do this only if the
1180 * realuid is not root, in order not to accidentally
1181 * leak privileged information to the user that is
1182 * logged by a privileged process that is part of an
1183 * unprivileged session. */
1184 journal_uid = c->owner_uid;
1185 else
1186 journal_uid = 0;
1187
1188 (void) server_forward_socket(s, iovec, n, priority);
1189
1190 server_write_to_journal(s, journal_uid, iovec, n, priority);
1191 }
1192
1193 void server_driver_message(Server *s, pid_t object_pid, const char *message_id, const char *format, ...) {
1194
1195 struct iovec *iovec;
1196 size_t n = 0, k, m;
1197 va_list ap;
1198 int r;
1199
1200 assert(s);
1201 assert(format);
1202
1203 m = N_IOVEC_META_FIELDS + 5 + N_IOVEC_PAYLOAD_FIELDS + client_context_extra_fields_n_iovec(s->my_context) + N_IOVEC_OBJECT_FIELDS;
1204 iovec = newa(struct iovec, m);
1205
1206 assert_cc(3 == LOG_FAC(LOG_DAEMON));
1207 iovec[n++] = IOVEC_MAKE_STRING("SYSLOG_FACILITY=3");
1208 iovec[n++] = IOVEC_MAKE_STRING("SYSLOG_IDENTIFIER=systemd-journald");
1209
1210 iovec[n++] = IOVEC_MAKE_STRING("_TRANSPORT=driver");
1211 assert_cc(6 == LOG_INFO);
1212 iovec[n++] = IOVEC_MAKE_STRING("PRIORITY=6");
1213
1214 if (message_id)
1215 iovec[n++] = IOVEC_MAKE_STRING(message_id);
1216 k = n;
1217
1218 va_start(ap, format);
1219 r = log_format_iovec(iovec, m, &n, false, 0, format, ap);
1220 /* Error handling below */
1221 va_end(ap);
1222
1223 if (r >= 0)
1224 server_dispatch_message_real(s, iovec, n, m, s->my_context, /* tv= */ NULL, LOG_INFO, object_pid);
1225
1226 while (k < n)
1227 free(iovec[k++].iov_base);
1228
1229 if (r < 0) {
1230 /* We failed to format the message. Emit a warning instead. */
1231 char buf[LINE_MAX];
1232
1233 errno = -r;
1234 xsprintf(buf, "MESSAGE=Entry printing failed: %m");
1235
1236 n = 3;
1237 iovec[n++] = IOVEC_MAKE_STRING("PRIORITY=4");
1238 iovec[n++] = IOVEC_MAKE_STRING(buf);
1239 server_dispatch_message_real(s, iovec, n, m, s->my_context, /* tv= */ NULL, LOG_INFO, object_pid);
1240 }
1241 }
1242
1243 void server_dispatch_message(
1244 Server *s,
1245 struct iovec *iovec, size_t n, size_t m,
1246 ClientContext *c,
1247 const struct timeval *tv,
1248 int priority,
1249 pid_t object_pid) {
1250
1251 uint64_t available = 0;
1252 int rl;
1253
1254 assert(s);
1255 assert(iovec || n == 0);
1256
1257 if (n == 0)
1258 return;
1259
1260 if (LOG_PRI(priority) > s->max_level_store)
1261 return;
1262
1263 /* Stop early in case the information will not be stored
1264 * in a journal. */
1265 if (s->storage == STORAGE_NONE)
1266 return;
1267
1268 if (c && c->unit) {
1269 (void) server_determine_space(s, &available, /* limit= */ NULL);
1270
1271 rl = journal_ratelimit_test(s->ratelimit, c->unit, c->log_ratelimit_interval, c->log_ratelimit_burst, priority & LOG_PRIMASK, available);
1272 if (rl == 0)
1273 return;
1274
1275 /* Write a suppression message if we suppressed something */
1276 if (rl > 1)
1277 server_driver_message(s, c->pid,
1278 "MESSAGE_ID=" SD_MESSAGE_JOURNAL_DROPPED_STR,
1279 LOG_MESSAGE("Suppressed %i messages from %s", rl - 1, c->unit),
1280 "N_DROPPED=%i", rl - 1,
1281 NULL);
1282 }
1283
1284 server_dispatch_message_real(s, iovec, n, m, c, tv, priority, object_pid);
1285 }
1286
1287 int server_flush_to_var(Server *s, bool require_flag_file) {
1288 sd_journal *j = NULL;
1289 const char *fn;
1290 unsigned n = 0;
1291 usec_t start;
1292 int r, k;
1293
1294 assert(s);
1295
1296 if (!IN_SET(s->storage, STORAGE_AUTO, STORAGE_PERSISTENT))
1297 return 0;
1298
1299 if (s->namespace) /* Flushing concept does not exist for namespace instances */
1300 return 0;
1301
1302 if (!s->runtime_journal) /* Nothing to flush? */
1303 return 0;
1304
1305 if (require_flag_file && !server_flushed_flag_is_set(s))
1306 return 0;
1307
1308 (void) server_system_journal_open(s, /* flush_requested=*/ true, /* relinquish_requested= */ false);
1309
1310 if (!s->system_journal)
1311 return 0;
1312
1313 /* Reset current seqnum data to avoid unnecessary rotation when switching to system journal.
1314 * See issue #30092. */
1315 zero(*s->seqnum);
1316
1317 log_debug("Flushing to %s...", s->system_storage.path);
1318
1319 start = now(CLOCK_MONOTONIC);
1320
1321 r = sd_journal_open(&j, SD_JOURNAL_RUNTIME_ONLY);
1322 if (r < 0)
1323 return log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT,
1324 "Failed to read runtime journal: %m");
1325
1326 sd_journal_set_data_threshold(j, 0);
1327
1328 SD_JOURNAL_FOREACH(j) {
1329 Object *o = NULL;
1330 JournalFile *f;
1331
1332 f = j->current_file;
1333 assert(f && f->current_offset > 0);
1334
1335 n++;
1336
1337 r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
1338 if (r < 0) {
1339 log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT, "Can't read entry: %m");
1340 goto finish;
1341 }
1342
1343 r = journal_file_copy_entry(
1344 f,
1345 s->system_journal,
1346 o,
1347 f->current_offset,
1348 &s->seqnum->seqnum,
1349 &s->seqnum->id);
1350 if (r >= 0)
1351 continue;
1352
1353 if (!shall_try_append_again(s->system_journal, r)) {
1354 log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT, "Can't write entry: %m");
1355 goto finish;
1356 }
1357
1358 log_ratelimit_info(JOURNAL_LOG_RATELIMIT, "Rotating system journal.");
1359
1360 server_rotate_journal(s, s->system_journal, /* uid = */ 0);
1361 server_vacuum(s, /* verbose = */ false);
1362
1363 if (!s->system_journal) {
1364 log_ratelimit_notice(JOURNAL_LOG_RATELIMIT,
1365 "Didn't flush runtime journal since rotation of system journal wasn't successful.");
1366 r = -EIO;
1367 goto finish;
1368 }
1369
1370 log_debug("Retrying write.");
1371 r = journal_file_copy_entry(
1372 f,
1373 s->system_journal,
1374 o,
1375 f->current_offset,
1376 &s->seqnum->seqnum,
1377 &s->seqnum->id);
1378 if (r < 0) {
1379 log_ratelimit_error_errno(r, JOURNAL_LOG_RATELIMIT, "Can't write entry: %m");
1380 goto finish;
1381 }
1382 }
1383
1384 r = 0;
1385
1386 finish:
1387 if (s->system_journal)
1388 journal_file_post_change(s->system_journal);
1389
1390 /* Save parent directories of runtime journals before closing runtime journals. */
1391 _cleanup_strv_free_ char **dirs = NULL;
1392 (void) journal_get_directories(j, &dirs);
1393
1394 /* First, close all runtime journals opened in the above. */
1395 sd_journal_close(j);
1396
1397 /* Offline and close the 'main' runtime journal file. */
1398 s->runtime_journal = journal_file_offline_close(s->runtime_journal);
1399
1400 /* Remove the runtime directory if the all entries are successfully flushed to /var/. */
1401 if (r >= 0) {
1402 (void) rm_rf(s->runtime_storage.path, REMOVE_ROOT);
1403
1404 /* The initrd may have a different machine ID from the host's one. Typically, that happens
1405 * when our tests running on qemu, as the host's initrd is picked as is without updating
1406 * the machine ID in the initrd with the one used in the image. Even in such the case, the
1407 * runtime journals in the subdirectory named with the initrd's machine ID are flushed to
1408 * the persistent journal. To make not the runtime journal flushed multiple times, let's
1409 * also remove the runtime directories. */
1410 STRV_FOREACH(p, dirs)
1411 (void) rm_rf(*p, REMOVE_ROOT);
1412 }
1413
1414 server_driver_message(s, 0, NULL,
1415 LOG_MESSAGE("Time spent on flushing to %s is %s for %u entries.",
1416 s->system_storage.path,
1417 FORMAT_TIMESPAN(usec_sub_unsigned(now(CLOCK_MONOTONIC), start), 0),
1418 n),
1419 NULL);
1420
1421 fn = strjoina(s->runtime_directory, "/flushed");
1422 k = touch(fn);
1423 if (k < 0)
1424 log_ratelimit_warning_errno(k, JOURNAL_LOG_RATELIMIT,
1425 "Failed to touch %s, ignoring: %m", fn);
1426
1427 server_refresh_idle_timer(s);
1428 return r;
1429 }
1430
1431 static int server_relinquish_var(Server *s) {
1432 const char *fn;
1433 assert(s);
1434
1435 if (s->storage == STORAGE_NONE)
1436 return 0;
1437
1438 if (s->namespace) /* Concept does not exist for namespaced instances */
1439 return -EOPNOTSUPP;
1440
1441 if (s->runtime_journal && !s->system_journal)
1442 return 0;
1443
1444 log_debug("Relinquishing %s...", s->system_storage.path);
1445
1446 (void) server_system_journal_open(s, /* flush_requested */ false, /* relinquish_requested=*/ true);
1447
1448 s->system_journal = journal_file_offline_close(s->system_journal);
1449 ordered_hashmap_clear_with_destructor(s->user_journals, journal_file_offline_close);
1450 set_clear_with_destructor(s->deferred_closes, journal_file_offline_close);
1451
1452 fn = strjoina(s->runtime_directory, "/flushed");
1453 if (unlink(fn) < 0 && errno != ENOENT)
1454 log_ratelimit_warning_errno(errno, JOURNAL_LOG_RATELIMIT,
1455 "Failed to unlink %s, ignoring: %m", fn);
1456
1457 server_refresh_idle_timer(s);
1458 return 0;
1459 }
1460
1461 int server_process_datagram(
1462 sd_event_source *es,
1463 int fd,
1464 uint32_t revents,
1465 void *userdata) {
1466
1467 size_t label_len = 0, m;
1468 Server *s = ASSERT_PTR(userdata);
1469 struct ucred *ucred = NULL;
1470 struct timeval tv_buf, *tv = NULL;
1471 struct cmsghdr *cmsg;
1472 char *label = NULL;
1473 struct iovec iovec;
1474 ssize_t n;
1475 int *fds = NULL, v = 0;
1476 size_t n_fds = 0;
1477
1478 /* We use NAME_MAX space for the SELinux label here. The kernel currently enforces no limit, but
1479 * according to suggestions from the SELinux people this will change and it will probably be
1480 * identical to NAME_MAX. For now we use that, but this should be updated one day when the final
1481 * limit is known.
1482 *
1483 * Here, we need to explicitly initialize the buffer with zero, as glibc has a bug in
1484 * __convert_scm_timestamps(), which assumes the buffer is initialized. See #20741. */
1485 CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct ucred)) +
1486 CMSG_SPACE_TIMEVAL +
1487 CMSG_SPACE(sizeof(int)) + /* fd */
1488 CMSG_SPACE(NAME_MAX) /* selinux label */) control = {};
1489
1490 union sockaddr_union sa = {};
1491
1492 struct msghdr msghdr = {
1493 .msg_iov = &iovec,
1494 .msg_iovlen = 1,
1495 .msg_control = &control,
1496 .msg_controllen = sizeof(control),
1497 .msg_name = &sa,
1498 .msg_namelen = sizeof(sa),
1499 };
1500
1501 assert(fd == s->native_fd || fd == s->syslog_fd || fd == s->audit_fd);
1502
1503 if (revents != EPOLLIN)
1504 return log_error_errno(SYNTHETIC_ERRNO(EIO),
1505 "Got invalid event from epoll for datagram fd: %" PRIx32,
1506 revents);
1507
1508 /* Try to get the right size, if we can. (Not all sockets support SIOCINQ, hence we just try, but don't rely on
1509 * it.) */
1510 (void) ioctl(fd, SIOCINQ, &v);
1511
1512 /* Fix it up, if it is too small. We use the same fixed value as auditd here. Awful! */
1513 m = PAGE_ALIGN(MAX3((size_t) v + 1,
1514 (size_t) LINE_MAX,
1515 ALIGN(sizeof(struct nlmsghdr)) + ALIGN((size_t) MAX_AUDIT_MESSAGE_LENGTH)) + 1);
1516
1517 if (!GREEDY_REALLOC(s->buffer, m))
1518 return log_oom();
1519
1520 iovec = IOVEC_MAKE(s->buffer, MALLOC_ELEMENTSOF(s->buffer) - 1); /* Leave room for trailing NUL we add later */
1521
1522 n = recvmsg_safe(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
1523 if (n < 0) {
1524 if (ERRNO_IS_TRANSIENT(n))
1525 return 0;
1526 if (n == -EXFULL) {
1527 log_ratelimit_warning(JOURNAL_LOG_RATELIMIT,
1528 "Got message with truncated control data (too many fds sent?), ignoring.");
1529 return 0;
1530 }
1531 return log_ratelimit_error_errno(n, JOURNAL_LOG_RATELIMIT, "recvmsg() failed: %m");
1532 }
1533
1534 CMSG_FOREACH(cmsg, &msghdr)
1535 if (cmsg->cmsg_level == SOL_SOCKET &&
1536 cmsg->cmsg_type == SCM_CREDENTIALS &&
1537 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
1538 assert(!ucred);
1539 ucred = CMSG_TYPED_DATA(cmsg, struct ucred);
1540 } else if (cmsg->cmsg_level == SOL_SOCKET &&
1541 cmsg->cmsg_type == SCM_SECURITY) {
1542 assert(!label);
1543 label = CMSG_TYPED_DATA(cmsg, char);
1544 label_len = cmsg->cmsg_len - CMSG_LEN(0);
1545 } else if (cmsg->cmsg_level == SOL_SOCKET &&
1546 cmsg->cmsg_type == SCM_TIMESTAMP &&
1547 cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval))) {
1548 assert(!tv);
1549 tv = memcpy(&tv_buf, CMSG_DATA(cmsg), sizeof(struct timeval));
1550 } else if (cmsg->cmsg_level == SOL_SOCKET &&
1551 cmsg->cmsg_type == SCM_RIGHTS) {
1552 assert(!fds);
1553 fds = CMSG_TYPED_DATA(cmsg, int);
1554 n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
1555 }
1556
1557 /* And a trailing NUL, just in case */
1558 s->buffer[n] = 0;
1559
1560 if (fd == s->syslog_fd) {
1561 if (n > 0 && n_fds == 0)
1562 server_process_syslog_message(s, s->buffer, n, ucred, tv, label, label_len);
1563 else if (n_fds > 0)
1564 log_ratelimit_warning(JOURNAL_LOG_RATELIMIT,
1565 "Got file descriptors via syslog socket. Ignoring.");
1566
1567 } else if (fd == s->native_fd) {
1568 if (n > 0 && n_fds == 0)
1569 server_process_native_message(s, s->buffer, n, ucred, tv, label, label_len);
1570 else if (n == 0 && n_fds == 1)
1571 (void) server_process_native_file(s, fds[0], ucred, tv, label, label_len);
1572 else if (n_fds > 0)
1573 log_ratelimit_warning(JOURNAL_LOG_RATELIMIT,
1574 "Got too many file descriptors via native socket. Ignoring.");
1575
1576 } else {
1577 assert(fd == s->audit_fd);
1578
1579 if (n > 0 && n_fds == 0)
1580 server_process_audit_message(s, s->buffer, n, ucred, &sa, msghdr.msg_namelen);
1581 else if (n_fds > 0)
1582 log_ratelimit_warning(JOURNAL_LOG_RATELIMIT,
1583 "Got file descriptors via audit socket. Ignoring.");
1584 }
1585
1586 close_many(fds, n_fds);
1587
1588 server_refresh_idle_timer(s);
1589 return 0;
1590 }
1591
1592 static void server_full_flush(Server *s) {
1593 assert(s);
1594
1595 (void) server_flush_to_var(s, false);
1596 server_sync(s);
1597 server_vacuum(s, false);
1598
1599 server_space_usage_message(s, NULL);
1600
1601 server_refresh_idle_timer(s);
1602 }
1603
1604 static int dispatch_sigusr1(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1605 Server *s = ASSERT_PTR(userdata);
1606
1607 if (s->namespace) {
1608 log_error("Received SIGUSR1 signal from PID %u, but flushing runtime journals not supported for namespaced instances.", si->ssi_pid);
1609 return 0;
1610 }
1611
1612 log_info("Received SIGUSR1 signal from PID %u, as request to flush runtime journal.", si->ssi_pid);
1613 server_full_flush(s);
1614
1615 return 0;
1616 }
1617
1618 static void server_full_rotate(Server *s) {
1619 const char *fn;
1620 int r;
1621
1622 assert(s);
1623
1624 server_rotate(s);
1625 server_vacuum(s, true);
1626
1627 if (s->system_journal)
1628 patch_min_use(&s->system_storage);
1629 if (s->runtime_journal)
1630 patch_min_use(&s->runtime_storage);
1631
1632 /* Let clients know when the most recent rotation happened. */
1633 fn = strjoina(s->runtime_directory, "/rotated");
1634 r = write_timestamp_file_atomic(fn, now(CLOCK_MONOTONIC));
1635 if (r < 0)
1636 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
1637 "Failed to write %s, ignoring: %m", fn);
1638 }
1639
1640 static int dispatch_sigusr2(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1641 Server *s = ASSERT_PTR(userdata);
1642
1643 log_info("Received SIGUSR2 signal from PID %u, as request to rotate journal, rotating.", si->ssi_pid);
1644 server_full_rotate(s);
1645
1646 return 0;
1647 }
1648
1649 static int dispatch_sigterm(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1650 _cleanup_(sd_event_source_disable_unrefp) sd_event_source *news = NULL;
1651 Server *s = ASSERT_PTR(userdata);
1652 int r;
1653
1654 log_received_signal(LOG_INFO, si);
1655
1656 (void) sd_event_source_set_enabled(es, SD_EVENT_OFF); /* Make sure this handler is called at most once */
1657
1658 /* So on one hand we want to ensure that SIGTERMs are definitely handled in appropriate, bounded
1659 * time. On the other hand we want that everything pending is first comprehensively processed and
1660 * written to disk. These goals are incompatible, hence we try to find a middle ground: we'll process
1661 * SIGTERM with high priority, but from the handler (this one right here) we'll install two new event
1662 * sources: one low priority idle one that will issue the exit once everything else is processed (and
1663 * which is hopefully the regular, clean codepath); and one high priority timer that acts as safety
1664 * net: if our idle handler isn't run within 10s, we'll exit anyway.
1665 *
1666 * TLDR: we'll exit either when everything is processed, or after 10s max, depending on what happens
1667 * first.
1668 *
1669 * Note that exiting before the idle event is hit doesn't typically mean that we lose any data, as
1670 * messages will remain queued in the sockets they came in from, and thus can be processed when we
1671 * start up next – unless we are going down for the final system shutdown, in which case everything
1672 * is lost. */
1673
1674 r = sd_event_add_defer(s->event, &news, NULL, NULL); /* NULL handler means → exit when triggered */
1675 if (r < 0) {
1676 log_error_errno(r, "Failed to allocate exit idle event handler: %m");
1677 goto fail;
1678 }
1679
1680 (void) sd_event_source_set_description(news, "exit-idle");
1681
1682 /* Run everything relevant before this. */
1683 r = sd_event_source_set_priority(news, SD_EVENT_PRIORITY_NORMAL+20);
1684 if (r < 0) {
1685 log_error_errno(r, "Failed to adjust priority of exit idle event handler: %m");
1686 goto fail;
1687 }
1688
1689 /* Give up ownership, so that this event source is freed automatically when the event loop is freed. */
1690 r = sd_event_source_set_floating(news, true);
1691 if (r < 0) {
1692 log_error_errno(r, "Failed to make exit idle event handler floating: %m");
1693 goto fail;
1694 }
1695
1696 news = sd_event_source_unref(news);
1697
1698 r = sd_event_add_time_relative(s->event, &news, CLOCK_MONOTONIC, 10 * USEC_PER_SEC, 0, NULL, NULL);
1699 if (r < 0) {
1700 log_error_errno(r, "Failed to allocate exit timeout event handler: %m");
1701 goto fail;
1702 }
1703
1704 (void) sd_event_source_set_description(news, "exit-timeout");
1705
1706 r = sd_event_source_set_priority(news, SD_EVENT_PRIORITY_IMPORTANT-20); /* This is a safety net, with highest priority */
1707 if (r < 0) {
1708 log_error_errno(r, "Failed to adjust priority of exit timeout event handler: %m");
1709 goto fail;
1710 }
1711
1712 r = sd_event_source_set_floating(news, true);
1713 if (r < 0) {
1714 log_error_errno(r, "Failed to make exit timeout event handler floating: %m");
1715 goto fail;
1716 }
1717
1718 news = sd_event_source_unref(news);
1719
1720 log_debug("Exit event sources are now pending.");
1721 return 0;
1722
1723 fail:
1724 sd_event_exit(s->event, 0);
1725 return 0;
1726 }
1727
1728 static void server_full_sync(Server *s) {
1729 const char *fn;
1730 int r;
1731
1732 assert(s);
1733
1734 server_sync(s);
1735
1736 /* Let clients know when the most recent sync happened. */
1737 fn = strjoina(s->runtime_directory, "/synced");
1738 r = write_timestamp_file_atomic(fn, now(CLOCK_MONOTONIC));
1739 if (r < 0)
1740 log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT,
1741 "Failed to write %s, ignoring: %m", fn);
1742
1743 return;
1744 }
1745
1746 static int dispatch_sigrtmin1(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1747 Server *s = ASSERT_PTR(userdata);
1748
1749 log_debug("Received SIGRTMIN1 signal from PID %u, as request to sync.", si->ssi_pid);
1750 server_full_sync(s);
1751
1752 return 0;
1753 }
1754
1755 static int server_setup_signals(Server *s) {
1756 int r;
1757
1758 assert(s);
1759
1760 assert_se(sigprocmask_many(SIG_SETMASK, NULL, SIGINT, SIGTERM, SIGUSR1, SIGUSR2, SIGRTMIN+1, SIGRTMIN+18) >= 0);
1761
1762 r = sd_event_add_signal(s->event, &s->sigusr1_event_source, SIGUSR1, dispatch_sigusr1, s);
1763 if (r < 0)
1764 return r;
1765
1766 r = sd_event_add_signal(s->event, &s->sigusr2_event_source, SIGUSR2, dispatch_sigusr2, s);
1767 if (r < 0)
1768 return r;
1769
1770 r = sd_event_add_signal(s->event, &s->sigterm_event_source, SIGTERM, dispatch_sigterm, s);
1771 if (r < 0)
1772 return r;
1773
1774 /* Let's process SIGTERM early, so that we definitely react to it */
1775 r = sd_event_source_set_priority(s->sigterm_event_source, SD_EVENT_PRIORITY_IMPORTANT-10);
1776 if (r < 0)
1777 return r;
1778
1779 /* When journald is invoked on the terminal (when debugging), it's useful if C-c is handled
1780 * equivalent to SIGTERM. */
1781 r = sd_event_add_signal(s->event, &s->sigint_event_source, SIGINT, dispatch_sigterm, s);
1782 if (r < 0)
1783 return r;
1784
1785 r = sd_event_source_set_priority(s->sigint_event_source, SD_EVENT_PRIORITY_IMPORTANT-10);
1786 if (r < 0)
1787 return r;
1788
1789 /* SIGRTMIN+1 causes an immediate sync. We process this very late, so that everything else queued at
1790 * this point is really written to disk. Clients can watch /run/systemd/journal/synced with inotify
1791 * until its mtime changes to see when a sync happened. */
1792 r = sd_event_add_signal(s->event, &s->sigrtmin1_event_source, SIGRTMIN+1, dispatch_sigrtmin1, s);
1793 if (r < 0)
1794 return r;
1795
1796 r = sd_event_source_set_priority(s->sigrtmin1_event_source, SD_EVENT_PRIORITY_NORMAL+15);
1797 if (r < 0)
1798 return r;
1799
1800 r = sd_event_add_signal(s->event, NULL, SIGRTMIN+18, sigrtmin18_handler, &s->sigrtmin18_info);
1801 if (r < 0)
1802 return r;
1803
1804 return 0;
1805 }
1806
1807 static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
1808 Server *s = ASSERT_PTR(data);
1809 int r;
1810
1811 if (proc_cmdline_key_streq(key, "systemd.journald.forward_to_syslog")) {
1812
1813 r = value ? parse_boolean(value) : true;
1814 if (r < 0)
1815 log_warning("Failed to parse forward to syslog switch \"%s\". Ignoring.", value);
1816 else
1817 s->forward_to_syslog = r;
1818
1819 } else if (proc_cmdline_key_streq(key, "systemd.journald.forward_to_kmsg")) {
1820
1821 r = value ? parse_boolean(value) : true;
1822 if (r < 0)
1823 log_warning("Failed to parse forward to kmsg switch \"%s\". Ignoring.", value);
1824 else
1825 s->forward_to_kmsg = r;
1826
1827 } else if (proc_cmdline_key_streq(key, "systemd.journald.forward_to_console")) {
1828
1829 r = value ? parse_boolean(value) : true;
1830 if (r < 0)
1831 log_warning("Failed to parse forward to console switch \"%s\". Ignoring.", value);
1832 else
1833 s->forward_to_console = r;
1834
1835 } else if (proc_cmdline_key_streq(key, "systemd.journald.forward_to_wall")) {
1836
1837 r = value ? parse_boolean(value) : true;
1838 if (r < 0)
1839 log_warning("Failed to parse forward to wall switch \"%s\". Ignoring.", value);
1840 else
1841 s->forward_to_wall = r;
1842
1843 } else if (proc_cmdline_key_streq(key, "systemd.journald.max_level_console")) {
1844
1845 if (proc_cmdline_value_missing(key, value))
1846 return 0;
1847
1848 r = log_level_from_string(value);
1849 if (r < 0)
1850 log_warning("Failed to parse max level console value \"%s\". Ignoring.", value);
1851 else
1852 s->max_level_console = r;
1853
1854 } else if (proc_cmdline_key_streq(key, "systemd.journald.max_level_store")) {
1855
1856 if (proc_cmdline_value_missing(key, value))
1857 return 0;
1858
1859 r = log_level_from_string(value);
1860 if (r < 0)
1861 log_warning("Failed to parse max level store value \"%s\". Ignoring.", value);
1862 else
1863 s->max_level_store = r;
1864
1865 } else if (proc_cmdline_key_streq(key, "systemd.journald.max_level_syslog")) {
1866
1867 if (proc_cmdline_value_missing(key, value))
1868 return 0;
1869
1870 r = log_level_from_string(value);
1871 if (r < 0)
1872 log_warning("Failed to parse max level syslog value \"%s\". Ignoring.", value);
1873 else
1874 s->max_level_syslog = r;
1875
1876 } else if (proc_cmdline_key_streq(key, "systemd.journald.max_level_kmsg")) {
1877
1878 if (proc_cmdline_value_missing(key, value))
1879 return 0;
1880
1881 r = log_level_from_string(value);
1882 if (r < 0)
1883 log_warning("Failed to parse max level kmsg value \"%s\". Ignoring.", value);
1884 else
1885 s->max_level_kmsg = r;
1886
1887 } else if (proc_cmdline_key_streq(key, "systemd.journald.max_level_wall")) {
1888
1889 if (proc_cmdline_value_missing(key, value))
1890 return 0;
1891
1892 r = log_level_from_string(value);
1893 if (r < 0)
1894 log_warning("Failed to parse max level wall value \"%s\". Ignoring.", value);
1895 else
1896 s->max_level_wall = r;
1897
1898 } else if (proc_cmdline_key_streq(key, "systemd.journald.max_level_socket")) {
1899
1900 if (proc_cmdline_value_missing(key, value))
1901 return 0;
1902
1903 r = log_level_from_string(value);
1904 if (r < 0)
1905 log_warning("Failed to parse max level socket value \"%s\". Ignoring.", value);
1906 else
1907 s->max_level_socket = r;
1908
1909 } else if (startswith(key, "systemd.journald"))
1910 log_warning("Unknown journald kernel command line option \"%s\". Ignoring.", key);
1911
1912 /* do not warn about state here, since probably systemd already did */
1913 return 0;
1914 }
1915
1916 static int server_parse_config_file(Server *s) {
1917 const char *conf_file;
1918
1919 assert(s);
1920
1921 if (s->namespace)
1922 conf_file = strjoina("systemd/journald@", s->namespace, ".conf");
1923 else
1924 conf_file = "systemd/journald.conf";
1925
1926 return config_parse_standard_file_with_dropins(
1927 conf_file,
1928 "Journal\0",
1929 config_item_perf_lookup, journald_gperf_lookup,
1930 CONFIG_PARSE_WARN,
1931 /* userdata= */ s);
1932 }
1933
1934 static int server_dispatch_sync(sd_event_source *es, usec_t t, void *userdata) {
1935 Server *s = ASSERT_PTR(userdata);
1936
1937 server_sync(s);
1938 return 0;
1939 }
1940
1941 int server_schedule_sync(Server *s, int priority) {
1942 int r;
1943
1944 assert(s);
1945
1946 if (priority <= LOG_CRIT) {
1947 /* Immediately sync to disk when this is of priority CRIT, ALERT, EMERG */
1948 server_sync(s);
1949 return 0;
1950 }
1951
1952 if (!s->event || sd_event_get_state(s->event) == SD_EVENT_FINISHED) {
1953 /* Shutting down the server? Let's sync immediately. */
1954 server_sync(s);
1955 return 0;
1956 }
1957
1958 if (s->sync_scheduled)
1959 return 0;
1960
1961 if (s->sync_interval_usec > 0) {
1962
1963 if (!s->sync_event_source) {
1964 r = sd_event_add_time_relative(
1965 s->event,
1966 &s->sync_event_source,
1967 CLOCK_MONOTONIC,
1968 s->sync_interval_usec, 0,
1969 server_dispatch_sync, s);
1970 if (r < 0)
1971 return r;
1972
1973 r = sd_event_source_set_priority(s->sync_event_source, SD_EVENT_PRIORITY_IMPORTANT);
1974 } else {
1975 r = sd_event_source_set_time_relative(s->sync_event_source, s->sync_interval_usec);
1976 if (r < 0)
1977 return r;
1978
1979 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_ONESHOT);
1980 }
1981 if (r < 0)
1982 return r;
1983
1984 s->sync_scheduled = true;
1985 }
1986
1987 return 0;
1988 }
1989
1990 static int dispatch_hostname_change(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
1991 Server *s = ASSERT_PTR(userdata);
1992
1993 server_cache_hostname(s);
1994 return 0;
1995 }
1996
1997 static int server_open_hostname(Server *s) {
1998 int r;
1999
2000 assert(s);
2001
2002 s->hostname_fd = open("/proc/sys/kernel/hostname",
2003 O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
2004 if (s->hostname_fd < 0)
2005 return log_error_errno(errno, "Failed to open /proc/sys/kernel/hostname: %m");
2006
2007 r = sd_event_add_io(s->event, &s->hostname_event_source, s->hostname_fd, 0, dispatch_hostname_change, s);
2008 if (r < 0) {
2009 /* kernels prior to 3.2 don't support polling this file. Ignore
2010 * the failure. */
2011 if (r == -EPERM) {
2012 log_warning_errno(r, "Failed to register hostname fd in event loop, ignoring: %m");
2013 s->hostname_fd = safe_close(s->hostname_fd);
2014 return 0;
2015 }
2016
2017 return log_error_errno(r, "Failed to register hostname fd in event loop: %m");
2018 }
2019
2020 r = sd_event_source_set_priority(s->hostname_event_source, SD_EVENT_PRIORITY_IMPORTANT-10);
2021 if (r < 0)
2022 return log_error_errno(r, "Failed to adjust priority of hostname event source: %m");
2023
2024 return 0;
2025 }
2026
2027 static int dispatch_notify_event(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
2028 Server *s = ASSERT_PTR(userdata);
2029 int r;
2030
2031 assert(s->notify_event_source == es);
2032 assert(s->notify_fd == fd);
2033
2034 /* The $NOTIFY_SOCKET is writable again, now send exactly one
2035 * message on it. Either it's the watchdog event, the initial
2036 * READY=1 event or an stdout stream event. If there's nothing
2037 * to write anymore, turn our event source off. The next time
2038 * there's something to send it will be turned on again. */
2039
2040 if (!s->sent_notify_ready) {
2041 static const char p[] = "READY=1\n"
2042 "STATUS=Processing requests...";
2043
2044 if (send(s->notify_fd, p, strlen(p), MSG_DONTWAIT) < 0) {
2045 if (errno == EAGAIN)
2046 return 0;
2047
2048 return log_error_errno(errno, "Failed to send READY=1 notification message: %m");
2049 }
2050
2051 s->sent_notify_ready = true;
2052 log_debug("Sent READY=1 notification.");
2053
2054 } else if (s->send_watchdog) {
2055 static const char p[] = "WATCHDOG=1";
2056
2057 if (send(s->notify_fd, p, strlen(p), MSG_DONTWAIT) < 0) {
2058 if (errno == EAGAIN)
2059 return 0;
2060
2061 return log_error_errno(errno, "Failed to send WATCHDOG=1 notification message: %m");
2062 }
2063
2064 s->send_watchdog = false;
2065 log_debug("Sent WATCHDOG=1 notification.");
2066
2067 } else if (s->stdout_streams_notify_queue)
2068 /* Dispatch one stream notification event */
2069 stdout_stream_send_notify(s->stdout_streams_notify_queue);
2070
2071 /* Leave us enabled if there's still more to do. */
2072 if (s->send_watchdog || s->stdout_streams_notify_queue)
2073 return 0;
2074
2075 /* There was nothing to do anymore, let's turn ourselves off. */
2076 r = sd_event_source_set_enabled(es, SD_EVENT_OFF);
2077 if (r < 0)
2078 return log_error_errno(r, "Failed to turn off notify event source: %m");
2079
2080 return 0;
2081 }
2082
2083 static int dispatch_watchdog(sd_event_source *es, uint64_t usec, void *userdata) {
2084 Server *s = ASSERT_PTR(userdata);
2085 int r;
2086
2087 s->send_watchdog = true;
2088
2089 r = sd_event_source_set_enabled(s->notify_event_source, SD_EVENT_ON);
2090 if (r < 0)
2091 log_warning_errno(r, "Failed to turn on notify event source: %m");
2092
2093 r = sd_event_source_set_time(s->watchdog_event_source, usec + s->watchdog_usec / 2);
2094 if (r < 0)
2095 return log_error_errno(r, "Failed to restart watchdog event source: %m");
2096
2097 r = sd_event_source_set_enabled(s->watchdog_event_source, SD_EVENT_ON);
2098 if (r < 0)
2099 return log_error_errno(r, "Failed to enable watchdog event source: %m");
2100
2101 return 0;
2102 }
2103
2104 static int server_connect_notify(Server *s) {
2105 union sockaddr_union sa;
2106 socklen_t sa_len;
2107 const char *e;
2108 int r;
2109
2110 assert(s);
2111 assert(s->notify_fd < 0);
2112 assert(!s->notify_event_source);
2113
2114 /*
2115 * So here's the problem: we'd like to send notification messages to PID 1, but we cannot do that via
2116 * sd_notify(), since that's synchronous, and we might end up blocking on it. Specifically: given
2117 * that PID 1 might block on dbus-daemon during IPC, and dbus-daemon is logging to us, and might
2118 * hence block on us, we might end up in a deadlock if we block on sending PID 1 notification
2119 * messages — by generating a full blocking circle. To avoid this, let's create a non-blocking
2120 * socket, and connect it to the notification socket, and then wait for POLLOUT before we send
2121 * anything. This should efficiently avoid any deadlocks, as we'll never block on PID 1, hence PID 1
2122 * can safely block on dbus-daemon which can safely block on us again.
2123 *
2124 * Don't think that this issue is real? It is, see: https://github.com/systemd/systemd/issues/1505
2125 */
2126
2127 e = getenv("NOTIFY_SOCKET");
2128 if (!e)
2129 return 0;
2130
2131 r = sockaddr_un_set_path(&sa.un, e);
2132 if (r < 0)
2133 return log_error_errno(r, "NOTIFY_SOCKET set to invalid value '%s': %m", e);
2134 sa_len = r;
2135
2136 s->notify_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
2137 if (s->notify_fd < 0)
2138 return log_error_errno(errno, "Failed to create notify socket: %m");
2139
2140 (void) fd_inc_sndbuf(s->notify_fd, NOTIFY_SNDBUF_SIZE);
2141
2142 r = connect(s->notify_fd, &sa.sa, sa_len);
2143 if (r < 0)
2144 return log_error_errno(errno, "Failed to connect to notify socket: %m");
2145
2146 r = sd_event_add_io(s->event, &s->notify_event_source, s->notify_fd, EPOLLOUT, dispatch_notify_event, s);
2147 if (r < 0)
2148 return log_error_errno(r, "Failed to watch notification socket: %m");
2149
2150 if (sd_watchdog_enabled(false, &s->watchdog_usec) > 0) {
2151 s->send_watchdog = true;
2152
2153 r = sd_event_add_time_relative(s->event, &s->watchdog_event_source, CLOCK_MONOTONIC, s->watchdog_usec/2, s->watchdog_usec/4, dispatch_watchdog, s);
2154 if (r < 0)
2155 return log_error_errno(r, "Failed to add watchdog time event: %m");
2156 }
2157
2158 /* This should fire pretty soon, which we'll use to send the READY=1 event. */
2159
2160 return 0;
2161 }
2162
2163 static int synchronize_second_half(sd_event_source *event_source, void *userdata) {
2164 Varlink *link = ASSERT_PTR(userdata);
2165 Server *s;
2166 int r;
2167
2168 assert_se(s = varlink_get_userdata(link));
2169
2170 /* This is the "second half" of the Synchronize() varlink method. This function is called as deferred
2171 * event source at a low priority to ensure the synchronization completes after all queued log
2172 * messages are processed. */
2173 server_full_sync(s);
2174
2175 /* Let's get rid of the event source now, by marking it as non-floating again. It then has no ref
2176 * anymore and is immediately destroyed after we return from this function, i.e. from this event
2177 * source handler at the end. */
2178 r = sd_event_source_set_floating(event_source, false);
2179 if (r < 0)
2180 return log_error_errno(r, "Failed to mark event source as non-floating: %m");
2181
2182 return varlink_reply(link, NULL);
2183 }
2184
2185 static void synchronize_destroy(void *userdata) {
2186 varlink_unref(userdata);
2187 }
2188
2189 static int vl_method_synchronize(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) {
2190 _cleanup_(sd_event_source_unrefp) sd_event_source *event_source = NULL;
2191 Server *s = ASSERT_PTR(userdata);
2192 int r;
2193
2194 assert(link);
2195
2196 if (json_variant_elements(parameters) > 0)
2197 return varlink_error_invalid_parameter(link, parameters);
2198
2199 log_info("Received client request to sync journal.");
2200
2201 /* We don't do the main work now, but instead enqueue a deferred event loop job which will do
2202 * it. That job is scheduled at low priority, so that we return from this method call only after all
2203 * queued but not processed log messages are written to disk, so that this method call returning can
2204 * be used as nice synchronization point. */
2205 r = sd_event_add_defer(s->event, &event_source, synchronize_second_half, link);
2206 if (r < 0)
2207 return log_error_errno(r, "Failed to allocate defer event source: %m");
2208
2209 r = sd_event_source_set_destroy_callback(event_source, synchronize_destroy);
2210 if (r < 0)
2211 return log_error_errno(r, "Failed to set event source destroy callback: %m");
2212
2213 varlink_ref(link); /* The varlink object is now left to the destroy callback to unref */
2214
2215 r = sd_event_source_set_priority(event_source, SD_EVENT_PRIORITY_NORMAL+15);
2216 if (r < 0)
2217 return log_error_errno(r, "Failed to set defer event source priority: %m");
2218
2219 /* Give up ownership of this event source. It will now be destroyed along with event loop itself,
2220 * unless it destroys itself earlier. */
2221 r = sd_event_source_set_floating(event_source, true);
2222 if (r < 0)
2223 return log_error_errno(r, "Failed to mark event source as floating: %m");
2224
2225 (void) sd_event_source_set_description(event_source, "deferred-sync");
2226
2227 return 0;
2228 }
2229
2230 static int vl_method_rotate(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) {
2231 Server *s = ASSERT_PTR(userdata);
2232
2233 assert(link);
2234
2235 if (json_variant_elements(parameters) > 0)
2236 return varlink_error_invalid_parameter(link, parameters);
2237
2238 log_info("Received client request to rotate journal, rotating.");
2239 server_full_rotate(s);
2240
2241 return varlink_reply(link, NULL);
2242 }
2243
2244 static int vl_method_flush_to_var(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) {
2245 Server *s = ASSERT_PTR(userdata);
2246
2247 assert(link);
2248
2249 if (json_variant_elements(parameters) > 0)
2250 return varlink_error_invalid_parameter(link, parameters);
2251 if (s->namespace)
2252 return varlink_error(link, "io.systemd.Journal.NotSupportedByNamespaces", NULL);
2253
2254 log_info("Received client request to flush runtime journal.");
2255 server_full_flush(s);
2256
2257 return varlink_reply(link, NULL);
2258 }
2259
2260 static int vl_method_relinquish_var(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) {
2261 Server *s = ASSERT_PTR(userdata);
2262
2263 assert(link);
2264
2265 if (json_variant_elements(parameters) > 0)
2266 return varlink_error_invalid_parameter(link, parameters);
2267 if (s->namespace)
2268 return varlink_error(link, "io.systemd.Journal.NotSupportedByNamespaces", NULL);
2269
2270 log_info("Received client request to relinquish %s access.", s->system_storage.path);
2271 server_relinquish_var(s);
2272
2273 return varlink_reply(link, NULL);
2274 }
2275
2276 static int vl_connect(VarlinkServer *server, Varlink *link, void *userdata) {
2277 Server *s = ASSERT_PTR(userdata);
2278
2279 assert(server);
2280 assert(link);
2281
2282 (void) server_start_or_stop_idle_timer(s); /* maybe we are no longer idle */
2283
2284 return 0;
2285 }
2286
2287 static void vl_disconnect(VarlinkServer *server, Varlink *link, void *userdata) {
2288 Server *s = ASSERT_PTR(userdata);
2289
2290 assert(server);
2291 assert(link);
2292
2293 (void) server_start_or_stop_idle_timer(s); /* maybe we are idle now */
2294 }
2295
2296 static int server_open_varlink(Server *s, const char *socket, int fd) {
2297 int r;
2298
2299 assert(s);
2300
2301 r = varlink_server_new(&s->varlink_server, VARLINK_SERVER_ROOT_ONLY|VARLINK_SERVER_INHERIT_USERDATA);
2302 if (r < 0)
2303 return r;
2304
2305 varlink_server_set_userdata(s->varlink_server, s);
2306
2307 r = varlink_server_add_interface(s->varlink_server, &vl_interface_io_systemd_Journal);
2308 if (r < 0)
2309 return log_error_errno(r, "Failed to add Journal interface to varlink server: %m");
2310
2311 r = varlink_server_bind_method_many(
2312 s->varlink_server,
2313 "io.systemd.Journal.Synchronize", vl_method_synchronize,
2314 "io.systemd.Journal.Rotate", vl_method_rotate,
2315 "io.systemd.Journal.FlushToVar", vl_method_flush_to_var,
2316 "io.systemd.Journal.RelinquishVar", vl_method_relinquish_var);
2317 if (r < 0)
2318 return r;
2319
2320 r = varlink_server_bind_connect(s->varlink_server, vl_connect);
2321 if (r < 0)
2322 return r;
2323
2324 r = varlink_server_bind_disconnect(s->varlink_server, vl_disconnect);
2325 if (r < 0)
2326 return r;
2327
2328 if (fd < 0)
2329 r = varlink_server_listen_address(s->varlink_server, socket, 0600);
2330 else
2331 r = varlink_server_listen_fd(s->varlink_server, fd);
2332 if (r < 0)
2333 return r;
2334
2335 r = varlink_server_attach_event(s->varlink_server, s->event, SD_EVENT_PRIORITY_NORMAL);
2336 if (r < 0)
2337 return r;
2338
2339 return 0;
2340 }
2341
2342 int server_map_seqnum_file(
2343 Server *s,
2344 const char *fname,
2345 size_t size,
2346 void **ret) {
2347
2348 _cleanup_free_ char *fn = NULL;
2349 _cleanup_close_ int fd = -EBADF;
2350 uint64_t *p;
2351 int r;
2352
2353 assert(s);
2354 assert(fname);
2355 assert(size > 0);
2356 assert(ret);
2357
2358 fn = path_join(s->runtime_directory, fname);
2359 if (!fn)
2360 return -ENOMEM;
2361
2362 fd = open(fn, O_RDWR|O_CREAT|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0644);
2363 if (fd < 0)
2364 return -errno;
2365
2366 r = posix_fallocate_loop(fd, 0, size);
2367 if (r < 0)
2368 return r;
2369
2370 p = mmap(NULL, size, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
2371 if (p == MAP_FAILED)
2372 return -errno;
2373
2374 *ret = p;
2375 return 0;
2376 }
2377
2378 void server_unmap_seqnum_file(void *p, size_t size) {
2379 assert(size > 0);
2380
2381 if (!p)
2382 return;
2383
2384 assert_se(munmap(p, size) >= 0);
2385 }
2386
2387 static bool server_is_idle(Server *s) {
2388 assert(s);
2389
2390 /* The server for the main namespace is never idle */
2391 if (!s->namespace)
2392 return false;
2393
2394 /* If a retention maximum is set larger than the idle time we need to be running to enforce it, hence
2395 * turn off the idle logic. */
2396 if (s->max_retention_usec > IDLE_TIMEOUT_USEC)
2397 return false;
2398
2399 /* We aren't idle if we have a varlink client */
2400 if (varlink_server_current_connections(s->varlink_server) > 0)
2401 return false;
2402
2403 /* If we have stdout streams we aren't idle */
2404 if (s->n_stdout_streams > 0)
2405 return false;
2406
2407 return true;
2408 }
2409
2410 static int server_idle_handler(sd_event_source *source, uint64_t usec, void *userdata) {
2411 Server *s = ASSERT_PTR(userdata);
2412
2413 assert(source);
2414
2415 log_debug("Server is idle, exiting.");
2416 sd_event_exit(s->event, 0);
2417 return 0;
2418 }
2419
2420 int server_start_or_stop_idle_timer(Server *s) {
2421 _cleanup_(sd_event_source_unrefp) sd_event_source *source = NULL;
2422 int r;
2423
2424 assert(s);
2425
2426 if (!server_is_idle(s)) {
2427 s->idle_event_source = sd_event_source_disable_unref(s->idle_event_source);
2428 return 0;
2429 }
2430
2431 if (s->idle_event_source)
2432 return 1;
2433
2434 r = sd_event_add_time_relative(s->event, &source, CLOCK_MONOTONIC, IDLE_TIMEOUT_USEC, 0, server_idle_handler, s);
2435 if (r < 0)
2436 return log_error_errno(r, "Failed to allocate idle timer: %m");
2437
2438 r = sd_event_source_set_priority(source, SD_EVENT_PRIORITY_IDLE);
2439 if (r < 0)
2440 return log_error_errno(r, "Failed to set idle timer priority: %m");
2441
2442 (void) sd_event_source_set_description(source, "idle-timer");
2443
2444 s->idle_event_source = TAKE_PTR(source);
2445 return 1;
2446 }
2447
2448 int server_refresh_idle_timer(Server *s) {
2449 int r;
2450
2451 assert(s);
2452
2453 if (!s->idle_event_source)
2454 return 0;
2455
2456 r = sd_event_source_set_time_relative(s->idle_event_source, IDLE_TIMEOUT_USEC);
2457 if (r < 0)
2458 return log_error_errno(r, "Failed to refresh idle timer: %m");
2459
2460 return 1;
2461 }
2462
2463 static int server_set_namespace(Server *s, const char *namespace) {
2464 assert(s);
2465
2466 if (!namespace)
2467 return 0;
2468
2469 if (!log_namespace_name_valid(namespace))
2470 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Specified namespace name not valid, refusing: %s", namespace);
2471
2472 s->namespace = strdup(namespace);
2473 if (!s->namespace)
2474 return log_oom();
2475
2476 s->namespace_field = strjoin("_NAMESPACE=", namespace);
2477 if (!s->namespace_field)
2478 return log_oom();
2479
2480 return 1;
2481 }
2482
2483 static int server_memory_pressure(sd_event_source *es, void *userdata) {
2484 Server *s = ASSERT_PTR(userdata);
2485
2486 log_info("Under memory pressure, flushing caches.");
2487
2488 /* Flushed the cached info we might have about client processes */
2489 client_context_flush_regular(s);
2490
2491 /* Let's also close all user files (but keep the system/runtime one open) */
2492 for (;;) {
2493 JournalFile *first = ordered_hashmap_steal_first(s->user_journals);
2494
2495 if (!first)
2496 break;
2497
2498 (void) journal_file_offline_close(first);
2499 }
2500
2501 sd_event_trim_memory();
2502
2503 return 0;
2504 }
2505
2506 static int server_setup_memory_pressure(Server *s) {
2507 int r;
2508
2509 assert(s);
2510
2511 r = sd_event_add_memory_pressure(s->event, NULL, server_memory_pressure, s);
2512 if (r < 0)
2513 log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) || ERRNO_IS_PRIVILEGE(r) || (r == -EHOSTDOWN) ? LOG_DEBUG : LOG_NOTICE, r,
2514 "Failed to install memory pressure event source, ignoring: %m");
2515
2516 return 0;
2517 }
2518
2519 static void server_load_credentials(Server *s) {
2520 _cleanup_free_ void *data = NULL;
2521 int r;
2522
2523 assert(s);
2524
2525 r = read_credential("journal.forward_to_socket", &data, NULL);
2526 if (r < 0)
2527 log_debug_errno(r, "Failed to read credential journal.forward_to_socket, ignoring: %m");
2528 else {
2529 r = socket_address_parse(&s->forward_to_socket, data);
2530 if (r < 0)
2531 log_debug_errno(r, "Failed to parse socket address '%s' from credential journal.forward_to_socket, ignoring: %m", (char *) data);
2532 }
2533
2534 data = mfree(data);
2535
2536 r = read_credential("journal.storage", &data, NULL);
2537 if (r < 0)
2538 log_debug_errno(r, "Failed to read credential journal.storage, ignoring: %m");
2539 else {
2540 r = storage_from_string(data);
2541 if (r < 0)
2542 log_debug_errno(r, "Failed to parse storage '%s' from credential journal.storage, ignoring: %m", (char *) data);
2543 else
2544 s->storage = r;
2545 }
2546 }
2547
2548 int server_new(Server **ret) {
2549 _cleanup_(server_freep) Server *s = NULL;
2550
2551 assert(ret);
2552
2553 s = new(Server, 1);
2554 if (!s)
2555 return -ENOMEM;
2556
2557 *s = (Server) {
2558 .syslog_fd = -EBADF,
2559 .native_fd = -EBADF,
2560 .stdout_fd = -EBADF,
2561 .dev_kmsg_fd = -EBADF,
2562 .audit_fd = -EBADF,
2563 .hostname_fd = -EBADF,
2564 .notify_fd = -EBADF,
2565 .forward_socket_fd = -EBADF,
2566
2567 .compress.enabled = true,
2568 .compress.threshold_bytes = UINT64_MAX,
2569 .seal = true,
2570
2571 .set_audit = true,
2572
2573 .watchdog_usec = USEC_INFINITY,
2574
2575 .sync_interval_usec = DEFAULT_SYNC_INTERVAL_USEC,
2576 .sync_scheduled = false,
2577
2578 .ratelimit_interval = DEFAULT_RATE_LIMIT_INTERVAL,
2579 .ratelimit_burst = DEFAULT_RATE_LIMIT_BURST,
2580
2581 .forward_to_wall = true,
2582 .forward_to_socket = { .sockaddr.sa.sa_family = AF_UNSPEC },
2583
2584 .max_file_usec = DEFAULT_MAX_FILE_USEC,
2585
2586 .max_level_store = LOG_DEBUG,
2587 .max_level_syslog = LOG_DEBUG,
2588 .max_level_kmsg = LOG_NOTICE,
2589 .max_level_console = LOG_INFO,
2590 .max_level_wall = LOG_EMERG,
2591 .max_level_socket = LOG_DEBUG,
2592
2593 .line_max = DEFAULT_LINE_MAX,
2594
2595 .runtime_storage.name = "Runtime Journal",
2596 .system_storage.name = "System Journal",
2597
2598 .kmsg_own_ratelimit = {
2599 .interval = DEFAULT_KMSG_OWN_INTERVAL,
2600 .burst = DEFAULT_KMSG_OWN_BURST,
2601 },
2602
2603 .sigrtmin18_info.memory_pressure_handler = server_memory_pressure,
2604 .sigrtmin18_info.memory_pressure_userdata = s,
2605 };
2606
2607 *ret = TAKE_PTR(s);
2608 return 0;
2609 }
2610
2611 int server_init(Server *s, const char *namespace) {
2612 const char *native_socket, *syslog_socket, *stdout_socket, *varlink_socket, *e;
2613 _cleanup_fdset_free_ FDSet *fds = NULL;
2614 int n, r, varlink_fd = -EBADF;
2615 bool no_sockets;
2616
2617 assert(s);
2618
2619 r = server_set_namespace(s, namespace);
2620 if (r < 0)
2621 return r;
2622
2623 /* By default, only read from /dev/kmsg if are the main namespace */
2624 s->read_kmsg = !s->namespace;
2625 s->storage = s->namespace ? STORAGE_PERSISTENT : STORAGE_AUTO;
2626
2627 journal_reset_metrics(&s->system_storage.metrics);
2628 journal_reset_metrics(&s->runtime_storage.metrics);
2629
2630 server_load_credentials(s);
2631 server_parse_config_file(s);
2632
2633 if (!s->namespace) {
2634 /* Parse kernel command line, but only if we are not a namespace instance */
2635 r = proc_cmdline_parse(parse_proc_cmdline_item, s, PROC_CMDLINE_STRIP_RD_PREFIX);
2636 if (r < 0)
2637 log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
2638 }
2639
2640 if (!!s->ratelimit_interval != !!s->ratelimit_burst) { /* One set to 0 and the other not? */
2641 log_debug("Setting both rate limit interval and burst from "USEC_FMT",%u to 0,0",
2642 s->ratelimit_interval, s->ratelimit_burst);
2643 s->ratelimit_interval = s->ratelimit_burst = 0;
2644 }
2645
2646 e = getenv("RUNTIME_DIRECTORY");
2647 if (e)
2648 s->runtime_directory = strdup(e);
2649 else if (s->namespace)
2650 s->runtime_directory = strjoin("/run/systemd/journal.", s->namespace);
2651 else
2652 s->runtime_directory = strdup("/run/systemd/journal");
2653 if (!s->runtime_directory)
2654 return log_oom();
2655
2656 (void) mkdir_p(s->runtime_directory, 0755);
2657
2658 s->user_journals = ordered_hashmap_new(NULL);
2659 if (!s->user_journals)
2660 return log_oom();
2661
2662 s->mmap = mmap_cache_new();
2663 if (!s->mmap)
2664 return log_oom();
2665
2666 s->deferred_closes = set_new(NULL);
2667 if (!s->deferred_closes)
2668 return log_oom();
2669
2670 r = sd_event_default(&s->event);
2671 if (r < 0)
2672 return log_error_errno(r, "Failed to create event loop: %m");
2673
2674 n = sd_listen_fds(true);
2675 if (n < 0)
2676 return log_error_errno(n, "Failed to read listening file descriptors from environment: %m");
2677
2678 native_socket = strjoina(s->runtime_directory, "/socket");
2679 stdout_socket = strjoina(s->runtime_directory, "/stdout");
2680 syslog_socket = strjoina(s->runtime_directory, "/dev-log");
2681 varlink_socket = strjoina(s->runtime_directory, "/io.systemd.journal");
2682
2683 for (int fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++)
2684
2685 if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, native_socket, 0) > 0) {
2686
2687 if (s->native_fd >= 0)
2688 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
2689 "Too many native sockets passed.");
2690
2691 s->native_fd = fd;
2692
2693 } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, stdout_socket, 0) > 0) {
2694
2695 if (s->stdout_fd >= 0)
2696 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
2697 "Too many stdout sockets passed.");
2698
2699 s->stdout_fd = fd;
2700
2701 } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, syslog_socket, 0) > 0) {
2702
2703 if (s->syslog_fd >= 0)
2704 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
2705 "Too many /dev/log sockets passed.");
2706
2707 s->syslog_fd = fd;
2708
2709 } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, varlink_socket, 0) > 0) {
2710
2711 if (varlink_fd >= 0)
2712 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
2713 "Too many varlink sockets passed.");
2714
2715 varlink_fd = fd;
2716 } else if (sd_is_socket(fd, AF_NETLINK, SOCK_RAW, -1) > 0) {
2717
2718 if (s->audit_fd >= 0)
2719 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
2720 "Too many audit sockets passed.");
2721
2722 s->audit_fd = fd;
2723
2724 } else {
2725
2726 if (!fds) {
2727 fds = fdset_new();
2728 if (!fds)
2729 return log_oom();
2730 }
2731
2732 r = fdset_put(fds, fd);
2733 if (r < 0)
2734 return log_oom();
2735 }
2736
2737 /* Try to restore streams, but don't bother if this fails */
2738 (void) server_restore_streams(s, fds);
2739
2740 if (!fdset_isempty(fds)) {
2741 log_warning("%u unknown file descriptors passed, closing.", fdset_size(fds));
2742 fds = fdset_free(fds);
2743 }
2744
2745 no_sockets = s->native_fd < 0 && s->stdout_fd < 0 && s->syslog_fd < 0 && s->audit_fd < 0 && varlink_fd < 0;
2746
2747 /* always open stdout, syslog, native, and kmsg sockets */
2748
2749 /* systemd-journald.socket: /run/systemd/journal/stdout */
2750 r = server_open_stdout_socket(s, stdout_socket);
2751 if (r < 0)
2752 return r;
2753
2754 /* systemd-journald-dev-log.socket: /run/systemd/journal/dev-log */
2755 r = server_open_syslog_socket(s, syslog_socket);
2756 if (r < 0)
2757 return r;
2758
2759 /* systemd-journald.socket: /run/systemd/journal/socket */
2760 r = server_open_native_socket(s, native_socket);
2761 if (r < 0)
2762 return r;
2763
2764 /* /dev/kmsg */
2765 r = server_open_dev_kmsg(s);
2766 if (r < 0)
2767 return r;
2768
2769 /* Unless we got *some* sockets and not audit, open audit socket */
2770 if (s->audit_fd >= 0 || no_sockets) {
2771 log_info("Collecting audit messages is enabled.");
2772
2773 r = server_open_audit(s);
2774 if (r < 0)
2775 return r;
2776 } else
2777 log_info("Collecting audit messages is disabled.");
2778
2779 r = server_open_varlink(s, varlink_socket, varlink_fd);
2780 if (r < 0)
2781 return r;
2782
2783 r = server_map_seqnum_file(s, "seqnum", sizeof(SeqnumData), (void**) &s->seqnum);
2784 if (r < 0)
2785 return log_error_errno(r, "Failed to map main seqnum file: %m");
2786
2787 r = server_open_kernel_seqnum(s);
2788 if (r < 0)
2789 return r;
2790
2791 r = server_open_hostname(s);
2792 if (r < 0)
2793 return r;
2794
2795 r = server_setup_signals(s);
2796 if (r < 0)
2797 return r;
2798
2799 r = server_setup_memory_pressure(s);
2800 if (r < 0)
2801 return r;
2802
2803 s->ratelimit = journal_ratelimit_new();
2804 if (!s->ratelimit)
2805 return log_oom();
2806
2807 r = cg_get_root_path(&s->cgroup_root);
2808 if (r < 0)
2809 return log_error_errno(r, "Failed to acquire cgroup root path: %m");
2810
2811 server_cache_hostname(s);
2812 server_cache_boot_id(s);
2813 server_cache_machine_id(s);
2814
2815 if (s->namespace)
2816 s->runtime_storage.path = strjoin("/run/log/journal/", SERVER_MACHINE_ID(s), ".", s->namespace);
2817 else
2818 s->runtime_storage.path = strjoin("/run/log/journal/", SERVER_MACHINE_ID(s));
2819 if (!s->runtime_storage.path)
2820 return log_oom();
2821
2822 e = getenv("LOGS_DIRECTORY");
2823 if (e)
2824 s->system_storage.path = strdup(e);
2825 else if (s->namespace)
2826 s->system_storage.path = strjoin("/var/log/journal/", SERVER_MACHINE_ID(s), ".", s->namespace);
2827 else
2828 s->system_storage.path = strjoin("/var/log/journal/", SERVER_MACHINE_ID(s));
2829 if (!s->system_storage.path)
2830 return log_oom();
2831
2832 (void) server_connect_notify(s);
2833
2834 (void) client_context_acquire_default(s);
2835
2836 r = server_system_journal_open(s, /* flush_requested= */ false, /* relinquish_requested= */ false);
2837 if (r < 0)
2838 return r;
2839
2840 server_start_or_stop_idle_timer(s);
2841
2842 return 0;
2843 }
2844
2845 void server_maybe_append_tags(Server *s) {
2846 #if HAVE_GCRYPT
2847 JournalFile *f;
2848 usec_t n;
2849
2850 n = now(CLOCK_REALTIME);
2851
2852 if (s->system_journal)
2853 journal_file_maybe_append_tag(s->system_journal, n);
2854
2855 ORDERED_HASHMAP_FOREACH(f, s->user_journals)
2856 journal_file_maybe_append_tag(f, n);
2857 #endif
2858 }
2859
2860 Server* server_free(Server *s) {
2861 if (!s)
2862 return NULL;
2863
2864 free(s->namespace);
2865 free(s->namespace_field);
2866
2867 set_free_with_destructor(s->deferred_closes, journal_file_offline_close);
2868
2869 while (s->stdout_streams)
2870 stdout_stream_free(s->stdout_streams);
2871
2872 client_context_flush_all(s);
2873
2874 (void) journal_file_offline_close(s->system_journal);
2875 (void) journal_file_offline_close(s->runtime_journal);
2876
2877 ordered_hashmap_free_with_destructor(s->user_journals, journal_file_offline_close);
2878
2879 varlink_server_unref(s->varlink_server);
2880
2881 sd_event_source_unref(s->syslog_event_source);
2882 sd_event_source_unref(s->native_event_source);
2883 sd_event_source_unref(s->stdout_event_source);
2884 sd_event_source_unref(s->dev_kmsg_event_source);
2885 sd_event_source_unref(s->audit_event_source);
2886 sd_event_source_unref(s->sync_event_source);
2887 sd_event_source_unref(s->sigusr1_event_source);
2888 sd_event_source_unref(s->sigusr2_event_source);
2889 sd_event_source_unref(s->sigterm_event_source);
2890 sd_event_source_unref(s->sigint_event_source);
2891 sd_event_source_unref(s->sigrtmin1_event_source);
2892 sd_event_source_unref(s->hostname_event_source);
2893 sd_event_source_unref(s->notify_event_source);
2894 sd_event_source_unref(s->watchdog_event_source);
2895 sd_event_source_unref(s->idle_event_source);
2896 sd_event_unref(s->event);
2897
2898 safe_close(s->syslog_fd);
2899 safe_close(s->native_fd);
2900 safe_close(s->stdout_fd);
2901 safe_close(s->dev_kmsg_fd);
2902 safe_close(s->audit_fd);
2903 safe_close(s->hostname_fd);
2904 safe_close(s->notify_fd);
2905 safe_close(s->forward_socket_fd);
2906
2907 if (s->ratelimit)
2908 journal_ratelimit_free(s->ratelimit);
2909
2910 server_unmap_seqnum_file(s->seqnum, sizeof(*s->seqnum));
2911 server_unmap_seqnum_file(s->kernel_seqnum, sizeof(*s->kernel_seqnum));
2912
2913 free(s->buffer);
2914 free(s->tty_path);
2915 free(s->cgroup_root);
2916 free(s->hostname_field);
2917 free(s->runtime_storage.path);
2918 free(s->system_storage.path);
2919 free(s->runtime_directory);
2920
2921 mmap_cache_unref(s->mmap);
2922
2923 return mfree(s);
2924 }
2925
2926 static const char* const storage_table[_STORAGE_MAX] = {
2927 [STORAGE_AUTO] = "auto",
2928 [STORAGE_VOLATILE] = "volatile",
2929 [STORAGE_PERSISTENT] = "persistent",
2930 [STORAGE_NONE] = "none"
2931 };
2932
2933 DEFINE_STRING_TABLE_LOOKUP(storage, Storage);
2934 DEFINE_CONFIG_PARSE_ENUM(config_parse_storage, storage, Storage, "Failed to parse storage setting");
2935
2936 static const char* const split_mode_table[_SPLIT_MAX] = {
2937 [SPLIT_LOGIN] = "login",
2938 [SPLIT_UID] = "uid",
2939 [SPLIT_NONE] = "none",
2940 };
2941
2942 DEFINE_STRING_TABLE_LOOKUP(split_mode, SplitMode);
2943 DEFINE_CONFIG_PARSE_ENUM(config_parse_split_mode, split_mode, SplitMode, "Failed to parse split mode setting");
2944
2945 int config_parse_line_max(
2946 const char* unit,
2947 const char *filename,
2948 unsigned line,
2949 const char *section,
2950 unsigned section_line,
2951 const char *lvalue,
2952 int ltype,
2953 const char *rvalue,
2954 void *data,
2955 void *userdata) {
2956
2957 size_t *sz = ASSERT_PTR(data);
2958 int r;
2959
2960 assert(filename);
2961 assert(lvalue);
2962 assert(rvalue);
2963
2964 if (isempty(rvalue))
2965 /* Empty assignment means default */
2966 *sz = DEFAULT_LINE_MAX;
2967 else {
2968 uint64_t v;
2969
2970 r = parse_size(rvalue, 1024, &v);
2971 if (r < 0) {
2972 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse LineMax= value, ignoring: %s", rvalue);
2973 return 0;
2974 }
2975
2976 if (v < 79) {
2977 /* Why specify 79 here as minimum line length? Simply, because the most common traditional
2978 * terminal size is 80ch, and it might make sense to break one character before the natural
2979 * line break would occur on that. */
2980 log_syntax(unit, LOG_WARNING, filename, line, 0, "LineMax= too small, clamping to 79: %s", rvalue);
2981 *sz = 79;
2982 } else if (v > (uint64_t) (SSIZE_MAX-1)) {
2983 /* So, why specify SSIZE_MAX-1 here? Because that's one below the largest size value read()
2984 * can return, and we need one extra byte for the trailing NUL byte. Of course IRL such large
2985 * memory allocations will fail anyway, hence this limit is mostly theoretical anyway, as we'll
2986 * fail much earlier anyway. */
2987 log_syntax(unit, LOG_WARNING, filename, line, 0, "LineMax= too large, clamping to %" PRIu64 ": %s", (uint64_t) (SSIZE_MAX-1), rvalue);
2988 *sz = SSIZE_MAX-1;
2989 } else
2990 *sz = (size_t) v;
2991 }
2992
2993 return 0;
2994 }
2995
2996 int config_parse_compress(
2997 const char* unit,
2998 const char *filename,
2999 unsigned line,
3000 const char *section,
3001 unsigned section_line,
3002 const char *lvalue,
3003 int ltype,
3004 const char *rvalue,
3005 void *data,
3006 void *userdata) {
3007
3008 JournalCompressOptions* compress = ASSERT_PTR(data);
3009 int r;
3010
3011 assert(unit);
3012 assert(filename);
3013 assert(rvalue);
3014
3015 if (isempty(rvalue)) {
3016 compress->enabled = true;
3017 compress->threshold_bytes = UINT64_MAX;
3018 } else if (streq(rvalue, "1")) {
3019 log_syntax(unit, LOG_WARNING, filename, line, 0,
3020 "Compress= ambiguously specified as 1, enabling compression with default threshold");
3021 compress->enabled = true;
3022 } else if (streq(rvalue, "0")) {
3023 log_syntax(unit, LOG_WARNING, filename, line, 0,
3024 "Compress= ambiguously specified as 0, disabling compression");
3025 compress->enabled = false;
3026 } else {
3027 r = parse_boolean(rvalue);
3028 if (r < 0) {
3029 r = parse_size(rvalue, 1024, &compress->threshold_bytes);
3030 if (r < 0)
3031 log_syntax(unit, LOG_WARNING, filename, line, r,
3032 "Failed to parse Compress= value, ignoring: %s", rvalue);
3033 else
3034 compress->enabled = true;
3035 } else
3036 compress->enabled = r;
3037 }
3038
3039 return 0;
3040 }
3041
3042 int config_parse_forward_to_socket(
3043 const char* unit,
3044 const char *filename,
3045 unsigned line,
3046 const char *section,
3047 unsigned section_line,
3048 const char *lvalue,
3049 int ltype,
3050 const char *rvalue,
3051 void *data,
3052 void *userdata) {
3053
3054 SocketAddress* addr = ASSERT_PTR(data);
3055 int r;
3056
3057 assert(unit);
3058 assert(filename);
3059 assert(rvalue);
3060
3061 if (isempty(rvalue))
3062 *addr = (SocketAddress) { .sockaddr.sa.sa_family = AF_UNSPEC };
3063 else {
3064 r = socket_address_parse(addr, rvalue);
3065 if (r < 0)
3066 log_syntax(unit, LOG_WARNING, filename, line, r,
3067 "Failed to parse ForwardToSocket= value, ignoring: %s", rvalue);
3068 }
3069
3070 return 0;
3071 }
Unnamed repository; edit this file 'description' to name the repository.