]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/journal/journald-server.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
journald: cache cgroup root path, instead of querying it on every incoming log message
[thirdparty/systemd.git] / src / journal / journald-server.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2011 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <sys/signalfd.h>
23 #include <sys/ioctl.h>
24 #include <linux/sockios.h>
25 #include <sys/statvfs.h>
26 #include <sys/mman.h>
27 #include <sys/timerfd.h>
28
29 #include <libudev.h>
30
31 #include "sd-journal.h"
32 #include "sd-messages.h"
33 #include "sd-daemon.h"
34 #include "fileio.h"
35 #include "mkdir.h"
36 #include "hashmap.h"
37 #include "journal-file.h"
38 #include "socket-util.h"
39 #include "cgroup-util.h"
40 #include "list.h"
41 #include "missing.h"
42 #include "conf-parser.h"
43 #include "selinux-util.h"
44 #include "journal-internal.h"
45 #include "journal-vacuum.h"
46 #include "journal-authenticate.h"
47 #include "journald-rate-limit.h"
48 #include "journald-kmsg.h"
49 #include "journald-syslog.h"
50 #include "journald-stream.h"
51 #include "journald-console.h"
52 #include "journald-native.h"
53 #include "journald-server.h"
54
55 #ifdef HAVE_ACL
56 #include <sys/acl.h>
57 #include <acl/libacl.h>
58 #include "acl-util.h"
59 #endif
60
61 #ifdef HAVE_SELINUX
62 #include <selinux/selinux.h>
63 #endif
64
65 #define USER_JOURNALS_MAX 1024
66
67 #define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
68 #define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC)
69 #define DEFAULT_RATE_LIMIT_BURST 1000
70
71 #define RECHECK_AVAILABLE_SPACE_USEC (30*USEC_PER_SEC)
72
73 static const char* const storage_table[] = {
74 [STORAGE_AUTO] = "auto",
75 [STORAGE_VOLATILE] = "volatile",
76 [STORAGE_PERSISTENT] = "persistent",
77 [STORAGE_NONE] = "none"
78 };
79
80 DEFINE_STRING_TABLE_LOOKUP(storage, Storage);
81 DEFINE_CONFIG_PARSE_ENUM(config_parse_storage, storage, Storage, "Failed to parse storage setting");
82
83 static const char* const split_mode_table[] = {
84 [SPLIT_NONE] = "none",
85 [SPLIT_UID] = "uid",
86 [SPLIT_LOGIN] = "login"
87 };
88
89 DEFINE_STRING_TABLE_LOOKUP(split_mode, SplitMode);
90 DEFINE_CONFIG_PARSE_ENUM(config_parse_split_mode, split_mode, SplitMode, "Failed to parse split mode setting");
91
92 static uint64_t available_space(Server *s, bool verbose) {
93 char ids[33];
94 _cleanup_free_ char *p = NULL;
95 sd_id128_t machine;
96 struct statvfs ss;
97 uint64_t sum = 0, ss_avail = 0, avail = 0;
98 int r;
99 _cleanup_closedir_ DIR *d = NULL;
100 usec_t ts;
101 const char *f;
102 JournalMetrics *m;
103
104 ts = now(CLOCK_MONOTONIC);
105
106 if (s->cached_available_space_timestamp + RECHECK_AVAILABLE_SPACE_USEC > ts
107 && !verbose)
108 return s->cached_available_space;
109
110 r = sd_id128_get_machine(&machine);
111 if (r < 0)
112 return 0;
113
114 if (s->system_journal) {
115 f = "/var/log/journal/";
116 m = &s->system_metrics;
117 } else {
118 f = "/run/log/journal/";
119 m = &s->runtime_metrics;
120 }
121
122 assert(m);
123
124 p = strappend(f, sd_id128_to_string(machine, ids));
125 if (!p)
126 return 0;
127
128 d = opendir(p);
129 if (!d)
130 return 0;
131
132 if (fstatvfs(dirfd(d), &ss) < 0)
133 return 0;
134
135 for (;;) {
136 struct stat st;
137 struct dirent *de;
138 union dirent_storage buf;
139
140 r = readdir_r(d, &buf.de, &de);
141 if (r != 0)
142 break;
143
144 if (!de)
145 break;
146
147 if (!endswith(de->d_name, ".journal") &&
148 !endswith(de->d_name, ".journal~"))
149 continue;
150
151 if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0)
152 continue;
153
154 if (!S_ISREG(st.st_mode))
155 continue;
156
157 sum += (uint64_t) st.st_blocks * 512UL;
158 }
159
160 ss_avail = ss.f_bsize * ss.f_bavail;
161 avail = ss_avail > m->keep_free ? ss_avail - m->keep_free : 0;
162
163 s->cached_available_space = MIN(m->max_use, avail) > sum ? MIN(m->max_use, avail) - sum : 0;
164 s->cached_available_space_timestamp = ts;
165
166 if (verbose) {
167 char fb1[FORMAT_BYTES_MAX], fb2[FORMAT_BYTES_MAX], fb3[FORMAT_BYTES_MAX],
168 fb4[FORMAT_BYTES_MAX], fb5[FORMAT_BYTES_MAX];
169
170 server_driver_message(s, SD_MESSAGE_JOURNAL_USAGE,
171 "%s journal is using %s (max %s, leaving %s of free %s, current limit %s).",
172 s->system_journal ? "Permanent" : "Runtime",
173 format_bytes(fb1, sizeof(fb1), sum),
174 format_bytes(fb2, sizeof(fb2), m->max_use),
175 format_bytes(fb3, sizeof(fb3), m->keep_free),
176 format_bytes(fb4, sizeof(fb4), ss_avail),
177 format_bytes(fb5, sizeof(fb5), MIN(m->max_use, avail)));
178 }
179
180 return s->cached_available_space;
181 }
182
183 void server_fix_perms(Server *s, JournalFile *f, uid_t uid) {
184 int r;
185 #ifdef HAVE_ACL
186 acl_t acl;
187 acl_entry_t entry;
188 acl_permset_t permset;
189 #endif
190
191 assert(f);
192
193 r = fchmod(f->fd, 0640);
194 if (r < 0)
195 log_warning("Failed to fix access mode on %s, ignoring: %s", f->path, strerror(-r));
196
197 #ifdef HAVE_ACL
198 if (uid <= 0)
199 return;
200
201 acl = acl_get_fd(f->fd);
202 if (!acl) {
203 log_warning("Failed to read ACL on %s, ignoring: %m", f->path);
204 return;
205 }
206
207 r = acl_find_uid(acl, uid, &entry);
208 if (r <= 0) {
209
210 if (acl_create_entry(&acl, &entry) < 0 ||
211 acl_set_tag_type(entry, ACL_USER) < 0 ||
212 acl_set_qualifier(entry, &uid) < 0) {
213 log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
214 goto finish;
215 }
216 }
217
218 /* We do not recalculate the mask unconditionally here,
219 * so that the fchmod() mask above stays intact. */
220 if (acl_get_permset(entry, &permset) < 0 ||
221 acl_add_perm(permset, ACL_READ) < 0 ||
222 calc_acl_mask_if_needed(&acl) < 0) {
223 log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
224 goto finish;
225 }
226
227 if (acl_set_fd(f->fd, acl) < 0)
228 log_warning("Failed to set ACL on %s, ignoring: %m", f->path);
229
230 finish:
231 acl_free(acl);
232 #endif
233 }
234
235 static JournalFile* find_journal(Server *s, uid_t uid) {
236 _cleanup_free_ char *p = NULL;
237 int r;
238 JournalFile *f;
239 sd_id128_t machine;
240
241 assert(s);
242
243 /* We split up user logs only on /var, not on /run. If the
244 * runtime file is open, we write to it exclusively, in order
245 * to guarantee proper order as soon as we flush /run to
246 * /var and close the runtime file. */
247
248 if (s->runtime_journal)
249 return s->runtime_journal;
250
251 if (uid <= 0)
252 return s->system_journal;
253
254 r = sd_id128_get_machine(&machine);
255 if (r < 0)
256 return s->system_journal;
257
258 f = hashmap_get(s->user_journals, UINT32_TO_PTR(uid));
259 if (f)
260 return f;
261
262 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/user-%lu.journal",
263 SD_ID128_FORMAT_VAL(machine), (unsigned long) uid) < 0)
264 return s->system_journal;
265
266 while (hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
267 /* Too many open? Then let's close one */
268 f = hashmap_steal_first(s->user_journals);
269 assert(f);
270 journal_file_close(f);
271 }
272
273 r = journal_file_open_reliably(p, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &f);
274 if (r < 0)
275 return s->system_journal;
276
277 server_fix_perms(s, f, uid);
278
279 r = hashmap_put(s->user_journals, UINT32_TO_PTR(uid), f);
280 if (r < 0) {
281 journal_file_close(f);
282 return s->system_journal;
283 }
284
285 return f;
286 }
287
288 void server_rotate(Server *s) {
289 JournalFile *f;
290 void *k;
291 Iterator i;
292 int r;
293
294 log_debug("Rotating...");
295
296 if (s->runtime_journal) {
297 r = journal_file_rotate(&s->runtime_journal, s->compress, false);
298 if (r < 0)
299 if (s->runtime_journal)
300 log_error("Failed to rotate %s: %s", s->runtime_journal->path, strerror(-r));
301 else
302 log_error("Failed to create new runtime journal: %s", strerror(-r));
303 else
304 server_fix_perms(s, s->runtime_journal, 0);
305 }
306
307 if (s->system_journal) {
308 r = journal_file_rotate(&s->system_journal, s->compress, s->seal);
309 if (r < 0)
310 if (s->system_journal)
311 log_error("Failed to rotate %s: %s", s->system_journal->path, strerror(-r));
312 else
313 log_error("Failed to create new system journal: %s", strerror(-r));
314
315 else
316 server_fix_perms(s, s->system_journal, 0);
317 }
318
319 HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
320 r = journal_file_rotate(&f, s->compress, s->seal);
321 if (r < 0)
322 if (f)
323 log_error("Failed to rotate %s: %s", f->path, strerror(-r));
324 else {
325 log_error("Failed to create user journal: %s", strerror(-r));
326 hashmap_remove(s->user_journals, k);
327 }
328 else {
329 hashmap_replace(s->user_journals, k, f);
330 server_fix_perms(s, f, PTR_TO_UINT32(k));
331 }
332 }
333 }
334
335 void server_sync(Server *s) {
336 JournalFile *f;
337 void *k;
338 Iterator i;
339 int r;
340
341 if (s->system_journal) {
342 r = journal_file_set_offline(s->system_journal);
343 if (r < 0)
344 log_error("Failed to sync system journal: %s", strerror(-r));
345 }
346
347 HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
348 r = journal_file_set_offline(f);
349 if (r < 0)
350 log_error("Failed to sync user journal: %s", strerror(-r));
351 }
352
353 if (s->sync_event_source) {
354 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_OFF);
355 if (r < 0)
356 log_error("Failed to disable sync timer source: %s", strerror(-r));
357 }
358
359 s->sync_scheduled = false;
360 }
361
362 void server_vacuum(Server *s) {
363 char ids[33];
364 sd_id128_t machine;
365 int r;
366
367 log_debug("Vacuuming...");
368
369 s->oldest_file_usec = 0;
370
371 r = sd_id128_get_machine(&machine);
372 if (r < 0) {
373 log_error("Failed to get machine ID: %s", strerror(-r));
374 return;
375 }
376
377 sd_id128_to_string(machine, ids);
378
379 if (s->system_journal) {
380 char *p = strappenda("/var/log/journal/", ids);
381
382 r = journal_directory_vacuum(p, s->system_metrics.max_use, s->system_metrics.keep_free, s->max_retention_usec, &s->oldest_file_usec);
383 if (r < 0 && r != -ENOENT)
384 log_error("Failed to vacuum %s: %s", p, strerror(-r));
385 }
386
387 if (s->runtime_journal) {
388 char *p = strappenda("/run/log/journal/", ids);
389
390 r = journal_directory_vacuum(p, s->runtime_metrics.max_use, s->runtime_metrics.keep_free, s->max_retention_usec, &s->oldest_file_usec);
391 if (r < 0 && r != -ENOENT)
392 log_error("Failed to vacuum %s: %s", p, strerror(-r));
393 }
394
395 s->cached_available_space_timestamp = 0;
396 }
397
398 static void server_cache_machine_id(Server *s) {
399 sd_id128_t id;
400 int r;
401
402 assert(s);
403
404 r = sd_id128_get_machine(&id);
405 if (r < 0)
406 return;
407
408 sd_id128_to_string(id, stpcpy(s->machine_id_field, "_MACHINE_ID="));
409 }
410
411 static void server_cache_boot_id(Server *s) {
412 sd_id128_t id;
413 int r;
414
415 assert(s);
416
417 r = sd_id128_get_boot(&id);
418 if (r < 0)
419 return;
420
421 sd_id128_to_string(id, stpcpy(s->boot_id_field, "_BOOT_ID="));
422 }
423
424 static void server_cache_hostname(Server *s) {
425 _cleanup_free_ char *t = NULL;
426 char *x;
427
428 assert(s);
429
430 t = gethostname_malloc();
431 if (!t)
432 return;
433
434 x = strappend("_HOSTNAME=", t);
435 if (!x)
436 return;
437
438 free(s->hostname_field);
439 s->hostname_field = x;
440 }
441
442 bool shall_try_append_again(JournalFile *f, int r) {
443
444 /* -E2BIG Hit configured limit
445 -EFBIG Hit fs limit
446 -EDQUOT Quota limit hit
447 -ENOSPC Disk full
448 -EHOSTDOWN Other machine
449 -EBUSY Unclean shutdown
450 -EPROTONOSUPPORT Unsupported feature
451 -EBADMSG Corrupted
452 -ENODATA Truncated
453 -ESHUTDOWN Already archived */
454
455 if (r == -E2BIG || r == -EFBIG || r == -EDQUOT || r == -ENOSPC)
456 log_debug("%s: Allocation limit reached, rotating.", f->path);
457 else if (r == -EHOSTDOWN)
458 log_info("%s: Journal file from other machine, rotating.", f->path);
459 else if (r == -EBUSY)
460 log_info("%s: Unclean shutdown, rotating.", f->path);
461 else if (r == -EPROTONOSUPPORT)
462 log_info("%s: Unsupported feature, rotating.", f->path);
463 else if (r == -EBADMSG || r == -ENODATA || r == ESHUTDOWN)
464 log_warning("%s: Journal file corrupted, rotating.", f->path);
465 else
466 return false;
467
468 return true;
469 }
470
471 static void write_to_journal(Server *s, uid_t uid, struct iovec *iovec, unsigned n, int priority) {
472 JournalFile *f;
473 bool vacuumed = false;
474 int r;
475
476 assert(s);
477 assert(iovec);
478 assert(n > 0);
479
480 f = find_journal(s, uid);
481 if (!f)
482 return;
483
484 if (journal_file_rotate_suggested(f, s->max_file_usec)) {
485 log_debug("%s: Journal header limits reached or header out-of-date, rotating.", f->path);
486 server_rotate(s);
487 server_vacuum(s);
488 vacuumed = true;
489
490 f = find_journal(s, uid);
491 if (!f)
492 return;
493 }
494
495 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
496 if (r >= 0) {
497 server_schedule_sync(s, priority);
498 return;
499 }
500
501 if (vacuumed || !shall_try_append_again(f, r)) {
502 size_t size = 0;
503 unsigned i;
504 for (i = 0; i < n; i++)
505 size += iovec[i].iov_len;
506
507 log_error("Failed to write entry (%d items, %zu bytes), ignoring: %s", n, size, strerror(-r));
508 return;
509 }
510
511 server_rotate(s);
512 server_vacuum(s);
513
514 f = find_journal(s, uid);
515 if (!f)
516 return;
517
518 log_debug("Retrying write.");
519 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
520 if (r < 0) {
521 size_t size = 0;
522 unsigned i;
523 for (i = 0; i < n; i++)
524 size += iovec[i].iov_len;
525
526 log_error("Failed to write entry (%d items, %zu bytes) despite vacuuming, ignoring: %s", n, size, strerror(-r));
527 } else
528 server_schedule_sync(s, priority);
529 }
530
531 static void dispatch_message_real(
532 Server *s,
533 struct iovec *iovec, unsigned n, unsigned m,
534 struct ucred *ucred,
535 struct timeval *tv,
536 const char *label, size_t label_len,
537 const char *unit_id,
538 int priority,
539 pid_t object_pid) {
540
541 char pid[sizeof("_PID=") + DECIMAL_STR_MAX(pid_t)],
542 uid[sizeof("_UID=") + DECIMAL_STR_MAX(uid_t)],
543 gid[sizeof("_GID=") + DECIMAL_STR_MAX(gid_t)],
544 owner_uid[sizeof("_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)],
545 source_time[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)],
546 o_uid[sizeof("OBJECT_UID=") + DECIMAL_STR_MAX(uid_t)],
547 o_gid[sizeof("OBJECT_GID=") + DECIMAL_STR_MAX(gid_t)],
548 o_owner_uid[sizeof("OBJECT_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)];
549 uid_t object_uid;
550 gid_t object_gid;
551 char *x;
552 int r;
553 char *t, *c;
554 uid_t realuid = 0, owner = 0, journal_uid;
555 bool owner_valid = false;
556 #ifdef HAVE_AUDIT
557 char audit_session[sizeof("_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
558 audit_loginuid[sizeof("_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)],
559 o_audit_session[sizeof("OBJECT_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
560 o_audit_loginuid[sizeof("OBJECT_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)];
561
562 uint32_t audit;
563 uid_t loginuid;
564 #endif
565
566 assert(s);
567 assert(iovec);
568 assert(n > 0);
569 assert(n + N_IOVEC_META_FIELDS + (object_pid ? N_IOVEC_OBJECT_FIELDS : 0) <= m);
570
571 if (ucred) {
572 realuid = ucred->uid;
573
574 sprintf(pid, "_PID=%lu", (unsigned long) ucred->pid);
575 IOVEC_SET_STRING(iovec[n++], pid);
576
577 sprintf(uid, "_UID=%lu", (unsigned long) ucred->uid);
578 IOVEC_SET_STRING(iovec[n++], uid);
579
580 sprintf(gid, "_GID=%lu", (unsigned long) ucred->gid);
581 IOVEC_SET_STRING(iovec[n++], gid);
582
583 r = get_process_comm(ucred->pid, &t);
584 if (r >= 0) {
585 x = strappenda("_COMM=", t);
586 free(t);
587 IOVEC_SET_STRING(iovec[n++], x);
588 }
589
590 r = get_process_exe(ucred->pid, &t);
591 if (r >= 0) {
592 x = strappenda("_EXE=", t);
593 free(t);
594 IOVEC_SET_STRING(iovec[n++], x);
595 }
596
597 r = get_process_cmdline(ucred->pid, 0, false, &t);
598 if (r >= 0) {
599 x = strappenda("_CMDLINE=", t);
600 free(t);
601 IOVEC_SET_STRING(iovec[n++], x);
602 }
603
604 r = get_process_capeff(ucred->pid, &t);
605 if (r >= 0) {
606 x = strappenda("_CAP_EFFECTIVE=", t);
607 free(t);
608 IOVEC_SET_STRING(iovec[n++], x);
609 }
610
611 #ifdef HAVE_AUDIT
612 r = audit_session_from_pid(ucred->pid, &audit);
613 if (r >= 0) {
614 sprintf(audit_session, "_AUDIT_SESSION=%lu", (unsigned long) audit);
615 IOVEC_SET_STRING(iovec[n++], audit_session);
616 }
617
618 r = audit_loginuid_from_pid(ucred->pid, &loginuid);
619 if (r >= 0) {
620 sprintf(audit_loginuid, "_AUDIT_LOGINUID=%lu", (unsigned long) loginuid);
621 IOVEC_SET_STRING(iovec[n++], audit_loginuid);
622 }
623 #endif
624
625 r = cg_pid_get_path_shifted(ucred->pid, s->cgroup_root, &c);
626 if (r >= 0) {
627 char *session = NULL;
628
629 x = strappenda("_SYSTEMD_CGROUP=", c);
630 IOVEC_SET_STRING(iovec[n++], x);
631
632 r = cg_path_get_session(c, &t);
633 if (r >= 0) {
634 session = strappenda("_SYSTEMD_SESSION=", t);
635 free(t);
636 IOVEC_SET_STRING(iovec[n++], session);
637 }
638
639 if (cg_path_get_owner_uid(c, &owner) >= 0) {
640 owner_valid = true;
641
642 sprintf(owner_uid, "_SYSTEMD_OWNER_UID=%lu", (unsigned long) owner);
643 IOVEC_SET_STRING(iovec[n++], owner_uid);
644 }
645
646 if (cg_path_get_unit(c, &t) >= 0) {
647 x = strappenda("_SYSTEMD_UNIT=", t);
648 free(t);
649 IOVEC_SET_STRING(iovec[n++], x);
650 } else if (unit_id && !session) {
651 x = strappenda("_SYSTEMD_UNIT=", unit_id);
652 IOVEC_SET_STRING(iovec[n++], x);
653 }
654
655 if (cg_path_get_user_unit(c, &t) >= 0) {
656 x = strappenda("_SYSTEMD_USER_UNIT=", t);
657 free(t);
658 IOVEC_SET_STRING(iovec[n++], x);
659 } else if (unit_id && session) {
660 x = strappenda("_SYSTEMD_USER_UNIT=", unit_id);
661 IOVEC_SET_STRING(iovec[n++], x);
662 }
663
664 if (cg_path_get_slice(c, &t) >= 0) {
665 x = strappenda("_SYSTEMD_SLICE=", t);
666 free(t);
667 IOVEC_SET_STRING(iovec[n++], x);
668 }
669
670 free(c);
671 } else if (unit_id) {
672 x = strappenda("_SYSTEMD_UNIT=", unit_id);
673 IOVEC_SET_STRING(iovec[n++], x);
674 }
675
676 #ifdef HAVE_SELINUX
677 if (use_selinux()) {
678 if (label) {
679 x = alloca(sizeof("_SELINUX_CONTEXT=") + label_len);
680
681 *((char*) mempcpy(stpcpy(x, "_SELINUX_CONTEXT="), label, label_len)) = 0;
682 IOVEC_SET_STRING(iovec[n++], x);
683 } else {
684 security_context_t con;
685
686 if (getpidcon(ucred->pid, &con) >= 0) {
687 x = strappenda("_SELINUX_CONTEXT=", con);
688
689 freecon(con);
690 IOVEC_SET_STRING(iovec[n++], x);
691 }
692 }
693 }
694 #endif
695 }
696 assert(n <= m);
697
698 if (object_pid) {
699 r = get_process_uid(object_pid, &object_uid);
700 if (r >= 0) {
701 sprintf(o_uid, "OBJECT_UID=%lu", (unsigned long) object_uid);
702 IOVEC_SET_STRING(iovec[n++], o_uid);
703 }
704
705 r = get_process_gid(object_pid, &object_gid);
706 if (r >= 0) {
707 sprintf(o_gid, "OBJECT_GID=%lu", (unsigned long) object_gid);
708 IOVEC_SET_STRING(iovec[n++], o_gid);
709 }
710
711 r = get_process_comm(object_pid, &t);
712 if (r >= 0) {
713 x = strappenda("OBJECT_COMM=", t);
714 free(t);
715 IOVEC_SET_STRING(iovec[n++], x);
716 }
717
718 r = get_process_exe(object_pid, &t);
719 if (r >= 0) {
720 x = strappenda("OBJECT_EXE=", t);
721 free(t);
722 IOVEC_SET_STRING(iovec[n++], x);
723 }
724
725 r = get_process_cmdline(object_pid, 0, false, &t);
726 if (r >= 0) {
727 x = strappenda("OBJECT_CMDLINE=", t);
728 free(t);
729 IOVEC_SET_STRING(iovec[n++], x);
730 }
731
732 #ifdef HAVE_AUDIT
733 r = audit_session_from_pid(object_pid, &audit);
734 if (r >= 0) {
735 sprintf(o_audit_session, "OBJECT_AUDIT_SESSION=%lu", (unsigned long) audit);
736 IOVEC_SET_STRING(iovec[n++], o_audit_session);
737 }
738
739 r = audit_loginuid_from_pid(object_pid, &loginuid);
740 if (r >= 0) {
741 sprintf(o_audit_loginuid, "OBJECT_AUDIT_LOGINUID=%lu", (unsigned long) loginuid);
742 IOVEC_SET_STRING(iovec[n++], o_audit_loginuid);
743 }
744 #endif
745
746 r = cg_pid_get_path_shifted(object_pid, s->cgroup_root, &c);
747 if (r >= 0) {
748 x = strappenda("OBJECT_SYSTEMD_CGROUP=", c);
749 IOVEC_SET_STRING(iovec[n++], x);
750
751 r = cg_path_get_session(c, &t);
752 if (r >= 0) {
753 x = strappenda("OBJECT_SYSTEMD_SESSION=", t);
754 free(t);
755 IOVEC_SET_STRING(iovec[n++], x);
756 }
757
758 if (cg_path_get_owner_uid(c, &owner) >= 0) {
759 sprintf(o_owner_uid, "OBJECT_SYSTEMD_OWNER_UID=%lu", (unsigned long) owner);
760 IOVEC_SET_STRING(iovec[n++], o_owner_uid);
761 }
762
763 if (cg_path_get_unit(c, &t) >= 0) {
764 x = strappenda("OBJECT_SYSTEMD_UNIT=", t);
765 free(t);
766 IOVEC_SET_STRING(iovec[n++], x);
767 }
768
769 if (cg_path_get_user_unit(c, &t) >= 0) {
770 x = strappenda("OBJECT_SYSTEMD_USER_UNIT=", t);
771 free(t);
772 IOVEC_SET_STRING(iovec[n++], x);
773 }
774
775 free(c);
776 }
777 }
778 assert(n <= m);
779
780 if (tv) {
781 sprintf(source_time, "_SOURCE_REALTIME_TIMESTAMP=%llu", (unsigned long long) timeval_load(tv));
782 IOVEC_SET_STRING(iovec[n++], source_time);
783 }
784
785 /* Note that strictly speaking storing the boot id here is
786 * redundant since the entry includes this in-line
787 * anyway. However, we need this indexed, too. */
788 if (!isempty(s->boot_id_field))
789 IOVEC_SET_STRING(iovec[n++], s->boot_id_field);
790
791 if (!isempty(s->machine_id_field))
792 IOVEC_SET_STRING(iovec[n++], s->machine_id_field);
793
794 if (!isempty(s->hostname_field))
795 IOVEC_SET_STRING(iovec[n++], s->hostname_field);
796
797 assert(n <= m);
798
799 if (s->split_mode == SPLIT_UID && realuid > 0)
800 /* Split up strictly by any UID */
801 journal_uid = realuid;
802 else if (s->split_mode == SPLIT_LOGIN && realuid > 0 && owner_valid && owner > 0)
803 /* Split up by login UIDs, this avoids creation of
804 * individual journals for system UIDs. We do this
805 * only if the realuid is not root, in order not to
806 * accidentally leak privileged information to the
807 * user that is logged by a privileged process that is
808 * part of an unprivileged session.*/
809 journal_uid = owner;
810 else
811 journal_uid = 0;
812
813 write_to_journal(s, journal_uid, iovec, n, priority);
814 }
815
816 void server_driver_message(Server *s, sd_id128_t message_id, const char *format, ...) {
817 char mid[11 + 32 + 1];
818 char buffer[16 + LINE_MAX + 1];
819 struct iovec iovec[N_IOVEC_META_FIELDS + 4];
820 int n = 0;
821 va_list ap;
822 struct ucred ucred = {};
823
824 assert(s);
825 assert(format);
826
827 IOVEC_SET_STRING(iovec[n++], "PRIORITY=6");
828 IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=driver");
829
830 memcpy(buffer, "MESSAGE=", 8);
831 va_start(ap, format);
832 vsnprintf(buffer + 8, sizeof(buffer) - 8, format, ap);
833 va_end(ap);
834 char_array_0(buffer);
835 IOVEC_SET_STRING(iovec[n++], buffer);
836
837 if (!sd_id128_equal(message_id, SD_ID128_NULL)) {
838 snprintf(mid, sizeof(mid), MESSAGE_ID(message_id));
839 char_array_0(mid);
840 IOVEC_SET_STRING(iovec[n++], mid);
841 }
842
843 ucred.pid = getpid();
844 ucred.uid = getuid();
845 ucred.gid = getgid();
846
847 dispatch_message_real(s, iovec, n, ELEMENTSOF(iovec), &ucred, NULL, NULL, 0, NULL, LOG_INFO, 0);
848 }
849
850 void server_dispatch_message(
851 Server *s,
852 struct iovec *iovec, unsigned n, unsigned m,
853 struct ucred *ucred,
854 struct timeval *tv,
855 const char *label, size_t label_len,
856 const char *unit_id,
857 int priority,
858 pid_t object_pid) {
859
860 int rl, r;
861 _cleanup_free_ char *path = NULL;
862 char *c;
863
864 assert(s);
865 assert(iovec || n == 0);
866
867 if (n == 0)
868 return;
869
870 if (LOG_PRI(priority) > s->max_level_store)
871 return;
872
873 /* Stop early in case the information will not be stored
874 * in a journal. */
875 if (s->storage == STORAGE_NONE)
876 return;
877
878 if (!ucred)
879 goto finish;
880
881 r = cg_pid_get_path_shifted(ucred->pid, s->cgroup_root, &path);
882 if (r < 0)
883 goto finish;
884
885 /* example: /user/lennart/3/foobar
886 * /system/dbus.service/foobar
887 *
888 * So let's cut of everything past the third /, since that is
889 * where user directories start */
890
891 c = strchr(path, '/');
892 if (c) {
893 c = strchr(c+1, '/');
894 if (c) {
895 c = strchr(c+1, '/');
896 if (c)
897 *c = 0;
898 }
899 }
900
901 rl = journal_rate_limit_test(s->rate_limit, path,
902 priority & LOG_PRIMASK, available_space(s, false));
903
904 if (rl == 0)
905 return;
906
907 /* Write a suppression message if we suppressed something */
908 if (rl > 1)
909 server_driver_message(s, SD_MESSAGE_JOURNAL_DROPPED,
910 "Suppressed %u messages from %s", rl - 1, path);
911
912 finish:
913 dispatch_message_real(s, iovec, n, m, ucred, tv, label, label_len, unit_id, priority, object_pid);
914 }
915
916
917 static int system_journal_open(Server *s) {
918 int r;
919 char *fn;
920 sd_id128_t machine;
921 char ids[33];
922
923 r = sd_id128_get_machine(&machine);
924 if (r < 0) {
925 log_error("Failed to get machine id: %s", strerror(-r));
926 return r;
927 }
928
929 sd_id128_to_string(machine, ids);
930
931 if (!s->system_journal &&
932 (s->storage == STORAGE_PERSISTENT || s->storage == STORAGE_AUTO) &&
933 access("/run/systemd/journal/flushed", F_OK) >= 0) {
934
935 /* If in auto mode: first try to create the machine
936 * path, but not the prefix.
937 *
938 * If in persistent mode: create /var/log/journal and
939 * the machine path */
940
941 if (s->storage == STORAGE_PERSISTENT)
942 (void) mkdir("/var/log/journal/", 0755);
943
944 fn = strappenda("/var/log/journal/", ids);
945 (void) mkdir(fn, 0755);
946
947 fn = strappenda(fn, "/system.journal");
948 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &s->system_journal);
949
950 if (r >= 0)
951 server_fix_perms(s, s->system_journal, 0);
952 else if (r < 0) {
953 if (r != -ENOENT && r != -EROFS)
954 log_warning("Failed to open system journal: %s", strerror(-r));
955
956 r = 0;
957 }
958 }
959
960 if (!s->runtime_journal &&
961 (s->storage != STORAGE_NONE)) {
962
963 fn = strjoin("/run/log/journal/", ids, "/system.journal", NULL);
964 if (!fn)
965 return -ENOMEM;
966
967 if (s->system_journal) {
968
969 /* Try to open the runtime journal, but only
970 * if it already exists, so that we can flush
971 * it into the system journal */
972
973 r = journal_file_open(fn, O_RDWR, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
974 free(fn);
975
976 if (r < 0) {
977 if (r != -ENOENT)
978 log_warning("Failed to open runtime journal: %s", strerror(-r));
979
980 r = 0;
981 }
982
983 } else {
984
985 /* OK, we really need the runtime journal, so create
986 * it if necessary. */
987
988 (void) mkdir_parents(fn, 0755);
989 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
990 free(fn);
991
992 if (r < 0) {
993 log_error("Failed to open runtime journal: %s", strerror(-r));
994 return r;
995 }
996 }
997
998 if (s->runtime_journal)
999 server_fix_perms(s, s->runtime_journal, 0);
1000 }
1001
1002 available_space(s, true);
1003
1004 return r;
1005 }
1006
1007 int server_flush_to_var(Server *s) {
1008 sd_id128_t machine;
1009 sd_journal *j = NULL;
1010 char ts[FORMAT_TIMESPAN_MAX];
1011 usec_t start;
1012 unsigned n = 0;
1013 int r;
1014
1015 assert(s);
1016
1017 if (s->storage != STORAGE_AUTO &&
1018 s->storage != STORAGE_PERSISTENT)
1019 return 0;
1020
1021 if (!s->runtime_journal)
1022 return 0;
1023
1024 system_journal_open(s);
1025
1026 if (!s->system_journal)
1027 return 0;
1028
1029 log_debug("Flushing to /var...");
1030
1031 start = now(CLOCK_MONOTONIC);
1032
1033 r = sd_id128_get_machine(&machine);
1034 if (r < 0)
1035 return r;
1036
1037 r = sd_journal_open(&j, SD_JOURNAL_RUNTIME_ONLY);
1038 if (r < 0) {
1039 log_error("Failed to read runtime journal: %s", strerror(-r));
1040 return r;
1041 }
1042
1043 sd_journal_set_data_threshold(j, 0);
1044
1045 SD_JOURNAL_FOREACH(j) {
1046 Object *o = NULL;
1047 JournalFile *f;
1048
1049 f = j->current_file;
1050 assert(f && f->current_offset > 0);
1051
1052 n++;
1053
1054 r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
1055 if (r < 0) {
1056 log_error("Can't read entry: %s", strerror(-r));
1057 goto finish;
1058 }
1059
1060 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
1061 if (r >= 0)
1062 continue;
1063
1064 if (!shall_try_append_again(s->system_journal, r)) {
1065 log_error("Can't write entry: %s", strerror(-r));
1066 goto finish;
1067 }
1068
1069 server_rotate(s);
1070 server_vacuum(s);
1071
1072 if (!s->system_journal) {
1073 log_notice("Didn't flush runtime journal since rotation of system journal wasn't successful.");
1074 r = -EIO;
1075 goto finish;
1076 }
1077
1078 log_debug("Retrying write.");
1079 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
1080 if (r < 0) {
1081 log_error("Can't write entry: %s", strerror(-r));
1082 goto finish;
1083 }
1084 }
1085
1086 finish:
1087 journal_file_post_change(s->system_journal);
1088
1089 journal_file_close(s->runtime_journal);
1090 s->runtime_journal = NULL;
1091
1092 if (r >= 0)
1093 rm_rf("/run/log/journal", false, true, false);
1094
1095 sd_journal_close(j);
1096
1097 server_driver_message(s, SD_ID128_NULL, "Time spent on flushing to /var is %s for %u entries.", format_timespan(ts, sizeof(ts), now(CLOCK_MONOTONIC) - start, 0), n);
1098
1099 return r;
1100 }
1101
1102 int process_datagram(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
1103 Server *s = userdata;
1104
1105 assert(s);
1106 assert(fd == s->native_fd || fd == s->syslog_fd);
1107
1108 if (revents != EPOLLIN) {
1109 log_error("Got invalid event from epoll for datagram fd: %"PRIx32, revents);
1110 return -EIO;
1111 }
1112
1113 for (;;) {
1114 struct ucred *ucred = NULL;
1115 struct timeval *tv = NULL;
1116 struct cmsghdr *cmsg;
1117 char *label = NULL;
1118 size_t label_len = 0;
1119 struct iovec iovec;
1120
1121 union {
1122 struct cmsghdr cmsghdr;
1123
1124 /* We use NAME_MAX space for the
1125 * SELinux label here. The kernel
1126 * currently enforces no limit, but
1127 * according to suggestions from the
1128 * SELinux people this will change and
1129 * it will probably be identical to
1130 * NAME_MAX. For now we use that, but
1131 * this should be updated one day when
1132 * the final limit is known.*/
1133 uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
1134 CMSG_SPACE(sizeof(struct timeval)) +
1135 CMSG_SPACE(sizeof(int)) + /* fd */
1136 CMSG_SPACE(NAME_MAX)]; /* selinux label */
1137 } control = {};
1138 struct msghdr msghdr = {
1139 .msg_iov = &iovec,
1140 .msg_iovlen = 1,
1141 .msg_control = &control,
1142 .msg_controllen = sizeof(control),
1143 };
1144
1145 ssize_t n;
1146 int v;
1147 int *fds = NULL;
1148 unsigned n_fds = 0;
1149
1150 if (ioctl(fd, SIOCINQ, &v) < 0) {
1151 log_error("SIOCINQ failed: %m");
1152 return -errno;
1153 }
1154
1155 if (!GREEDY_REALLOC(s->buffer, s->buffer_size, LINE_MAX + (size_t) v))
1156 return log_oom();
1157
1158 iovec.iov_base = s->buffer;
1159 iovec.iov_len = s->buffer_size;
1160
1161 n = recvmsg(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
1162 if (n < 0) {
1163 if (errno == EINTR || errno == EAGAIN)
1164 return 0;
1165
1166 log_error("recvmsg() failed: %m");
1167 return -errno;
1168 }
1169
1170 for (cmsg = CMSG_FIRSTHDR(&msghdr); cmsg; cmsg = CMSG_NXTHDR(&msghdr, cmsg)) {
1171
1172 if (cmsg->cmsg_level == SOL_SOCKET &&
1173 cmsg->cmsg_type == SCM_CREDENTIALS &&
1174 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
1175 ucred = (struct ucred*) CMSG_DATA(cmsg);
1176 else if (cmsg->cmsg_level == SOL_SOCKET &&
1177 cmsg->cmsg_type == SCM_SECURITY) {
1178 label = (char*) CMSG_DATA(cmsg);
1179 label_len = cmsg->cmsg_len - CMSG_LEN(0);
1180 } else if (cmsg->cmsg_level == SOL_SOCKET &&
1181 cmsg->cmsg_type == SO_TIMESTAMP &&
1182 cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval)))
1183 tv = (struct timeval*) CMSG_DATA(cmsg);
1184 else if (cmsg->cmsg_level == SOL_SOCKET &&
1185 cmsg->cmsg_type == SCM_RIGHTS) {
1186 fds = (int*) CMSG_DATA(cmsg);
1187 n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
1188 }
1189 }
1190
1191 if (fd == s->syslog_fd) {
1192 if (n > 0 && n_fds == 0) {
1193 s->buffer[n] = 0;
1194 server_process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len);
1195 } else if (n_fds > 0)
1196 log_warning("Got file descriptors via syslog socket. Ignoring.");
1197
1198 } else {
1199 if (n > 0 && n_fds == 0)
1200 server_process_native_message(s, s->buffer, n, ucred, tv, label, label_len);
1201 else if (n == 0 && n_fds == 1)
1202 server_process_native_file(s, fds[0], ucred, tv, label, label_len);
1203 else if (n_fds > 0)
1204 log_warning("Got too many file descriptors via native socket. Ignoring.");
1205 }
1206
1207 close_many(fds, n_fds);
1208 }
1209
1210 return 0;
1211 }
1212
1213 static int dispatch_sigusr1(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1214 Server *s = userdata;
1215
1216 assert(s);
1217
1218 log_info("Received request to flush runtime journal from PID %"PRIu32, si->ssi_pid);
1219
1220 touch("/run/systemd/journal/flushed");
1221 server_flush_to_var(s);
1222 server_sync(s);
1223
1224 return 0;
1225 }
1226
1227 static int dispatch_sigusr2(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1228 Server *s = userdata;
1229
1230 assert(s);
1231
1232 log_info("Received request to rotate journal from PID %"PRIu32, si->ssi_pid);
1233 server_rotate(s);
1234 server_vacuum(s);
1235
1236 return 0;
1237 }
1238
1239 static int dispatch_sigterm(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1240 Server *s = userdata;
1241
1242 assert(s);
1243
1244 log_info("Received SIG%s", signal_to_string(si->ssi_signo));
1245
1246 sd_event_request_quit(s->event);
1247 return 0;
1248 }
1249
1250 static int setup_signals(Server *s) {
1251 sigset_t mask;
1252 int r;
1253
1254 assert(s);
1255
1256 assert_se(sigemptyset(&mask) == 0);
1257 sigset_add_many(&mask, SIGINT, SIGTERM, SIGUSR1, SIGUSR2, -1);
1258 assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);
1259
1260 r = sd_event_add_signal(s->event, SIGUSR1, dispatch_sigusr1, s, &s->sigusr1_event_source);
1261 if (r < 0)
1262 return r;
1263
1264 r = sd_event_add_signal(s->event, SIGUSR2, dispatch_sigusr2, s, &s->sigusr2_event_source);
1265 if (r < 0)
1266 return r;
1267
1268 r = sd_event_add_signal(s->event, SIGTERM, dispatch_sigterm, s, &s->sigterm_event_source);
1269 if (r < 0)
1270 return r;
1271
1272 r = sd_event_add_signal(s->event, SIGINT, dispatch_sigterm, s, &s->sigint_event_source);
1273 if (r < 0)
1274 return r;
1275
1276 return 0;
1277 }
1278
1279 static int server_parse_proc_cmdline(Server *s) {
1280 _cleanup_free_ char *line = NULL;
1281 char *w, *state;
1282 size_t l;
1283 int r;
1284
1285 r = proc_cmdline(&line);
1286 if (r < 0)
1287 log_warning("Failed to read /proc/cmdline, ignoring: %s", strerror(-r));
1288 if (r <= 0)
1289 return 0;
1290
1291 FOREACH_WORD_QUOTED(w, l, line, state) {
1292 _cleanup_free_ char *word;
1293
1294 word = strndup(w, l);
1295 if (!word)
1296 return -ENOMEM;
1297
1298 if (startswith(word, "systemd.journald.forward_to_syslog=")) {
1299 r = parse_boolean(word + 35);
1300 if (r < 0)
1301 log_warning("Failed to parse forward to syslog switch %s. Ignoring.", word + 35);
1302 else
1303 s->forward_to_syslog = r;
1304 } else if (startswith(word, "systemd.journald.forward_to_kmsg=")) {
1305 r = parse_boolean(word + 33);
1306 if (r < 0)
1307 log_warning("Failed to parse forward to kmsg switch %s. Ignoring.", word + 33);
1308 else
1309 s->forward_to_kmsg = r;
1310 } else if (startswith(word, "systemd.journald.forward_to_console=")) {
1311 r = parse_boolean(word + 36);
1312 if (r < 0)
1313 log_warning("Failed to parse forward to console switch %s. Ignoring.", word + 36);
1314 else
1315 s->forward_to_console = r;
1316 } else if (startswith(word, "systemd.journald"))
1317 log_warning("Invalid systemd.journald parameter. Ignoring.");
1318 }
1319
1320 return 0;
1321 }
1322
1323 static int server_parse_config_file(Server *s) {
1324 static const char fn[] = "/etc/systemd/journald.conf";
1325 _cleanup_fclose_ FILE *f = NULL;
1326 int r;
1327
1328 assert(s);
1329
1330 f = fopen(fn, "re");
1331 if (!f) {
1332 if (errno == ENOENT)
1333 return 0;
1334
1335 log_warning("Failed to open configuration file %s: %m", fn);
1336 return -errno;
1337 }
1338
1339 r = config_parse(NULL, fn, f, "Journal\0", config_item_perf_lookup,
1340 (void*) journald_gperf_lookup, false, false, s);
1341 if (r < 0)
1342 log_warning("Failed to parse configuration file: %s", strerror(-r));
1343
1344 return r;
1345 }
1346
1347 static int server_dispatch_sync(sd_event_source *es, usec_t t, void *userdata) {
1348 Server *s = userdata;
1349
1350 assert(s);
1351
1352 server_sync(s);
1353 return 0;
1354 }
1355
1356 int server_schedule_sync(Server *s, int priority) {
1357 int r;
1358
1359 assert(s);
1360
1361 if (priority <= LOG_CRIT) {
1362 /* Immediately sync to disk when this is of priority CRIT, ALERT, EMERG */
1363 server_sync(s);
1364 return 0;
1365 }
1366
1367 if (s->sync_scheduled)
1368 return 0;
1369
1370 if (s->sync_interval_usec > 0) {
1371 usec_t when;
1372
1373 r = sd_event_get_now_monotonic(s->event, &when);
1374 if (r < 0)
1375 return r;
1376
1377 when += s->sync_interval_usec;
1378
1379 if (!s->sync_event_source) {
1380 r = sd_event_add_monotonic(s->event, when, 0, server_dispatch_sync, s, &s->sync_event_source);
1381 if (r < 0)
1382 return r;
1383
1384 r = sd_event_source_set_priority(s->sync_event_source, SD_EVENT_PRIORITY_IMPORTANT);
1385 } else {
1386 r = sd_event_source_set_time(s->sync_event_source, when);
1387 if (r < 0)
1388 return r;
1389
1390 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_ONESHOT);
1391 }
1392 if (r < 0)
1393 return r;
1394
1395 s->sync_scheduled = true;
1396 }
1397
1398 return 0;
1399 }
1400
1401 static int dispatch_hostname_change(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
1402 Server *s = userdata;
1403
1404 assert(s);
1405
1406 server_cache_hostname(s);
1407 return 0;
1408 }
1409
1410 static int server_open_hostname(Server *s) {
1411 int r;
1412
1413 assert(s);
1414
1415 s->hostname_fd = open("/proc/sys/kernel/hostname", O_RDONLY|O_CLOEXEC|O_NDELAY|O_NOCTTY);
1416 if (s->hostname_fd < 0) {
1417 log_error("Failed to open /proc/sys/kernel/hostname: %m");
1418 return -errno;
1419 }
1420
1421 r = sd_event_add_io(s->event, s->hostname_fd, 0, dispatch_hostname_change, s, &s->hostname_event_source);
1422 if (r < 0) {
1423 log_error("Failed to register hostname fd in event loop: %s", strerror(-r));
1424 return r;
1425 }
1426
1427 r = sd_event_source_set_priority(s->hostname_event_source, SD_EVENT_PRIORITY_IMPORTANT-10);
1428 if (r < 0) {
1429 log_error("Failed to adjust priority of host name event source: %s", strerror(-r));
1430 return r;
1431 }
1432
1433 return 0;
1434 }
1435
1436 int server_init(Server *s) {
1437 int n, r, fd;
1438
1439 assert(s);
1440
1441 zero(*s);
1442 s->syslog_fd = s->native_fd = s->stdout_fd = s->dev_kmsg_fd = s->hostname_fd = -1;
1443 s->compress = true;
1444 s->seal = true;
1445
1446 s->sync_interval_usec = DEFAULT_SYNC_INTERVAL_USEC;
1447 s->sync_scheduled = false;
1448
1449 s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL;
1450 s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST;
1451
1452 s->forward_to_syslog = true;
1453
1454 s->max_level_store = LOG_DEBUG;
1455 s->max_level_syslog = LOG_DEBUG;
1456 s->max_level_kmsg = LOG_NOTICE;
1457 s->max_level_console = LOG_INFO;
1458
1459 memset(&s->system_metrics, 0xFF, sizeof(s->system_metrics));
1460 memset(&s->runtime_metrics, 0xFF, sizeof(s->runtime_metrics));
1461
1462 server_parse_config_file(s);
1463 server_parse_proc_cmdline(s);
1464 if (!!s->rate_limit_interval ^ !!s->rate_limit_burst) {
1465 log_debug("Setting both rate limit interval and burst from %llu,%u to 0,0",
1466 (long long unsigned) s->rate_limit_interval,
1467 s->rate_limit_burst);
1468 s->rate_limit_interval = s->rate_limit_burst = 0;
1469 }
1470
1471 mkdir_p("/run/systemd/journal", 0755);
1472
1473 s->user_journals = hashmap_new(trivial_hash_func, trivial_compare_func);
1474 if (!s->user_journals)
1475 return log_oom();
1476
1477 s->mmap = mmap_cache_new();
1478 if (!s->mmap)
1479 return log_oom();
1480
1481 r = sd_event_default(&s->event);
1482 if (r < 0) {
1483 log_error("Failed to create event loop: %s", strerror(-r));
1484 return r;
1485 }
1486
1487 sd_event_set_watchdog(s->event, true);
1488
1489 n = sd_listen_fds(true);
1490 if (n < 0) {
1491 log_error("Failed to read listening file descriptors from environment: %s", strerror(-n));
1492 return n;
1493 }
1494
1495 for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
1496
1497 if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/socket", 0) > 0) {
1498
1499 if (s->native_fd >= 0) {
1500 log_error("Too many native sockets passed.");
1501 return -EINVAL;
1502 }
1503
1504 s->native_fd = fd;
1505
1506 } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, "/run/systemd/journal/stdout", 0) > 0) {
1507
1508 if (s->stdout_fd >= 0) {
1509 log_error("Too many stdout sockets passed.");
1510 return -EINVAL;
1511 }
1512
1513 s->stdout_fd = fd;
1514
1515 } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0) {
1516
1517 if (s->syslog_fd >= 0) {
1518 log_error("Too many /dev/log sockets passed.");
1519 return -EINVAL;
1520 }
1521
1522 s->syslog_fd = fd;
1523
1524 } else {
1525 log_error("Unknown socket passed.");
1526 return -EINVAL;
1527 }
1528 }
1529
1530 r = server_open_syslog_socket(s);
1531 if (r < 0)
1532 return r;
1533
1534 r = server_open_native_socket(s);
1535 if (r < 0)
1536 return r;
1537
1538 r = server_open_stdout_socket(s);
1539 if (r < 0)
1540 return r;
1541
1542 r = server_open_dev_kmsg(s);
1543 if (r < 0)
1544 return r;
1545
1546 r = server_open_kernel_seqnum(s);
1547 if (r < 0)
1548 return r;
1549
1550 r = server_open_hostname(s);
1551 if (r < 0)
1552 return r;
1553
1554 r = setup_signals(s);
1555 if (r < 0)
1556 return r;
1557
1558 s->udev = udev_new();
1559 if (!s->udev)
1560 return -ENOMEM;
1561
1562 s->rate_limit = journal_rate_limit_new(s->rate_limit_interval, s->rate_limit_burst);
1563 if (!s->rate_limit)
1564 return -ENOMEM;
1565
1566 r = cg_get_root_path(&s->cgroup_root);
1567 if (r < 0)
1568 return r;
1569
1570 server_cache_hostname(s);
1571 server_cache_boot_id(s);
1572 server_cache_machine_id(s);
1573
1574 r = system_journal_open(s);
1575 if (r < 0)
1576 return r;
1577
1578 return 0;
1579 }
1580
1581 void server_maybe_append_tags(Server *s) {
1582 #ifdef HAVE_GCRYPT
1583 JournalFile *f;
1584 Iterator i;
1585 usec_t n;
1586
1587 n = now(CLOCK_REALTIME);
1588
1589 if (s->system_journal)
1590 journal_file_maybe_append_tag(s->system_journal, n);
1591
1592 HASHMAP_FOREACH(f, s->user_journals, i)
1593 journal_file_maybe_append_tag(f, n);
1594 #endif
1595 }
1596
1597 void server_done(Server *s) {
1598 JournalFile *f;
1599 assert(s);
1600
1601 while (s->stdout_streams)
1602 stdout_stream_free(s->stdout_streams);
1603
1604 if (s->system_journal)
1605 journal_file_close(s->system_journal);
1606
1607 if (s->runtime_journal)
1608 journal_file_close(s->runtime_journal);
1609
1610 while ((f = hashmap_steal_first(s->user_journals)))
1611 journal_file_close(f);
1612
1613 hashmap_free(s->user_journals);
1614
1615 sd_event_source_unref(s->syslog_event_source);
1616 sd_event_source_unref(s->native_event_source);
1617 sd_event_source_unref(s->stdout_event_source);
1618 sd_event_source_unref(s->dev_kmsg_event_source);
1619 sd_event_source_unref(s->sync_event_source);
1620 sd_event_source_unref(s->sigusr1_event_source);
1621 sd_event_source_unref(s->sigusr2_event_source);
1622 sd_event_source_unref(s->sigterm_event_source);
1623 sd_event_source_unref(s->sigint_event_source);
1624 sd_event_source_unref(s->hostname_event_source);
1625 sd_event_unref(s->event);
1626
1627 if (s->syslog_fd >= 0)
1628 close_nointr_nofail(s->syslog_fd);
1629
1630 if (s->native_fd >= 0)
1631 close_nointr_nofail(s->native_fd);
1632
1633 if (s->stdout_fd >= 0)
1634 close_nointr_nofail(s->stdout_fd);
1635
1636 if (s->dev_kmsg_fd >= 0)
1637 close_nointr_nofail(s->dev_kmsg_fd);
1638
1639 if (s->hostname_fd >= 0)
1640 close_nointr_nofail(s->hostname_fd);
1641
1642 if (s->rate_limit)
1643 journal_rate_limit_free(s->rate_limit);
1644
1645 if (s->kernel_seqnum)
1646 munmap(s->kernel_seqnum, sizeof(uint64_t));
1647
1648 free(s->buffer);
1649 free(s->tty_path);
1650 free(s->cgroup_root);
1651
1652 if (s->mmap)
1653 mmap_cache_unref(s->mmap);
1654
1655 if (s->udev)
1656 udev_unref(s->udev);
1657 }
Unnamed repository; edit this file 'description' to name the repository.