]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/journal/journald-server.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
journald: add support for wall forwarding
[thirdparty/systemd.git] / src / journal / journald-server.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2011 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <sys/signalfd.h>
23 #include <sys/ioctl.h>
24 #include <linux/sockios.h>
25 #include <sys/statvfs.h>
26 #include <sys/mman.h>
27 #include <sys/timerfd.h>
28
29 #include <libudev.h>
30
31 #include "sd-journal.h"
32 #include "sd-messages.h"
33 #include "sd-daemon.h"
34 #include "fileio.h"
35 #include "mkdir.h"
36 #include "hashmap.h"
37 #include "journal-file.h"
38 #include "socket-util.h"
39 #include "cgroup-util.h"
40 #include "list.h"
41 #include "missing.h"
42 #include "conf-parser.h"
43 #include "selinux-util.h"
44 #include "journal-internal.h"
45 #include "journal-vacuum.h"
46 #include "journal-authenticate.h"
47 #include "journald-rate-limit.h"
48 #include "journald-kmsg.h"
49 #include "journald-syslog.h"
50 #include "journald-stream.h"
51 #include "journald-console.h"
52 #include "journald-native.h"
53 #include "journald-server.h"
54
55 #ifdef HAVE_ACL
56 #include <sys/acl.h>
57 #include <acl/libacl.h>
58 #include "acl-util.h"
59 #endif
60
61 #ifdef HAVE_SELINUX
62 #include <selinux/selinux.h>
63 #endif
64
65 #define USER_JOURNALS_MAX 1024
66
67 #define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
68 #define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC)
69 #define DEFAULT_RATE_LIMIT_BURST 1000
70
71 #define RECHECK_AVAILABLE_SPACE_USEC (30*USEC_PER_SEC)
72
73 static const char* const storage_table[_STORAGE_MAX] = {
74 [STORAGE_AUTO] = "auto",
75 [STORAGE_VOLATILE] = "volatile",
76 [STORAGE_PERSISTENT] = "persistent",
77 [STORAGE_NONE] = "none"
78 };
79
80 DEFINE_STRING_TABLE_LOOKUP(storage, Storage);
81 DEFINE_CONFIG_PARSE_ENUM(config_parse_storage, storage, Storage, "Failed to parse storage setting");
82
83 static const char* const split_mode_table[_SPLIT_MAX] = {
84 [SPLIT_LOGIN] = "login",
85 [SPLIT_UID] = "uid",
86 [SPLIT_NONE] = "none",
87 };
88
89 DEFINE_STRING_TABLE_LOOKUP(split_mode, SplitMode);
90 DEFINE_CONFIG_PARSE_ENUM(config_parse_split_mode, split_mode, SplitMode, "Failed to parse split mode setting");
91
92 static uint64_t available_space(Server *s, bool verbose) {
93 char ids[33];
94 _cleanup_free_ char *p = NULL;
95 sd_id128_t machine;
96 struct statvfs ss;
97 uint64_t sum = 0, ss_avail = 0, avail = 0;
98 int r;
99 _cleanup_closedir_ DIR *d = NULL;
100 usec_t ts;
101 const char *f;
102 JournalMetrics *m;
103
104 ts = now(CLOCK_MONOTONIC);
105
106 if (s->cached_available_space_timestamp + RECHECK_AVAILABLE_SPACE_USEC > ts
107 && !verbose)
108 return s->cached_available_space;
109
110 r = sd_id128_get_machine(&machine);
111 if (r < 0)
112 return 0;
113
114 if (s->system_journal) {
115 f = "/var/log/journal/";
116 m = &s->system_metrics;
117 } else {
118 f = "/run/log/journal/";
119 m = &s->runtime_metrics;
120 }
121
122 assert(m);
123
124 p = strappend(f, sd_id128_to_string(machine, ids));
125 if (!p)
126 return 0;
127
128 d = opendir(p);
129 if (!d)
130 return 0;
131
132 if (fstatvfs(dirfd(d), &ss) < 0)
133 return 0;
134
135 for (;;) {
136 struct stat st;
137 struct dirent *de;
138
139 errno = 0;
140 de = readdir(d);
141 if (!de && errno != 0)
142 return 0;
143
144 if (!de)
145 break;
146
147 if (!endswith(de->d_name, ".journal") &&
148 !endswith(de->d_name, ".journal~"))
149 continue;
150
151 if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0)
152 continue;
153
154 if (!S_ISREG(st.st_mode))
155 continue;
156
157 sum += (uint64_t) st.st_blocks * 512UL;
158 }
159
160 ss_avail = ss.f_bsize * ss.f_bavail;
161
162 /* If we reached a high mark, we will always allow this much
163 * again, unless usage goes above max_use. This watermark
164 * value is cached so that we don't give up space on pressure,
165 * but hover below the maximum usage. */
166
167 if (m->use < sum)
168 m->use = sum;
169
170 avail = LESS_BY(ss_avail, m->keep_free);
171
172 s->cached_available_space = LESS_BY(MIN(m->max_use, avail), sum);
173 s->cached_available_space_timestamp = ts;
174
175 if (verbose) {
176 char fb1[FORMAT_BYTES_MAX], fb2[FORMAT_BYTES_MAX], fb3[FORMAT_BYTES_MAX],
177 fb4[FORMAT_BYTES_MAX], fb5[FORMAT_BYTES_MAX];
178
179 server_driver_message(s, SD_MESSAGE_JOURNAL_USAGE,
180 "%s journal is using %s (max allowed %s, "
181 "trying to leave %s free of %s available → current limit %s).",
182 s->system_journal ? "Permanent" : "Runtime",
183 format_bytes(fb1, sizeof(fb1), sum),
184 format_bytes(fb2, sizeof(fb2), m->max_use),
185 format_bytes(fb3, sizeof(fb3), m->keep_free),
186 format_bytes(fb4, sizeof(fb4), ss_avail),
187 format_bytes(fb5, sizeof(fb5), s->cached_available_space + sum));
188 }
189
190 return s->cached_available_space;
191 }
192
193 void server_fix_perms(Server *s, JournalFile *f, uid_t uid) {
194 int r;
195 #ifdef HAVE_ACL
196 acl_t acl;
197 acl_entry_t entry;
198 acl_permset_t permset;
199 #endif
200
201 assert(f);
202
203 r = fchmod(f->fd, 0640);
204 if (r < 0)
205 log_warning("Failed to fix access mode on %s, ignoring: %s", f->path, strerror(-r));
206
207 #ifdef HAVE_ACL
208 if (uid <= 0)
209 return;
210
211 acl = acl_get_fd(f->fd);
212 if (!acl) {
213 log_warning("Failed to read ACL on %s, ignoring: %m", f->path);
214 return;
215 }
216
217 r = acl_find_uid(acl, uid, &entry);
218 if (r <= 0) {
219
220 if (acl_create_entry(&acl, &entry) < 0 ||
221 acl_set_tag_type(entry, ACL_USER) < 0 ||
222 acl_set_qualifier(entry, &uid) < 0) {
223 log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
224 goto finish;
225 }
226 }
227
228 /* We do not recalculate the mask unconditionally here,
229 * so that the fchmod() mask above stays intact. */
230 if (acl_get_permset(entry, &permset) < 0 ||
231 acl_add_perm(permset, ACL_READ) < 0 ||
232 calc_acl_mask_if_needed(&acl) < 0) {
233 log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
234 goto finish;
235 }
236
237 if (acl_set_fd(f->fd, acl) < 0)
238 log_warning("Failed to set ACL on %s, ignoring: %m", f->path);
239
240 finish:
241 acl_free(acl);
242 #endif
243 }
244
245 static JournalFile* find_journal(Server *s, uid_t uid) {
246 _cleanup_free_ char *p = NULL;
247 int r;
248 JournalFile *f;
249 sd_id128_t machine;
250
251 assert(s);
252
253 /* We split up user logs only on /var, not on /run. If the
254 * runtime file is open, we write to it exclusively, in order
255 * to guarantee proper order as soon as we flush /run to
256 * /var and close the runtime file. */
257
258 if (s->runtime_journal)
259 return s->runtime_journal;
260
261 if (uid <= 0)
262 return s->system_journal;
263
264 r = sd_id128_get_machine(&machine);
265 if (r < 0)
266 return s->system_journal;
267
268 f = hashmap_get(s->user_journals, UINT32_TO_PTR(uid));
269 if (f)
270 return f;
271
272 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/user-%lu.journal",
273 SD_ID128_FORMAT_VAL(machine), (unsigned long) uid) < 0)
274 return s->system_journal;
275
276 while (hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
277 /* Too many open? Then let's close one */
278 f = hashmap_steal_first(s->user_journals);
279 assert(f);
280 journal_file_close(f);
281 }
282
283 r = journal_file_open_reliably(p, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &f);
284 if (r < 0)
285 return s->system_journal;
286
287 server_fix_perms(s, f, uid);
288
289 r = hashmap_put(s->user_journals, UINT32_TO_PTR(uid), f);
290 if (r < 0) {
291 journal_file_close(f);
292 return s->system_journal;
293 }
294
295 return f;
296 }
297
298 void server_rotate(Server *s) {
299 JournalFile *f;
300 void *k;
301 Iterator i;
302 int r;
303
304 log_debug("Rotating...");
305
306 if (s->runtime_journal) {
307 r = journal_file_rotate(&s->runtime_journal, s->compress, false);
308 if (r < 0)
309 if (s->runtime_journal)
310 log_error("Failed to rotate %s: %s", s->runtime_journal->path, strerror(-r));
311 else
312 log_error("Failed to create new runtime journal: %s", strerror(-r));
313 else
314 server_fix_perms(s, s->runtime_journal, 0);
315 }
316
317 if (s->system_journal) {
318 r = journal_file_rotate(&s->system_journal, s->compress, s->seal);
319 if (r < 0)
320 if (s->system_journal)
321 log_error("Failed to rotate %s: %s", s->system_journal->path, strerror(-r));
322 else
323 log_error("Failed to create new system journal: %s", strerror(-r));
324
325 else
326 server_fix_perms(s, s->system_journal, 0);
327 }
328
329 HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
330 r = journal_file_rotate(&f, s->compress, s->seal);
331 if (r < 0)
332 if (f)
333 log_error("Failed to rotate %s: %s", f->path, strerror(-r));
334 else {
335 log_error("Failed to create user journal: %s", strerror(-r));
336 hashmap_remove(s->user_journals, k);
337 }
338 else {
339 hashmap_replace(s->user_journals, k, f);
340 server_fix_perms(s, f, PTR_TO_UINT32(k));
341 }
342 }
343 }
344
345 void server_sync(Server *s) {
346 JournalFile *f;
347 void *k;
348 Iterator i;
349 int r;
350
351 if (s->system_journal) {
352 r = journal_file_set_offline(s->system_journal);
353 if (r < 0)
354 log_error("Failed to sync system journal: %s", strerror(-r));
355 }
356
357 HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
358 r = journal_file_set_offline(f);
359 if (r < 0)
360 log_error("Failed to sync user journal: %s", strerror(-r));
361 }
362
363 if (s->sync_event_source) {
364 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_OFF);
365 if (r < 0)
366 log_error("Failed to disable sync timer source: %s", strerror(-r));
367 }
368
369 s->sync_scheduled = false;
370 }
371
372 void server_vacuum(Server *s) {
373 char ids[33];
374 sd_id128_t machine;
375 int r;
376
377 log_debug("Vacuuming...");
378
379 s->oldest_file_usec = 0;
380
381 r = sd_id128_get_machine(&machine);
382 if (r < 0) {
383 log_error("Failed to get machine ID: %s", strerror(-r));
384 return;
385 }
386
387 sd_id128_to_string(machine, ids);
388
389 if (s->system_journal) {
390 char *p = strappenda("/var/log/journal/", ids);
391
392 r = journal_directory_vacuum(p, s->system_metrics.max_use, s->max_retention_usec, &s->oldest_file_usec);
393 if (r < 0 && r != -ENOENT)
394 log_error("Failed to vacuum %s: %s", p, strerror(-r));
395 }
396
397 if (s->runtime_journal) {
398 char *p = strappenda("/run/log/journal/", ids);
399
400 r = journal_directory_vacuum(p, s->runtime_metrics.max_use, s->max_retention_usec, &s->oldest_file_usec);
401 if (r < 0 && r != -ENOENT)
402 log_error("Failed to vacuum %s: %s", p, strerror(-r));
403 }
404
405 s->cached_available_space_timestamp = 0;
406 }
407
408 static void server_cache_machine_id(Server *s) {
409 sd_id128_t id;
410 int r;
411
412 assert(s);
413
414 r = sd_id128_get_machine(&id);
415 if (r < 0)
416 return;
417
418 sd_id128_to_string(id, stpcpy(s->machine_id_field, "_MACHINE_ID="));
419 }
420
421 static void server_cache_boot_id(Server *s) {
422 sd_id128_t id;
423 int r;
424
425 assert(s);
426
427 r = sd_id128_get_boot(&id);
428 if (r < 0)
429 return;
430
431 sd_id128_to_string(id, stpcpy(s->boot_id_field, "_BOOT_ID="));
432 }
433
434 static void server_cache_hostname(Server *s) {
435 _cleanup_free_ char *t = NULL;
436 char *x;
437
438 assert(s);
439
440 t = gethostname_malloc();
441 if (!t)
442 return;
443
444 x = strappend("_HOSTNAME=", t);
445 if (!x)
446 return;
447
448 free(s->hostname_field);
449 s->hostname_field = x;
450 }
451
452 bool shall_try_append_again(JournalFile *f, int r) {
453
454 /* -E2BIG Hit configured limit
455 -EFBIG Hit fs limit
456 -EDQUOT Quota limit hit
457 -ENOSPC Disk full
458 -EHOSTDOWN Other machine
459 -EBUSY Unclean shutdown
460 -EPROTONOSUPPORT Unsupported feature
461 -EBADMSG Corrupted
462 -ENODATA Truncated
463 -ESHUTDOWN Already archived */
464
465 if (r == -E2BIG || r == -EFBIG || r == -EDQUOT || r == -ENOSPC)
466 log_debug("%s: Allocation limit reached, rotating.", f->path);
467 else if (r == -EHOSTDOWN)
468 log_info("%s: Journal file from other machine, rotating.", f->path);
469 else if (r == -EBUSY)
470 log_info("%s: Unclean shutdown, rotating.", f->path);
471 else if (r == -EPROTONOSUPPORT)
472 log_info("%s: Unsupported feature, rotating.", f->path);
473 else if (r == -EBADMSG || r == -ENODATA || r == ESHUTDOWN)
474 log_warning("%s: Journal file corrupted, rotating.", f->path);
475 else
476 return false;
477
478 return true;
479 }
480
481 static void write_to_journal(Server *s, uid_t uid, struct iovec *iovec, unsigned n, int priority) {
482 JournalFile *f;
483 bool vacuumed = false;
484 int r;
485
486 assert(s);
487 assert(iovec);
488 assert(n > 0);
489
490 f = find_journal(s, uid);
491 if (!f)
492 return;
493
494 if (journal_file_rotate_suggested(f, s->max_file_usec)) {
495 log_debug("%s: Journal header limits reached or header out-of-date, rotating.", f->path);
496 server_rotate(s);
497 server_vacuum(s);
498 vacuumed = true;
499
500 f = find_journal(s, uid);
501 if (!f)
502 return;
503 }
504
505 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
506 if (r >= 0) {
507 server_schedule_sync(s, priority);
508 return;
509 }
510
511 if (vacuumed || !shall_try_append_again(f, r)) {
512 size_t size = 0;
513 unsigned i;
514 for (i = 0; i < n; i++)
515 size += iovec[i].iov_len;
516
517 log_error("Failed to write entry (%d items, %zu bytes), ignoring: %s", n, size, strerror(-r));
518 return;
519 }
520
521 server_rotate(s);
522 server_vacuum(s);
523
524 f = find_journal(s, uid);
525 if (!f)
526 return;
527
528 log_debug("Retrying write.");
529 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
530 if (r < 0) {
531 size_t size = 0;
532 unsigned i;
533 for (i = 0; i < n; i++)
534 size += iovec[i].iov_len;
535
536 log_error("Failed to write entry (%d items, %zu bytes) despite vacuuming, ignoring: %s", n, size, strerror(-r));
537 } else
538 server_schedule_sync(s, priority);
539 }
540
541 static void dispatch_message_real(
542 Server *s,
543 struct iovec *iovec, unsigned n, unsigned m,
544 struct ucred *ucred,
545 struct timeval *tv,
546 const char *label, size_t label_len,
547 const char *unit_id,
548 int priority,
549 pid_t object_pid) {
550
551 char pid[sizeof("_PID=") + DECIMAL_STR_MAX(pid_t)],
552 uid[sizeof("_UID=") + DECIMAL_STR_MAX(uid_t)],
553 gid[sizeof("_GID=") + DECIMAL_STR_MAX(gid_t)],
554 owner_uid[sizeof("_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)],
555 source_time[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)],
556 o_uid[sizeof("OBJECT_UID=") + DECIMAL_STR_MAX(uid_t)],
557 o_gid[sizeof("OBJECT_GID=") + DECIMAL_STR_MAX(gid_t)],
558 o_owner_uid[sizeof("OBJECT_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)];
559 uid_t object_uid;
560 gid_t object_gid;
561 char *x;
562 int r;
563 char *t, *c;
564 uid_t realuid = 0, owner = 0, journal_uid;
565 bool owner_valid = false;
566 #ifdef HAVE_AUDIT
567 char audit_session[sizeof("_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
568 audit_loginuid[sizeof("_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)],
569 o_audit_session[sizeof("OBJECT_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
570 o_audit_loginuid[sizeof("OBJECT_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)];
571
572 uint32_t audit;
573 uid_t loginuid;
574 #endif
575
576 assert(s);
577 assert(iovec);
578 assert(n > 0);
579 assert(n + N_IOVEC_META_FIELDS + (object_pid ? N_IOVEC_OBJECT_FIELDS : 0) <= m);
580
581 if (ucred) {
582 realuid = ucred->uid;
583
584 sprintf(pid, "_PID=%lu", (unsigned long) ucred->pid);
585 IOVEC_SET_STRING(iovec[n++], pid);
586
587 sprintf(uid, "_UID=%lu", (unsigned long) ucred->uid);
588 IOVEC_SET_STRING(iovec[n++], uid);
589
590 sprintf(gid, "_GID=%lu", (unsigned long) ucred->gid);
591 IOVEC_SET_STRING(iovec[n++], gid);
592
593 r = get_process_comm(ucred->pid, &t);
594 if (r >= 0) {
595 x = strappenda("_COMM=", t);
596 free(t);
597 IOVEC_SET_STRING(iovec[n++], x);
598 }
599
600 r = get_process_exe(ucred->pid, &t);
601 if (r >= 0) {
602 x = strappenda("_EXE=", t);
603 free(t);
604 IOVEC_SET_STRING(iovec[n++], x);
605 }
606
607 r = get_process_cmdline(ucred->pid, 0, false, &t);
608 if (r >= 0) {
609 x = strappenda("_CMDLINE=", t);
610 free(t);
611 IOVEC_SET_STRING(iovec[n++], x);
612 }
613
614 r = get_process_capeff(ucred->pid, &t);
615 if (r >= 0) {
616 x = strappenda("_CAP_EFFECTIVE=", t);
617 free(t);
618 IOVEC_SET_STRING(iovec[n++], x);
619 }
620
621 #ifdef HAVE_AUDIT
622 r = audit_session_from_pid(ucred->pid, &audit);
623 if (r >= 0) {
624 sprintf(audit_session, "_AUDIT_SESSION=%lu", (unsigned long) audit);
625 IOVEC_SET_STRING(iovec[n++], audit_session);
626 }
627
628 r = audit_loginuid_from_pid(ucred->pid, &loginuid);
629 if (r >= 0) {
630 sprintf(audit_loginuid, "_AUDIT_LOGINUID=%lu", (unsigned long) loginuid);
631 IOVEC_SET_STRING(iovec[n++], audit_loginuid);
632 }
633 #endif
634
635 r = cg_pid_get_path_shifted(ucred->pid, s->cgroup_root, &c);
636 if (r >= 0) {
637 char *session = NULL;
638
639 x = strappenda("_SYSTEMD_CGROUP=", c);
640 IOVEC_SET_STRING(iovec[n++], x);
641
642 r = cg_path_get_session(c, &t);
643 if (r >= 0) {
644 session = strappenda("_SYSTEMD_SESSION=", t);
645 free(t);
646 IOVEC_SET_STRING(iovec[n++], session);
647 }
648
649 if (cg_path_get_owner_uid(c, &owner) >= 0) {
650 owner_valid = true;
651
652 sprintf(owner_uid, "_SYSTEMD_OWNER_UID=%lu", (unsigned long) owner);
653 IOVEC_SET_STRING(iovec[n++], owner_uid);
654 }
655
656 if (cg_path_get_unit(c, &t) >= 0) {
657 x = strappenda("_SYSTEMD_UNIT=", t);
658 free(t);
659 IOVEC_SET_STRING(iovec[n++], x);
660 } else if (unit_id && !session) {
661 x = strappenda("_SYSTEMD_UNIT=", unit_id);
662 IOVEC_SET_STRING(iovec[n++], x);
663 }
664
665 if (cg_path_get_user_unit(c, &t) >= 0) {
666 x = strappenda("_SYSTEMD_USER_UNIT=", t);
667 free(t);
668 IOVEC_SET_STRING(iovec[n++], x);
669 } else if (unit_id && session) {
670 x = strappenda("_SYSTEMD_USER_UNIT=", unit_id);
671 IOVEC_SET_STRING(iovec[n++], x);
672 }
673
674 if (cg_path_get_slice(c, &t) >= 0) {
675 x = strappenda("_SYSTEMD_SLICE=", t);
676 free(t);
677 IOVEC_SET_STRING(iovec[n++], x);
678 }
679
680 free(c);
681 } else if (unit_id) {
682 x = strappenda("_SYSTEMD_UNIT=", unit_id);
683 IOVEC_SET_STRING(iovec[n++], x);
684 }
685
686 #ifdef HAVE_SELINUX
687 if (use_selinux()) {
688 if (label) {
689 x = alloca(sizeof("_SELINUX_CONTEXT=") + label_len);
690
691 *((char*) mempcpy(stpcpy(x, "_SELINUX_CONTEXT="), label, label_len)) = 0;
692 IOVEC_SET_STRING(iovec[n++], x);
693 } else {
694 security_context_t con;
695
696 if (getpidcon(ucred->pid, &con) >= 0) {
697 x = strappenda("_SELINUX_CONTEXT=", con);
698
699 freecon(con);
700 IOVEC_SET_STRING(iovec[n++], x);
701 }
702 }
703 }
704 #endif
705 }
706 assert(n <= m);
707
708 if (object_pid) {
709 r = get_process_uid(object_pid, &object_uid);
710 if (r >= 0) {
711 sprintf(o_uid, "OBJECT_UID=%lu", (unsigned long) object_uid);
712 IOVEC_SET_STRING(iovec[n++], o_uid);
713 }
714
715 r = get_process_gid(object_pid, &object_gid);
716 if (r >= 0) {
717 sprintf(o_gid, "OBJECT_GID=%lu", (unsigned long) object_gid);
718 IOVEC_SET_STRING(iovec[n++], o_gid);
719 }
720
721 r = get_process_comm(object_pid, &t);
722 if (r >= 0) {
723 x = strappenda("OBJECT_COMM=", t);
724 free(t);
725 IOVEC_SET_STRING(iovec[n++], x);
726 }
727
728 r = get_process_exe(object_pid, &t);
729 if (r >= 0) {
730 x = strappenda("OBJECT_EXE=", t);
731 free(t);
732 IOVEC_SET_STRING(iovec[n++], x);
733 }
734
735 r = get_process_cmdline(object_pid, 0, false, &t);
736 if (r >= 0) {
737 x = strappenda("OBJECT_CMDLINE=", t);
738 free(t);
739 IOVEC_SET_STRING(iovec[n++], x);
740 }
741
742 #ifdef HAVE_AUDIT
743 r = audit_session_from_pid(object_pid, &audit);
744 if (r >= 0) {
745 sprintf(o_audit_session, "OBJECT_AUDIT_SESSION=%lu", (unsigned long) audit);
746 IOVEC_SET_STRING(iovec[n++], o_audit_session);
747 }
748
749 r = audit_loginuid_from_pid(object_pid, &loginuid);
750 if (r >= 0) {
751 sprintf(o_audit_loginuid, "OBJECT_AUDIT_LOGINUID=%lu", (unsigned long) loginuid);
752 IOVEC_SET_STRING(iovec[n++], o_audit_loginuid);
753 }
754 #endif
755
756 r = cg_pid_get_path_shifted(object_pid, s->cgroup_root, &c);
757 if (r >= 0) {
758 x = strappenda("OBJECT_SYSTEMD_CGROUP=", c);
759 IOVEC_SET_STRING(iovec[n++], x);
760
761 r = cg_path_get_session(c, &t);
762 if (r >= 0) {
763 x = strappenda("OBJECT_SYSTEMD_SESSION=", t);
764 free(t);
765 IOVEC_SET_STRING(iovec[n++], x);
766 }
767
768 if (cg_path_get_owner_uid(c, &owner) >= 0) {
769 sprintf(o_owner_uid, "OBJECT_SYSTEMD_OWNER_UID=%lu", (unsigned long) owner);
770 IOVEC_SET_STRING(iovec[n++], o_owner_uid);
771 }
772
773 if (cg_path_get_unit(c, &t) >= 0) {
774 x = strappenda("OBJECT_SYSTEMD_UNIT=", t);
775 free(t);
776 IOVEC_SET_STRING(iovec[n++], x);
777 }
778
779 if (cg_path_get_user_unit(c, &t) >= 0) {
780 x = strappenda("OBJECT_SYSTEMD_USER_UNIT=", t);
781 free(t);
782 IOVEC_SET_STRING(iovec[n++], x);
783 }
784
785 free(c);
786 }
787 }
788 assert(n <= m);
789
790 if (tv) {
791 sprintf(source_time, "_SOURCE_REALTIME_TIMESTAMP=%llu", (unsigned long long) timeval_load(tv));
792 IOVEC_SET_STRING(iovec[n++], source_time);
793 }
794
795 /* Note that strictly speaking storing the boot id here is
796 * redundant since the entry includes this in-line
797 * anyway. However, we need this indexed, too. */
798 if (!isempty(s->boot_id_field))
799 IOVEC_SET_STRING(iovec[n++], s->boot_id_field);
800
801 if (!isempty(s->machine_id_field))
802 IOVEC_SET_STRING(iovec[n++], s->machine_id_field);
803
804 if (!isempty(s->hostname_field))
805 IOVEC_SET_STRING(iovec[n++], s->hostname_field);
806
807 assert(n <= m);
808
809 if (s->split_mode == SPLIT_UID && realuid > 0)
810 /* Split up strictly by any UID */
811 journal_uid = realuid;
812 else if (s->split_mode == SPLIT_LOGIN && realuid > 0 && owner_valid && owner > 0)
813 /* Split up by login UIDs, this avoids creation of
814 * individual journals for system UIDs. We do this
815 * only if the realuid is not root, in order not to
816 * accidentally leak privileged information to the
817 * user that is logged by a privileged process that is
818 * part of an unprivileged session.*/
819 journal_uid = owner;
820 else
821 journal_uid = 0;
822
823 write_to_journal(s, journal_uid, iovec, n, priority);
824 }
825
826 void server_driver_message(Server *s, sd_id128_t message_id, const char *format, ...) {
827 char mid[11 + 32 + 1];
828 char buffer[16 + LINE_MAX + 1];
829 struct iovec iovec[N_IOVEC_META_FIELDS + 4];
830 int n = 0;
831 va_list ap;
832 struct ucred ucred = {};
833
834 assert(s);
835 assert(format);
836
837 IOVEC_SET_STRING(iovec[n++], "PRIORITY=6");
838 IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=driver");
839
840 memcpy(buffer, "MESSAGE=", 8);
841 va_start(ap, format);
842 vsnprintf(buffer + 8, sizeof(buffer) - 8, format, ap);
843 va_end(ap);
844 char_array_0(buffer);
845 IOVEC_SET_STRING(iovec[n++], buffer);
846
847 if (!sd_id128_equal(message_id, SD_ID128_NULL)) {
848 snprintf(mid, sizeof(mid), MESSAGE_ID(message_id));
849 char_array_0(mid);
850 IOVEC_SET_STRING(iovec[n++], mid);
851 }
852
853 ucred.pid = getpid();
854 ucred.uid = getuid();
855 ucred.gid = getgid();
856
857 dispatch_message_real(s, iovec, n, ELEMENTSOF(iovec), &ucred, NULL, NULL, 0, NULL, LOG_INFO, 0);
858 }
859
860 void server_dispatch_message(
861 Server *s,
862 struct iovec *iovec, unsigned n, unsigned m,
863 struct ucred *ucred,
864 struct timeval *tv,
865 const char *label, size_t label_len,
866 const char *unit_id,
867 int priority,
868 pid_t object_pid) {
869
870 int rl, r;
871 _cleanup_free_ char *path = NULL;
872 char *c;
873
874 assert(s);
875 assert(iovec || n == 0);
876
877 if (n == 0)
878 return;
879
880 if (LOG_PRI(priority) > s->max_level_store)
881 return;
882
883 /* Stop early in case the information will not be stored
884 * in a journal. */
885 if (s->storage == STORAGE_NONE)
886 return;
887
888 if (!ucred)
889 goto finish;
890
891 r = cg_pid_get_path_shifted(ucred->pid, s->cgroup_root, &path);
892 if (r < 0)
893 goto finish;
894
895 /* example: /user/lennart/3/foobar
896 * /system/dbus.service/foobar
897 *
898 * So let's cut of everything past the third /, since that is
899 * where user directories start */
900
901 c = strchr(path, '/');
902 if (c) {
903 c = strchr(c+1, '/');
904 if (c) {
905 c = strchr(c+1, '/');
906 if (c)
907 *c = 0;
908 }
909 }
910
911 rl = journal_rate_limit_test(s->rate_limit, path,
912 priority & LOG_PRIMASK, available_space(s, false));
913
914 if (rl == 0)
915 return;
916
917 /* Write a suppression message if we suppressed something */
918 if (rl > 1)
919 server_driver_message(s, SD_MESSAGE_JOURNAL_DROPPED,
920 "Suppressed %u messages from %s", rl - 1, path);
921
922 finish:
923 dispatch_message_real(s, iovec, n, m, ucred, tv, label, label_len, unit_id, priority, object_pid);
924 }
925
926
927 static int system_journal_open(Server *s) {
928 int r;
929 char *fn;
930 sd_id128_t machine;
931 char ids[33];
932
933 r = sd_id128_get_machine(&machine);
934 if (r < 0) {
935 log_error("Failed to get machine id: %s", strerror(-r));
936 return r;
937 }
938
939 sd_id128_to_string(machine, ids);
940
941 if (!s->system_journal &&
942 (s->storage == STORAGE_PERSISTENT || s->storage == STORAGE_AUTO) &&
943 access("/run/systemd/journal/flushed", F_OK) >= 0) {
944
945 /* If in auto mode: first try to create the machine
946 * path, but not the prefix.
947 *
948 * If in persistent mode: create /var/log/journal and
949 * the machine path */
950
951 if (s->storage == STORAGE_PERSISTENT)
952 (void) mkdir("/var/log/journal/", 0755);
953
954 fn = strappenda("/var/log/journal/", ids);
955 (void) mkdir(fn, 0755);
956
957 fn = strappenda(fn, "/system.journal");
958 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &s->system_journal);
959
960 if (r >= 0)
961 server_fix_perms(s, s->system_journal, 0);
962 else if (r < 0) {
963 if (r != -ENOENT && r != -EROFS)
964 log_warning("Failed to open system journal: %s", strerror(-r));
965
966 r = 0;
967 }
968 }
969
970 if (!s->runtime_journal &&
971 (s->storage != STORAGE_NONE)) {
972
973 fn = strjoin("/run/log/journal/", ids, "/system.journal", NULL);
974 if (!fn)
975 return -ENOMEM;
976
977 if (s->system_journal) {
978
979 /* Try to open the runtime journal, but only
980 * if it already exists, so that we can flush
981 * it into the system journal */
982
983 r = journal_file_open(fn, O_RDWR, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
984 free(fn);
985
986 if (r < 0) {
987 if (r != -ENOENT)
988 log_warning("Failed to open runtime journal: %s", strerror(-r));
989
990 r = 0;
991 }
992
993 } else {
994
995 /* OK, we really need the runtime journal, so create
996 * it if necessary. */
997
998 (void) mkdir_parents(fn, 0755);
999 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
1000 free(fn);
1001
1002 if (r < 0) {
1003 log_error("Failed to open runtime journal: %s", strerror(-r));
1004 return r;
1005 }
1006 }
1007
1008 if (s->runtime_journal)
1009 server_fix_perms(s, s->runtime_journal, 0);
1010 }
1011
1012 available_space(s, true);
1013
1014 return r;
1015 }
1016
1017 int server_flush_to_var(Server *s) {
1018 sd_id128_t machine;
1019 sd_journal *j = NULL;
1020 char ts[FORMAT_TIMESPAN_MAX];
1021 usec_t start;
1022 unsigned n = 0;
1023 int r;
1024
1025 assert(s);
1026
1027 if (s->storage != STORAGE_AUTO &&
1028 s->storage != STORAGE_PERSISTENT)
1029 return 0;
1030
1031 if (!s->runtime_journal)
1032 return 0;
1033
1034 system_journal_open(s);
1035
1036 if (!s->system_journal)
1037 return 0;
1038
1039 log_debug("Flushing to /var...");
1040
1041 start = now(CLOCK_MONOTONIC);
1042
1043 r = sd_id128_get_machine(&machine);
1044 if (r < 0)
1045 return r;
1046
1047 r = sd_journal_open(&j, SD_JOURNAL_RUNTIME_ONLY);
1048 if (r < 0) {
1049 log_error("Failed to read runtime journal: %s", strerror(-r));
1050 return r;
1051 }
1052
1053 sd_journal_set_data_threshold(j, 0);
1054
1055 SD_JOURNAL_FOREACH(j) {
1056 Object *o = NULL;
1057 JournalFile *f;
1058
1059 f = j->current_file;
1060 assert(f && f->current_offset > 0);
1061
1062 n++;
1063
1064 r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
1065 if (r < 0) {
1066 log_error("Can't read entry: %s", strerror(-r));
1067 goto finish;
1068 }
1069
1070 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
1071 if (r >= 0)
1072 continue;
1073
1074 if (!shall_try_append_again(s->system_journal, r)) {
1075 log_error("Can't write entry: %s", strerror(-r));
1076 goto finish;
1077 }
1078
1079 server_rotate(s);
1080 server_vacuum(s);
1081
1082 if (!s->system_journal) {
1083 log_notice("Didn't flush runtime journal since rotation of system journal wasn't successful.");
1084 r = -EIO;
1085 goto finish;
1086 }
1087
1088 log_debug("Retrying write.");
1089 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
1090 if (r < 0) {
1091 log_error("Can't write entry: %s", strerror(-r));
1092 goto finish;
1093 }
1094 }
1095
1096 finish:
1097 journal_file_post_change(s->system_journal);
1098
1099 journal_file_close(s->runtime_journal);
1100 s->runtime_journal = NULL;
1101
1102 if (r >= 0)
1103 rm_rf("/run/log/journal", false, true, false);
1104
1105 sd_journal_close(j);
1106
1107 server_driver_message(s, SD_ID128_NULL, "Time spent on flushing to /var is %s for %u entries.", format_timespan(ts, sizeof(ts), now(CLOCK_MONOTONIC) - start, 0), n);
1108
1109 return r;
1110 }
1111
1112 int process_datagram(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
1113 Server *s = userdata;
1114
1115 assert(s);
1116 assert(fd == s->native_fd || fd == s->syslog_fd);
1117
1118 if (revents != EPOLLIN) {
1119 log_error("Got invalid event from epoll for datagram fd: %"PRIx32, revents);
1120 return -EIO;
1121 }
1122
1123 for (;;) {
1124 struct ucred *ucred = NULL;
1125 struct timeval *tv = NULL;
1126 struct cmsghdr *cmsg;
1127 char *label = NULL;
1128 size_t label_len = 0;
1129 struct iovec iovec;
1130
1131 union {
1132 struct cmsghdr cmsghdr;
1133
1134 /* We use NAME_MAX space for the SELinux label
1135 * here. The kernel currently enforces no
1136 * limit, but according to suggestions from
1137 * the SELinux people this will change and it
1138 * will probably be identical to NAME_MAX. For
1139 * now we use that, but this should be updated
1140 * one day when the final limit is known.*/
1141 uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
1142 CMSG_SPACE(sizeof(struct timeval)) +
1143 CMSG_SPACE(sizeof(int)) + /* fd */
1144 CMSG_SPACE(NAME_MAX)]; /* selinux label */
1145 } control = {};
1146 struct msghdr msghdr = {
1147 .msg_iov = &iovec,
1148 .msg_iovlen = 1,
1149 .msg_control = &control,
1150 .msg_controllen = sizeof(control),
1151 };
1152
1153 ssize_t n;
1154 int v;
1155 int *fds = NULL;
1156 unsigned n_fds = 0;
1157
1158 if (ioctl(fd, SIOCINQ, &v) < 0) {
1159 log_error("SIOCINQ failed: %m");
1160 return -errno;
1161 }
1162
1163 if (!GREEDY_REALLOC(s->buffer, s->buffer_size, LINE_MAX + (size_t) v))
1164 return log_oom();
1165
1166 iovec.iov_base = s->buffer;
1167 iovec.iov_len = s->buffer_size;
1168
1169 n = recvmsg(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
1170 if (n < 0) {
1171 if (errno == EINTR || errno == EAGAIN)
1172 return 0;
1173
1174 log_error("recvmsg() failed: %m");
1175 return -errno;
1176 }
1177
1178 for (cmsg = CMSG_FIRSTHDR(&msghdr); cmsg; cmsg = CMSG_NXTHDR(&msghdr, cmsg)) {
1179
1180 if (cmsg->cmsg_level == SOL_SOCKET &&
1181 cmsg->cmsg_type == SCM_CREDENTIALS &&
1182 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
1183 ucred = (struct ucred*) CMSG_DATA(cmsg);
1184 else if (cmsg->cmsg_level == SOL_SOCKET &&
1185 cmsg->cmsg_type == SCM_SECURITY) {
1186 label = (char*) CMSG_DATA(cmsg);
1187 label_len = cmsg->cmsg_len - CMSG_LEN(0);
1188 } else if (cmsg->cmsg_level == SOL_SOCKET &&
1189 cmsg->cmsg_type == SO_TIMESTAMP &&
1190 cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval)))
1191 tv = (struct timeval*) CMSG_DATA(cmsg);
1192 else if (cmsg->cmsg_level == SOL_SOCKET &&
1193 cmsg->cmsg_type == SCM_RIGHTS) {
1194 fds = (int*) CMSG_DATA(cmsg);
1195 n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
1196 }
1197 }
1198
1199 if (fd == s->syslog_fd) {
1200 if (n > 0 && n_fds == 0) {
1201 s->buffer[n] = 0;
1202 server_process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len);
1203 } else if (n_fds > 0)
1204 log_warning("Got file descriptors via syslog socket. Ignoring.");
1205
1206 } else {
1207 if (n > 0 && n_fds == 0)
1208 server_process_native_message(s, s->buffer, n, ucred, tv, label, label_len);
1209 else if (n == 0 && n_fds == 1)
1210 server_process_native_file(s, fds[0], ucred, tv, label, label_len);
1211 else if (n_fds > 0)
1212 log_warning("Got too many file descriptors via native socket. Ignoring.");
1213 }
1214
1215 close_many(fds, n_fds);
1216 }
1217 }
1218
1219 static int dispatch_sigusr1(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1220 Server *s = userdata;
1221
1222 assert(s);
1223
1224 log_info("Received request to flush runtime journal from PID %"PRIu32, si->ssi_pid);
1225
1226 touch("/run/systemd/journal/flushed");
1227 server_flush_to_var(s);
1228 server_sync(s);
1229
1230 return 0;
1231 }
1232
1233 static int dispatch_sigusr2(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1234 Server *s = userdata;
1235
1236 assert(s);
1237
1238 log_info("Received request to rotate journal from PID %"PRIu32, si->ssi_pid);
1239 server_rotate(s);
1240 server_vacuum(s);
1241
1242 return 0;
1243 }
1244
1245 static int dispatch_sigterm(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1246 Server *s = userdata;
1247
1248 assert(s);
1249
1250 log_received_signal(LOG_INFO, si);
1251
1252 sd_event_exit(s->event, 0);
1253 return 0;
1254 }
1255
1256 static int setup_signals(Server *s) {
1257 sigset_t mask;
1258 int r;
1259
1260 assert(s);
1261
1262 assert_se(sigemptyset(&mask) == 0);
1263 sigset_add_many(&mask, SIGINT, SIGTERM, SIGUSR1, SIGUSR2, -1);
1264 assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);
1265
1266 r = sd_event_add_signal(s->event, &s->sigusr1_event_source, SIGUSR1, dispatch_sigusr1, s);
1267 if (r < 0)
1268 return r;
1269
1270 r = sd_event_add_signal(s->event, &s->sigusr2_event_source, SIGUSR2, dispatch_sigusr2, s);
1271 if (r < 0)
1272 return r;
1273
1274 r = sd_event_add_signal(s->event, &s->sigterm_event_source, SIGTERM, dispatch_sigterm, s);
1275 if (r < 0)
1276 return r;
1277
1278 r = sd_event_add_signal(s->event, &s->sigint_event_source, SIGINT, dispatch_sigterm, s);
1279 if (r < 0)
1280 return r;
1281
1282 return 0;
1283 }
1284
1285 static int server_parse_proc_cmdline(Server *s) {
1286 _cleanup_free_ char *line = NULL;
1287 char *w, *state;
1288 size_t l;
1289 int r;
1290
1291 r = proc_cmdline(&line);
1292 if (r < 0)
1293 log_warning("Failed to read /proc/cmdline, ignoring: %s", strerror(-r));
1294 if (r <= 0)
1295 return 0;
1296
1297 FOREACH_WORD_QUOTED(w, l, line, state) {
1298 _cleanup_free_ char *word;
1299
1300 word = strndup(w, l);
1301 if (!word)
1302 return -ENOMEM;
1303
1304 if (startswith(word, "systemd.journald.forward_to_syslog=")) {
1305 r = parse_boolean(word + 35);
1306 if (r < 0)
1307 log_warning("Failed to parse forward to syslog switch %s. Ignoring.", word + 35);
1308 else
1309 s->forward_to_syslog = r;
1310 } else if (startswith(word, "systemd.journald.forward_to_kmsg=")) {
1311 r = parse_boolean(word + 33);
1312 if (r < 0)
1313 log_warning("Failed to parse forward to kmsg switch %s. Ignoring.", word + 33);
1314 else
1315 s->forward_to_kmsg = r;
1316 } else if (startswith(word, "systemd.journald.forward_to_console=")) {
1317 r = parse_boolean(word + 36);
1318 if (r < 0)
1319 log_warning("Failed to parse forward to console switch %s. Ignoring.", word + 36);
1320 else
1321 s->forward_to_console = r;
1322 } else if (startswith(word, "systemd.journald.forward_to_wall=")) {
1323 r = parse_boolean(word + 33);
1324 if (r < 0)
1325 log_warning("Failed to parse forward to wall switch %s. Ignoring.", word + 33);
1326 else
1327 s->forward_to_wall = r;
1328 } else if (startswith(word, "systemd.journald"))
1329 log_warning("Invalid systemd.journald parameter. Ignoring.");
1330 }
1331
1332 return 0;
1333 }
1334
1335 static int server_parse_config_file(Server *s) {
1336 static const char fn[] = "/etc/systemd/journald.conf";
1337 _cleanup_fclose_ FILE *f = NULL;
1338 int r;
1339
1340 assert(s);
1341
1342 f = fopen(fn, "re");
1343 if (!f) {
1344 if (errno == ENOENT)
1345 return 0;
1346
1347 log_warning("Failed to open configuration file %s: %m", fn);
1348 return -errno;
1349 }
1350
1351 r = config_parse(NULL, fn, f, "Journal\0", config_item_perf_lookup,
1352 (void*) journald_gperf_lookup, false, false, s);
1353 if (r < 0)
1354 log_warning("Failed to parse configuration file: %s", strerror(-r));
1355
1356 return r;
1357 }
1358
1359 static int server_dispatch_sync(sd_event_source *es, usec_t t, void *userdata) {
1360 Server *s = userdata;
1361
1362 assert(s);
1363
1364 server_sync(s);
1365 return 0;
1366 }
1367
1368 int server_schedule_sync(Server *s, int priority) {
1369 int r;
1370
1371 assert(s);
1372
1373 if (priority <= LOG_CRIT) {
1374 /* Immediately sync to disk when this is of priority CRIT, ALERT, EMERG */
1375 server_sync(s);
1376 return 0;
1377 }
1378
1379 if (s->sync_scheduled)
1380 return 0;
1381
1382 if (s->sync_interval_usec > 0) {
1383 usec_t when;
1384
1385 r = sd_event_get_now_monotonic(s->event, &when);
1386 if (r < 0)
1387 return r;
1388
1389 when += s->sync_interval_usec;
1390
1391 if (!s->sync_event_source) {
1392 r = sd_event_add_monotonic(s->event, &s->sync_event_source, when, 0, server_dispatch_sync, s);
1393 if (r < 0)
1394 return r;
1395
1396 r = sd_event_source_set_priority(s->sync_event_source, SD_EVENT_PRIORITY_IMPORTANT);
1397 } else {
1398 r = sd_event_source_set_time(s->sync_event_source, when);
1399 if (r < 0)
1400 return r;
1401
1402 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_ONESHOT);
1403 }
1404 if (r < 0)
1405 return r;
1406
1407 s->sync_scheduled = true;
1408 }
1409
1410 return 0;
1411 }
1412
1413 static int dispatch_hostname_change(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
1414 Server *s = userdata;
1415
1416 assert(s);
1417
1418 server_cache_hostname(s);
1419 return 0;
1420 }
1421
1422 static int server_open_hostname(Server *s) {
1423 int r;
1424
1425 assert(s);
1426
1427 s->hostname_fd = open("/proc/sys/kernel/hostname", O_RDONLY|O_CLOEXEC|O_NDELAY|O_NOCTTY);
1428 if (s->hostname_fd < 0) {
1429 log_error("Failed to open /proc/sys/kernel/hostname: %m");
1430 return -errno;
1431 }
1432
1433 r = sd_event_add_io(s->event, &s->hostname_event_source, s->hostname_fd, 0, dispatch_hostname_change, s);
1434 if (r < 0) {
1435 /* kernels prior to 3.2 don't support polling this file. Ignore
1436 * the failure. */
1437 if (r == -EPERM) {
1438 log_warning("Failed to register hostname fd in event loop: %s. Ignoring.",
1439 strerror(-r));
1440 close_nointr_nofail(s->hostname_fd);
1441 s->hostname_fd = -1;
1442 return 0;
1443 }
1444
1445 log_error("Failed to register hostname fd in event loop: %s", strerror(-r));
1446 return r;
1447 }
1448
1449 r = sd_event_source_set_priority(s->hostname_event_source, SD_EVENT_PRIORITY_IMPORTANT-10);
1450 if (r < 0) {
1451 log_error("Failed to adjust priority of host name event source: %s", strerror(-r));
1452 return r;
1453 }
1454
1455 return 0;
1456 }
1457
1458 int server_init(Server *s) {
1459 int n, r, fd;
1460
1461 assert(s);
1462
1463 zero(*s);
1464 s->syslog_fd = s->native_fd = s->stdout_fd = s->dev_kmsg_fd = s->hostname_fd = -1;
1465 s->compress = true;
1466 s->seal = true;
1467
1468 s->sync_interval_usec = DEFAULT_SYNC_INTERVAL_USEC;
1469 s->sync_scheduled = false;
1470
1471 s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL;
1472 s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST;
1473
1474 s->forward_to_syslog = true;
1475 s->forward_to_wall = true;
1476
1477 s->max_level_store = LOG_DEBUG;
1478 s->max_level_syslog = LOG_DEBUG;
1479 s->max_level_kmsg = LOG_NOTICE;
1480 s->max_level_console = LOG_INFO;
1481 s->max_level_wall = LOG_EMERG;
1482
1483 memset(&s->system_metrics, 0xFF, sizeof(s->system_metrics));
1484 memset(&s->runtime_metrics, 0xFF, sizeof(s->runtime_metrics));
1485
1486 server_parse_config_file(s);
1487 server_parse_proc_cmdline(s);
1488 if (!!s->rate_limit_interval ^ !!s->rate_limit_burst) {
1489 log_debug("Setting both rate limit interval and burst from %llu,%u to 0,0",
1490 (long long unsigned) s->rate_limit_interval,
1491 s->rate_limit_burst);
1492 s->rate_limit_interval = s->rate_limit_burst = 0;
1493 }
1494
1495 mkdir_p("/run/systemd/journal", 0755);
1496
1497 s->user_journals = hashmap_new(trivial_hash_func, trivial_compare_func);
1498 if (!s->user_journals)
1499 return log_oom();
1500
1501 s->mmap = mmap_cache_new();
1502 if (!s->mmap)
1503 return log_oom();
1504
1505 r = sd_event_default(&s->event);
1506 if (r < 0) {
1507 log_error("Failed to create event loop: %s", strerror(-r));
1508 return r;
1509 }
1510
1511 sd_event_set_watchdog(s->event, true);
1512
1513 n = sd_listen_fds(true);
1514 if (n < 0) {
1515 log_error("Failed to read listening file descriptors from environment: %s", strerror(-n));
1516 return n;
1517 }
1518
1519 for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
1520
1521 if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/socket", 0) > 0) {
1522
1523 if (s->native_fd >= 0) {
1524 log_error("Too many native sockets passed.");
1525 return -EINVAL;
1526 }
1527
1528 s->native_fd = fd;
1529
1530 } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, "/run/systemd/journal/stdout", 0) > 0) {
1531
1532 if (s->stdout_fd >= 0) {
1533 log_error("Too many stdout sockets passed.");
1534 return -EINVAL;
1535 }
1536
1537 s->stdout_fd = fd;
1538
1539 } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0) {
1540
1541 if (s->syslog_fd >= 0) {
1542 log_error("Too many /dev/log sockets passed.");
1543 return -EINVAL;
1544 }
1545
1546 s->syslog_fd = fd;
1547
1548 } else {
1549 log_error("Unknown socket passed.");
1550 return -EINVAL;
1551 }
1552 }
1553
1554 r = server_open_syslog_socket(s);
1555 if (r < 0)
1556 return r;
1557
1558 r = server_open_native_socket(s);
1559 if (r < 0)
1560 return r;
1561
1562 r = server_open_stdout_socket(s);
1563 if (r < 0)
1564 return r;
1565
1566 r = server_open_dev_kmsg(s);
1567 if (r < 0)
1568 return r;
1569
1570 r = server_open_kernel_seqnum(s);
1571 if (r < 0)
1572 return r;
1573
1574 r = server_open_hostname(s);
1575 if (r < 0)
1576 return r;
1577
1578 r = setup_signals(s);
1579 if (r < 0)
1580 return r;
1581
1582 s->udev = udev_new();
1583 if (!s->udev)
1584 return -ENOMEM;
1585
1586 s->rate_limit = journal_rate_limit_new(s->rate_limit_interval, s->rate_limit_burst);
1587 if (!s->rate_limit)
1588 return -ENOMEM;
1589
1590 r = cg_get_root_path(&s->cgroup_root);
1591 if (r < 0)
1592 return r;
1593
1594 server_cache_hostname(s);
1595 server_cache_boot_id(s);
1596 server_cache_machine_id(s);
1597
1598 r = system_journal_open(s);
1599 if (r < 0)
1600 return r;
1601
1602 return 0;
1603 }
1604
1605 void server_maybe_append_tags(Server *s) {
1606 #ifdef HAVE_GCRYPT
1607 JournalFile *f;
1608 Iterator i;
1609 usec_t n;
1610
1611 n = now(CLOCK_REALTIME);
1612
1613 if (s->system_journal)
1614 journal_file_maybe_append_tag(s->system_journal, n);
1615
1616 HASHMAP_FOREACH(f, s->user_journals, i)
1617 journal_file_maybe_append_tag(f, n);
1618 #endif
1619 }
1620
1621 void server_done(Server *s) {
1622 JournalFile *f;
1623 assert(s);
1624
1625 while (s->stdout_streams)
1626 stdout_stream_free(s->stdout_streams);
1627
1628 if (s->system_journal)
1629 journal_file_close(s->system_journal);
1630
1631 if (s->runtime_journal)
1632 journal_file_close(s->runtime_journal);
1633
1634 while ((f = hashmap_steal_first(s->user_journals)))
1635 journal_file_close(f);
1636
1637 hashmap_free(s->user_journals);
1638
1639 sd_event_source_unref(s->syslog_event_source);
1640 sd_event_source_unref(s->native_event_source);
1641 sd_event_source_unref(s->stdout_event_source);
1642 sd_event_source_unref(s->dev_kmsg_event_source);
1643 sd_event_source_unref(s->sync_event_source);
1644 sd_event_source_unref(s->sigusr1_event_source);
1645 sd_event_source_unref(s->sigusr2_event_source);
1646 sd_event_source_unref(s->sigterm_event_source);
1647 sd_event_source_unref(s->sigint_event_source);
1648 sd_event_source_unref(s->hostname_event_source);
1649 sd_event_unref(s->event);
1650
1651 if (s->syslog_fd >= 0)
1652 close_nointr_nofail(s->syslog_fd);
1653
1654 if (s->native_fd >= 0)
1655 close_nointr_nofail(s->native_fd);
1656
1657 if (s->stdout_fd >= 0)
1658 close_nointr_nofail(s->stdout_fd);
1659
1660 if (s->dev_kmsg_fd >= 0)
1661 close_nointr_nofail(s->dev_kmsg_fd);
1662
1663 if (s->hostname_fd >= 0)
1664 close_nointr_nofail(s->hostname_fd);
1665
1666 if (s->rate_limit)
1667 journal_rate_limit_free(s->rate_limit);
1668
1669 if (s->kernel_seqnum)
1670 munmap(s->kernel_seqnum, sizeof(uint64_t));
1671
1672 free(s->buffer);
1673 free(s->tty_path);
1674 free(s->cgroup_root);
1675
1676 if (s->mmap)
1677 mmap_cache_unref(s->mmap);
1678
1679 if (s->udev)
1680 udev_unref(s->udev);
1681 }
Unnamed repository; edit this file 'description' to name the repository.