[thirdparty/systemd.git] / src / journal / coredump.c

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

/***
  This file is part of systemd.

  Copyright 2012 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <errno.h>
#include <unistd.h>
#include <stdio.h>
#include <sys/prctl.h>
#include <sys/types.h>
#include <sys/xattr.h>

#include <systemd/sd-journal.h>
#include <systemd/sd-login.h>

#include "log.h"
#include "util.h"
#include "macro.h"
#include "mkdir.h"
#include "special.h"
#include "cgroup-util.h"
#include "journald-native.h"
#include "conf-parser.h"
#include "copy.h"
#include "stacktrace.h"
#include "path-util.h"

#ifdef HAVE_ACL
#include <sys/acl.h>
#include "acl-util.h"
#endif

/* The maximum size up to which we process coredumps */
#define PROCESS_SIZE_MAX ((off_t) (2LLU*1024LLU*1024LLU*1024LLU))

/* The maximum size up to which we leave the coredump around on
 * disk */
#define EXTERNAL_SIZE_MAX PROCESS_SIZE_MAX

/* The maximum size up to which we store the coredump in the
 * journal */
#define JOURNAL_SIZE_MAX ((size_t) (767LU*1024LU*1024LU))

/* Make sure to not make this larger than the maximum journal entry
 * size. See ENTRY_SIZE_MAX in journald-native.c. */
assert_cc(JOURNAL_SIZE_MAX <= ENTRY_SIZE_MAX);

enum {
        ARG_PID = 1,
        ARG_UID,
        ARG_GID,
        ARG_SIGNAL,
        ARG_TIMESTAMP,
        ARG_COMM,
        _ARG_MAX
};

typedef enum CoredumpStorage {
        COREDUMP_STORAGE_NONE,
        COREDUMP_STORAGE_EXTERNAL,
        COREDUMP_STORAGE_JOURNAL,
        COREDUMP_STORAGE_BOTH,
        _COREDUMP_STORAGE_MAX,
        _COREDUMP_STORAGE_INVALID = -1
} CoredumpStorage;

static CoredumpStorage arg_storage = COREDUMP_STORAGE_EXTERNAL;
static off_t arg_process_size_max = PROCESS_SIZE_MAX;
static off_t arg_external_size_max = EXTERNAL_SIZE_MAX;
static size_t arg_journal_size_max = JOURNAL_SIZE_MAX;

static const char* const coredump_storage_table[_COREDUMP_STORAGE_MAX] = {
        [COREDUMP_STORAGE_NONE] = "none",
        [COREDUMP_STORAGE_EXTERNAL] = "external",
        [COREDUMP_STORAGE_JOURNAL] = "journal",
        [COREDUMP_STORAGE_BOTH] = "both",
};

DEFINE_PRIVATE_STRING_TABLE_LOOKUP(coredump_storage, CoredumpStorage);
static DEFINE_CONFIG_PARSE_ENUM(config_parse_coredump_storage, coredump_storage, CoredumpStorage, "Failed to parse storage setting");

static int parse_config(void) {

        static const ConfigTableItem items[] = {
                { "Coredump", "ProcessSizeMax",  config_parse_iec_off,           0, &arg_process_size_max  },
                { "Coredump", "ExternalSizeMax", config_parse_iec_off,           0, &arg_external_size_max },
                { "Coredump", "JournalSizeMax",  config_parse_iec_size,          0, &arg_journal_size_max  },
                { "Coredump", "Storage",         config_parse_coredump_storage,  0, &arg_storage           },
                {}
        };

        return config_parse(
                        NULL,
                        "/etc/systemd/coredump.conf",
                        NULL,
                        "Coredump\0",
                        config_item_table_lookup,
                        (void*) items,
                        false,
                        false,
                        NULL);
}

static int fix_acl(int fd, uid_t uid) {

#ifdef HAVE_ACL
        _cleanup_(acl_freep) acl_t acl = NULL;
        acl_entry_t entry;
        acl_permset_t permset;

        if (uid <= SYSTEM_UID_MAX)
                return 0;

        /* Make sure normal users can read (but not write or delete)
         * their own coredumps */

        acl = acl_get_fd(fd);
        if (!acl) {
                log_error("Failed to get ACL: %m");
                return -errno;
        }

        if (acl_create_entry(&acl, &entry) < 0 ||
            acl_set_tag_type(entry, ACL_USER) < 0 ||
            acl_set_qualifier(entry, &uid) < 0) {
                log_error("Failed to patch ACL: %m");
                return -errno;
        }

        if (acl_get_permset(entry, &permset) < 0 ||
            acl_add_perm(permset, ACL_READ) < 0 ||
            calc_acl_mask_if_needed(&acl) < 0) {
                log_warning("Failed to patch ACL: %m");
                return -errno;
        }

        if (acl_set_fd(fd, acl) < 0) {
                log_error("Failed to apply ACL: %m");
                return -errno;
        }
#endif

        return 0;
}

static int fix_xattr(int fd, char *argv[]) {

        static const char * const xattrs[_ARG_MAX] = {
                [ARG_PID] = "user.coredump.pid",
                [ARG_UID] = "user.coredump.uid",
                [ARG_GID] = "user.coredump.gid",
                [ARG_SIGNAL] = "user.coredump.signal",
                [ARG_TIMESTAMP] = "user.coredump.timestamp",
                [ARG_COMM] = "user.coredump.comm",
        };

        int r = 0;
        unsigned i;

        /* Attach some metadate to coredumps via extended
         * attributes. Just because we can. */

        for (i = 0; i < _ARG_MAX; i++) {
                if (isempty(argv[i]))
                        continue;

                if (fsetxattr(fd, xattrs[i], argv[i], strlen(argv[i]), XATTR_CREATE) < 0)
                        r = -errno;
        }

        return r;
}

#define filename_escape(s) xescape((s), "./ ")

static int save_external_coredump(char **argv, uid_t uid, char **ret_filename, int *ret_fd, off_t *ret_size) {
        _cleanup_free_ char *p = NULL, *t = NULL, *c = NULL, *fn = NULL, *tmp = NULL;
        _cleanup_close_ int fd = -1;
        sd_id128_t boot;
        struct stat st;
        int r;

        assert(argv);
        assert(ret_filename);
        assert(ret_fd);
        assert(ret_size);

        c = filename_escape(argv[ARG_COMM]);
        if (!c)
                return log_oom();

        p = filename_escape(argv[ARG_PID]);
        if (!p)
                return log_oom();

        t = filename_escape(argv[ARG_TIMESTAMP]);
        if (!t)
                return log_oom();

        r = sd_id128_get_boot(&boot);
        if (r < 0) {
                log_error("Failed to determine boot ID: %s", strerror(-r));
                return r;
        }

        r = asprintf(&fn,
                     "/var/lib/systemd/coredump/core.%s." SD_ID128_FORMAT_STR ".%s.%s000000",
                     c,
                     SD_ID128_FORMAT_VAL(boot),
                     p,
                     t);
        if (r < 0)
                return log_oom();

        tmp = tempfn_random(fn);
        if (!tmp)
                return log_oom();

        mkdir_p_label("/var/lib/systemd/coredump", 0755);

        fd = open(tmp, O_CREAT|O_EXCL|O_RDWR|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0640);
        if (fd < 0) {
                log_error("Failed to create coredump file: %m");
                return -errno;
        }

        r = copy_bytes(STDIN_FILENO, fd);
        if (r < 0) {
                log_error("Failed to dump coredump to file: %s", strerror(-r));
                goto fail;
        }

        /* Ignore errors on these */
        fchmod(fd, 0640);
        fix_acl(fd, uid);
        fix_xattr(fd, argv);

        if (fsync(fd) < 0) {
                log_error("Failed to sync coredump: %m");
                r = -errno;
                goto fail;
        }

        if (fstat(fd, &st) < 0) {
                log_error("Failed to fstat coredump: %m");
                r = -errno;
                goto fail;
        }

        if (rename(tmp, fn) < 0) {
                log_error("Failed to rename coredump: %m");
                r = -errno;
                goto fail;
        }

        *ret_filename = fn;
        *ret_fd = fd;
        *ret_size = st.st_size;

        fn = NULL;
        fd = -1;

        return 0;

fail:
        unlink_noerrno(tmp);
        return r;
}

static int allocate_journal_field(int fd, size_t size, char **ret, size_t *ret_size) {
        _cleanup_free_ char *field = NULL;
        ssize_t n;

        assert(fd >= 0);
        assert(ret);
        assert(ret_size);

        if (lseek(fd, 0, SEEK_SET) == (off_t) -1) {
                log_warning("Failed to seek: %m");
                return -errno;
        }

        field = malloc(9 + size);
        if (!field) {
                log_warning("Failed to allocate memory fore coredump, coredump will not be stored.");
                return -ENOMEM;
        }

        memcpy(field, "COREDUMP=", 9);

        n = read(fd, field + 9, size);
        if (n < 0) {
                log_error("Failed to read core data: %s", strerror(-n));
                return (int) n;
        }
        if ((size_t) n < size) {
                log_error("Core data too short.");
                return -EIO;
        }

        *ret = field;
        *ret_size = size + 9;

        field = NULL;

        return 0;
}

static int maybe_remove_external_coredump(const char *filename, off_t size) {

        if (!filename)
                return 0;

        if (IN_SET(arg_storage, COREDUMP_STORAGE_EXTERNAL, COREDUMP_STORAGE_BOTH) &&
            size <= arg_external_size_max)
                return 0;

        if (unlink(filename) < 0) {
                log_error("Failed to unlink %s: %m", filename);
                return -errno;
        }

        return 0;
}

int main(int argc, char* argv[]) {

        _cleanup_free_ char *core_pid = NULL, *core_uid = NULL, *core_gid = NULL, *core_signal = NULL,
                *core_timestamp = NULL, *core_comm = NULL, *core_exe = NULL, *core_unit = NULL,
                *core_session = NULL, *core_message = NULL, *core_cmdline = NULL, *coredump_data = NULL,
                *coredump_filename = NULL, *core_slice = NULL, *core_cgroup = NULL, *core_owner_uid = NULL,
                *exe = NULL;

        _cleanup_close_ int coredump_fd = -1;

        struct iovec iovec[17];
        off_t coredump_size;
        int r, j = 0;
        uid_t uid, owner_uid;
        gid_t gid;
        pid_t pid;
        char *t;

        /* Make sure we never enter a loop */
        prctl(PR_SET_DUMPABLE, 0);

        /* First, log to a safe place, since we don't know what
         * crashed and it might be journald which we'd rather not log
         * to then. */
        log_set_target(LOG_TARGET_KMSG);
        log_open();

        if (argc != _ARG_MAX) {
                log_error("Invalid number of arguments passed from kernel.");
                r = -EINVAL;
                goto finish;
        }

        /* Ignore all parse errors */
        parse_config();
        log_debug("Selected storage '%s'.", coredump_storage_to_string(arg_storage));

        /* Exit early if we cannot write the coredump to disk anyway */
        if (path_is_read_only_fs("/var/lib") != 0) {
                log_error("Coredump directory not mounted or not writable, skipping coredump.");
                r = -EROFS;
                goto finish;
        }

        r = parse_uid(argv[ARG_UID], &uid);
        if (r < 0) {
                log_error("Failed to parse UID.");
                goto finish;
        }

        r = parse_pid(argv[ARG_PID], &pid);
        if (r < 0) {
                log_error("Failed to parse PID.");
                goto finish;
        }

        r = parse_gid(argv[ARG_GID], &gid);
        if (r < 0) {
                log_error("Failed to parse GID.");
                goto finish;
        }

        if (cg_pid_get_unit(pid, &t) >= 0) {

                if (streq(t, SPECIAL_JOURNALD_SERVICE)) {

                        /* If we are journald, we cut things short,
                         * don't write to the journal, but still
                         * create a coredump. */

                        if (arg_storage != COREDUMP_STORAGE_NONE)
                                arg_storage = COREDUMP_STORAGE_EXTERNAL;

                        r = save_external_coredump(argv, uid, &coredump_filename, &coredump_fd, &coredump_size);
                        if (r < 0)
                                goto finish;

                        r = maybe_remove_external_coredump(coredump_filename, coredump_size);
                        if (r < 0)
                                goto finish;

                        log_info("Detected coredump of the journal daemon itself, diverted to %s.", coredump_filename);
                        goto finish;
                }

                core_unit = strappend("COREDUMP_UNIT=", t);
        } else if (cg_pid_get_user_unit(pid, &t) >= 0)
                core_unit = strappend("COREDUMP_USER_UNIT=", t);

        if (core_unit)
                IOVEC_SET_STRING(iovec[j++], core_unit);

        /* OK, now we know it's not the journal, hence we can make use
         * of it now. */
        log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
        log_open();

        core_pid = strappend("COREDUMP_PID=", argv[ARG_PID]);
        if (core_pid)
                IOVEC_SET_STRING(iovec[j++], core_pid);

        core_uid = strappend("COREDUMP_UID=", argv[ARG_UID]);
        if (core_uid)
                IOVEC_SET_STRING(iovec[j++], core_uid);

        core_gid = strappend("COREDUMP_GID=", argv[ARG_GID]);
        if (core_gid)
                IOVEC_SET_STRING(iovec[j++], core_gid);

        core_signal = strappend("COREDUMP_SIGNAL=", argv[ARG_SIGNAL]);
        if (core_signal)
                IOVEC_SET_STRING(iovec[j++], core_signal);

        core_comm = strappend("COREDUMP_COMM=", argv[ARG_COMM]);
        if (core_comm)
                IOVEC_SET_STRING(iovec[j++], core_comm);

        if (sd_pid_get_session(pid, &t) >= 0) {
                core_session = strappend("COREDUMP_SESSION=", t);
                free(t);

                if (core_session)
                        IOVEC_SET_STRING(iovec[j++], core_session);
        }

        if (sd_pid_get_owner_uid(pid, &owner_uid) >= 0) {
                asprintf(&core_owner_uid, "COREDUMP_OWNER_UID=" UID_FMT, owner_uid);

                if (core_owner_uid)
                        IOVEC_SET_STRING(iovec[j++], core_owner_uid);
        }

        if (sd_pid_get_slice(pid, &t) >= 0) {
                core_slice = strappend("COREDUMP_SLICE=", t);
                free(t);

                if (core_slice)
                        IOVEC_SET_STRING(iovec[j++], core_slice);
        }

        if (get_process_exe(pid, &exe) >= 0) {
                core_exe = strappend("COREDUMP_EXE=", exe);
                if (core_exe)
                        IOVEC_SET_STRING(iovec[j++], core_exe);
        }

        if (get_process_cmdline(pid, 0, false, &t) >= 0) {
                core_cmdline = strappend("COREDUMP_CMDLINE=", t);
                free(t);

                if (core_cmdline)
                        IOVEC_SET_STRING(iovec[j++], core_cmdline);
        }

        if (cg_pid_get_path_shifted(pid, NULL, &t) >= 0) {
                core_cgroup = strappend("COREDUMP_CGROUP=", t);
                free(t);

                if (core_cgroup)
                        IOVEC_SET_STRING(iovec[j++], core_cgroup);
        }

        core_timestamp = strjoin("COREDUMP_TIMESTAMP=", argv[ARG_TIMESTAMP], "000000", NULL);
        if (core_timestamp)
                IOVEC_SET_STRING(iovec[j++], core_timestamp);

        IOVEC_SET_STRING(iovec[j++], "MESSAGE_ID=fc2e22bc6ee647b6b90729ab34a250b1");
        IOVEC_SET_STRING(iovec[j++], "PRIORITY=2");

        /* Always stream the coredump to disk, if that's possible */
        r = save_external_coredump(argv, uid, &coredump_filename, &coredump_fd, &coredump_size);
        if (r < 0)
                goto finish;

        /* If we don't want to keep the coredump on disk, remove it
         * now, as later on we will lack the privileges for
         * it. However, we keep the fd to it, so that we can still
         * process it and log it. */
        r = maybe_remove_external_coredump(coredump_filename, coredump_size);
        if (r < 0)
                goto finish;

        /* Now, let's drop privileges to become the user who owns the
         * segfaulted process and allocate the coredump memory under
         * his uid. This also ensures that the credentials journald
         * will see are the ones of the coredumping user, thus making
         * sure the user himself gets access to the core dump. */
        if (setresgid(gid, gid, gid) < 0 ||
            setresuid(uid, uid, uid) < 0) {
                log_error("Failed to drop privileges: %m");
                r = -errno;
                goto finish;
        }

#ifdef HAVE_ELFUTILS
        /* Try to get a strack trace if we can */
        if (coredump_size <= arg_process_size_max) {
                _cleanup_free_ char *stacktrace = NULL;

                r = coredump_make_stack_trace(coredump_fd, exe, &stacktrace);
                if (r >= 0)
                        core_message = strjoin("MESSAGE=Process ", argv[ARG_PID], " (", argv[ARG_COMM], ") of user ", argv[ARG_UID], " dumped core.\n\n", stacktrace, NULL);
                else
                        log_warning("Failed to generate stack trace: %s", strerror(-r));
        }

        if (!core_message)
#endif
        core_message = strjoin("MESSAGE=Process ", argv[ARG_PID], " (", argv[ARG_COMM], ") of user ", argv[ARG_UID], " dumped core.", NULL);
        if (core_message)
                IOVEC_SET_STRING(iovec[j++], core_message);

        /* Optionally store the entire coredump in the journal */
        if (IN_SET(arg_storage, COREDUMP_STORAGE_JOURNAL, COREDUMP_STORAGE_BOTH) &&
            coredump_size <= (off_t) arg_journal_size_max) {
                size_t sz;

                /* Store the coredump itself in the journal */

                r = allocate_journal_field(coredump_fd, (size_t) coredump_size, &coredump_data, &sz);
                if (r >= 0) {
                        iovec[j].iov_base = coredump_data;
                        iovec[j].iov_len = sz;
                        j++;
                }
        }

        r = sd_journal_sendv(iovec, j);
        if (r < 0)
                log_error("Failed to log coredump: %s", strerror(-r));

finish:
        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}
Commit	Line	Data
f5e04665 LP	1	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/
	2
	3	/***
	4	This file is part of systemd.
	5
	6	Copyright 2012 Lennart Poettering
	7
	8	systemd is free software; you can redistribute it and/or modify it
5430f7f2 LP	9	under the terms of the GNU Lesser General Public License as published by
5430f7f2 LP	10	the Free Software Foundation; either version 2.1 of the License, or
f5e04665 LP	11	(at your option) any later version.
	12
	13	systemd is distributed in the hope that it will be useful, but
	14	WITHOUT ANY WARRANTY; without even the implied warranty of
	15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2	16	Lesser General Public License for more details.
f5e04665	17
5430f7f2	18	You should have received a copy of the GNU Lesser General Public License
f5e04665 LP	19	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	20	***/
	21
	22	#include <errno.h>
	23	#include <unistd.h>
803a3464 LP	24	#include <stdio.h>
803a3464 LP	25	#include <sys/prctl.h>
34c10968	26	#include <sys/types.h>
cacd6403	27	#include <sys/xattr.h>
f5e04665 LP	28
	29	#include <systemd/sd-journal.h>
	30	#include <systemd/sd-login.h>
	31
	32	#include "log.h"
	33	#include "util.h"
b7f7c685	34	#include "macro.h"
49e942b2	35	#include "mkdir.h"
803a3464	36	#include "special.h"
ba1261bc	37	#include "cgroup-util.h"
d18d46ec	38	#include "journald-native.h"
34c10968 LP	39	#include "conf-parser.h"
34c10968 LP	40	#include "copy.h"
8d4e028f	41	#include "stacktrace.h"
6388c315	42	#include "path-util.h"
34c10968 LP	43
	44	#ifdef HAVE_ACL
	45	#include <sys/acl.h>
	46	#include "acl-util.h"
	47	#endif
	48
	49	/* The maximum size up to which we process coredumps */
	50	#define PROCESS_SIZE_MAX ((off_t) (2LLU1024LLU1024LLU*1024LLU))
	51
	52	/* The maximum size up to which we leave the coredump around on
	53	* disk */
	54	#define EXTERNAL_SIZE_MAX PROCESS_SIZE_MAX
	55
	56	/* The maximum size up to which we store the coredump in the
	57	* journal */
	58	#define JOURNAL_SIZE_MAX ((size_t) (767LU1024LU1024LU))
f5e04665	59
c4aa09b0 LP	60	/* Make sure to not make this larger than the maximum journal entry
c4aa09b0 LP	61	* size. See ENTRY_SIZE_MAX in journald-native.c. */
34c10968	62	assert_cc(JOURNAL_SIZE_MAX <= ENTRY_SIZE_MAX);
f5e04665 LP	63
	64	enum {
	65	ARG_PID = 1,
	66	ARG_UID,
	67	ARG_GID,
	68	ARG_SIGNAL,
	69	ARG_TIMESTAMP,
	70	ARG_COMM,
	71	_ARG_MAX
	72	};
	73
34c10968 LP	74	typedef enum CoredumpStorage {
	75	COREDUMP_STORAGE_NONE,
	76	COREDUMP_STORAGE_EXTERNAL,
	77	COREDUMP_STORAGE_JOURNAL,
	78	COREDUMP_STORAGE_BOTH,
	79	_COREDUMP_STORAGE_MAX,
	80	_COREDUMP_STORAGE_INVALID = -1
	81	} CoredumpStorage;
	82
	83	static CoredumpStorage arg_storage = COREDUMP_STORAGE_EXTERNAL;
	84	static off_t arg_process_size_max = PROCESS_SIZE_MAX;
	85	static off_t arg_external_size_max = EXTERNAL_SIZE_MAX;
	86	static size_t arg_journal_size_max = JOURNAL_SIZE_MAX;
	87
	88	static const char* const coredump_storage_table[_COREDUMP_STORAGE_MAX] = {
	89	[COREDUMP_STORAGE_NONE] = "none",
	90	[COREDUMP_STORAGE_EXTERNAL] = "external",
	91	[COREDUMP_STORAGE_JOURNAL] = "journal",
	92	[COREDUMP_STORAGE_BOTH] = "both",
	93	};
	94
	95	DEFINE_PRIVATE_STRING_TABLE_LOOKUP(coredump_storage, CoredumpStorage);
	96	static DEFINE_CONFIG_PARSE_ENUM(config_parse_coredump_storage, coredump_storage, CoredumpStorage, "Failed to parse storage setting");
	97
	98	static int parse_config(void) {
	99
	100	static const ConfigTableItem items[] = {
	101	{ "Coredump", "ProcessSizeMax", config_parse_iec_off, 0, &arg_process_size_max },
	102	{ "Coredump", "ExternalSizeMax", config_parse_iec_off, 0, &arg_external_size_max },
	103	{ "Coredump", "JournalSizeMax", config_parse_iec_size, 0, &arg_journal_size_max },
	104	{ "Coredump", "Storage", config_parse_coredump_storage, 0, &arg_storage },
	105	{}
	106	};
	107
	108	return config_parse(
	109	NULL,
	110	"/etc/systemd/coredump.conf",
	111	NULL,
	112	"Coredump\0",
	113	config_item_table_lookup,
	114	(void*) items,
	115	false,
	116	false,
	117	NULL);
	118	}
	119
	120	static int fix_acl(int fd, uid_t uid) {
	121
	122	#ifdef HAVE_ACL
	123	_cleanup_(acl_freep) acl_t acl = NULL;
	124	acl_entry_t entry;
	125	acl_permset_t permset;
	126
	127	if (uid <= SYSTEM_UID_MAX)
	128	return 0;
	129
	130	/* Make sure normal users can read (but not write or delete)
	131	* their own coredumps */
	132
	133	acl = acl_get_fd(fd);
	134	if (!acl) {
	135	log_error("Failed to get ACL: %m");
	136	return -errno;
	137	}
138
139	if (acl_create_entry(&acl, &entry) < 0 \|\|
140	acl_set_tag_type(entry, ACL_USER) < 0 \|\|
141	acl_set_qualifier(entry, &uid) < 0) {
142	log_error("Failed to patch ACL: %m");
143	return -errno;
144	}
145
146	if (acl_get_permset(entry, &permset) < 0 \|\|
147	acl_add_perm(permset, ACL_READ) < 0 \|\|
148	calc_acl_mask_if_needed(&acl) < 0) {
149	log_warning("Failed to patch ACL: %m");
150	return -errno;
151	}
152
153	if (acl_set_fd(fd, acl) < 0) {
154	log_error("Failed to apply ACL: %m");
155	return -errno;
156	}
157	#endif
158
159	return 0;
160	}
161
162	static int fix_xattr(int fd, char *argv[]) {
0cd77f97 LP	163
	164	static const char * const xattrs[_ARG_MAX] = {
	165	[ARG_PID] = "user.coredump.pid",
	166	[ARG_UID] = "user.coredump.uid",
	167	[ARG_GID] = "user.coredump.gid",
	168	[ARG_SIGNAL] = "user.coredump.signal",
	169	[ARG_TIMESTAMP] = "user.coredump.timestamp",
	170	[ARG_COMM] = "user.coredump.comm",
	171	};
	172
34c10968	173	int r = 0;
0cd77f97	174	unsigned i;
34c10968 LP	175
	176	/* Attach some metadate to coredumps via extended
	177	* attributes. Just because we can. */
	178
0cd77f97 LP	179	for (i = 0; i < _ARG_MAX; i++) {
	180	if (isempty(argv[i]))
	181	continue;
34c10968	182
0cd77f97	183	if (fsetxattr(fd, xattrs[i], argv[i], strlen(argv[i]), XATTR_CREATE) < 0)
34c10968	184	r = -errno;
0cd77f97	185	}
34c10968 LP	186
	187	return r;
	188	}
	189
b0b21dce	190	#define filename_escape(s) xescape((s), "./ ")
34c10968 LP	191
	192	static int save_external_coredump(char argv, uid_t uid, char ret_filename, int ret_fd, off_t ret_size) {
	193	_cleanup_free_ char p = NULL, t = NULL, c = NULL, fn = NULL, *tmp = NULL;
	194	_cleanup_close_ int fd = -1;
	195	sd_id128_t boot;
	196	struct stat st;
	197	int r;
	198
	199	assert(argv);
	200	assert(ret_filename);
	201	assert(ret_fd);
	202	assert(ret_size);
	203
	204	c = filename_escape(argv[ARG_COMM]);
	205	if (!c)
	206	return log_oom();
	207
	208	p = filename_escape(argv[ARG_PID]);
	209	if (!p)
	210	return log_oom();
	211
	212	t = filename_escape(argv[ARG_TIMESTAMP]);
	213	if (!t)
	214	return log_oom();
	215
	216	r = sd_id128_get_boot(&boot);
	217	if (r < 0) {
	218	log_error("Failed to determine boot ID: %s", strerror(-r));
	219	return r;
	220	}
	221
	222	r = asprintf(&fn,
	223	"/var/lib/systemd/coredump/core.%s." SD_ID128_FORMAT_STR ".%s.%s000000",
	224	c,
	225	SD_ID128_FORMAT_VAL(boot),
	226	p,
	227	t);
	228	if (r < 0)
	229	return log_oom();
	230
	231	tmp = tempfn_random(fn);
	232	if (!tmp)
	233	return log_oom();
803a3464	234
d2e54fae	235	mkdir_p_label("/var/lib/systemd/coredump", 0755);
803a3464	236
34c10968 LP	237	fd = open(tmp, O_CREAT\|O_EXCL\|O_RDWR\|O_CLOEXEC\|O_NOCTTY\|O_NOFOLLOW, 0640);
34c10968 LP	238	if (fd < 0) {
803a3464 LP	239	log_error("Failed to create coredump file: %m");
	240	return -errno;
	241	}
	242
34c10968 LP	243	r = copy_bytes(STDIN_FILENO, fd);
	244	if (r < 0) {
	245	log_error("Failed to dump coredump to file: %s", strerror(-r));
	246	goto fail;
	247	}
803a3464	248
34c10968 LP	249	/* Ignore errors on these */
	250	fchmod(fd, 0640);
	251	fix_acl(fd, uid);
	252	fix_xattr(fd, argv);
803a3464	253
34c10968 LP	254	if (fsync(fd) < 0) {
	255	log_error("Failed to sync coredump: %m");
	256	r = -errno;
	257	goto fail;
	258	}
803a3464	259
34c10968 LP	260	if (fstat(fd, &st) < 0) {
	261	log_error("Failed to fstat coredump: %m");
	262	r = -errno;
	263	goto fail;
	264	}
	265
	266	if (rename(tmp, fn) < 0) {
	267	log_error("Failed to rename coredump: %m");
	268	r = -errno;
	269	goto fail;
	270	}
	271
	272	*ret_filename = fn;
	273	*ret_fd = fd;
	274	*ret_size = st.st_size;
	275
	276	fn = NULL;
	277	fd = -1;
	278
	279	return 0;
	280
	281	fail:
	282	unlink_noerrno(tmp);
	283	return r;
	284	}
	285
	286	static int allocate_journal_field(int fd, size_t size, char *ret, size_t ret_size) {
	287	_cleanup_free_ char *field = NULL;
	288	ssize_t n;
	289
8d4e028f	290	assert(fd >= 0);
34c10968 LP	291	assert(ret);
	292	assert(ret_size);
	293
	294	if (lseek(fd, 0, SEEK_SET) == (off_t) -1) {
	295	log_warning("Failed to seek: %m");
	296	return -errno;
803a3464 LP	297	}
803a3464 LP	298
34c10968 LP	299	field = malloc(9 + size);
	300	if (!field) {
	301	log_warning("Failed to allocate memory fore coredump, coredump will not be stored.");
	302	return -ENOMEM;
	303	}
	304
	305	memcpy(field, "COREDUMP=", 9);
	306
	307	n = read(fd, field + 9, size);
	308	if (n < 0) {
	309	log_error("Failed to read core data: %s", strerror(-n));
	310	return (int) n;
	311	}
	312	if ((size_t) n < size) {
	313	log_error("Core data too short.");
	314	return -EIO;
	315	}
	316
	317	*ret = field;
	318	*ret_size = size + 9;
	319
	320	field = NULL;
	321
	322	return 0;
	323	}
803a3464	324
34c10968 LP	325	static int maybe_remove_external_coredump(const char *filename, off_t size) {
	326
	327	if (!filename)
	328	return 0;
	329
	330	if (IN_SET(arg_storage, COREDUMP_STORAGE_EXTERNAL, COREDUMP_STORAGE_BOTH) &&
	331	size <= arg_external_size_max)
	332	return 0;
	333
	334	if (unlink(filename) < 0) {
	335	log_error("Failed to unlink %s: %m", filename);
b7f7c685	336	return -errno;
803a3464 LP	337	}
803a3464 LP	338
b7f7c685	339	return 0;
803a3464 LP	340	}
803a3464 LP	341
f5e04665	342	int main(int argc, char* argv[]) {
34c10968 LP	343
	344	_cleanup_free_ char core_pid = NULL, core_uid = NULL, core_gid = NULL, core_signal = NULL,
	345	core_timestamp = NULL, core_comm = NULL, core_exe = NULL, core_unit = NULL,
	346	core_session = NULL, core_message = NULL, core_cmdline = NULL, coredump_data = NULL,
8d4e028f LP	347	coredump_filename = NULL, core_slice = NULL, core_cgroup = NULL, core_owner_uid = NULL,
8d4e028f LP	348	*exe = NULL;
34c10968 LP	349
	350	_cleanup_close_ int coredump_fd = -1;
	351
a035f819	352	struct iovec iovec[17];
34c10968	353	off_t coredump_size;
f5e04665	354	int r, j = 0;
a035f819	355	uid_t uid, owner_uid;
fee80f69	356	gid_t gid;
a035f819	357	pid_t pid;
34c10968	358	char *t;
f5e04665	359
34c10968	360	/* Make sure we never enter a loop */
803a3464	361	prctl(PR_SET_DUMPABLE, 0);
f5e04665	362
34c10968 LP	363	/* First, log to a safe place, since we don't know what
	364	* crashed and it might be journald which we'd rather not log
	365	* to then. */
	366	log_set_target(LOG_TARGET_KMSG);
34c10968	367	log_open();
803a3464	368
34c10968	369	if (argc != _ARG_MAX) {
f5e04665 LP	370	log_error("Invalid number of arguments passed from kernel.");
	371	r = -EINVAL;
	372	goto finish;
	373	}
	374
34c10968 LP	375	/* Ignore all parse errors */
	376	parse_config();
	377	log_debug("Selected storage '%s'.", coredump_storage_to_string(arg_storage));
	378
6388c315 LP	379	/* Exit early if we cannot write the coredump to disk anyway */
	380	if (path_is_read_only_fs("/var/lib") != 0) {
	381	log_error("Coredump directory not mounted or not writable, skipping coredump.");
	382	r = -EROFS;
	383	goto finish;
	384	}
	385
34c10968	386	r = parse_uid(argv[ARG_UID], &uid);
f5e04665	387	if (r < 0) {
34c10968 LP	388	log_error("Failed to parse UID.");
	389	goto finish;
	390	}
803a3464	391
34c10968 LP	392	r = parse_pid(argv[ARG_PID], &pid);
34c10968 LP	393	if (r < 0) {
f5e04665	394	log_error("Failed to parse PID.");
f5e04665 LP	395	goto finish;
	396	}
	397
34c10968 LP	398	r = parse_gid(argv[ARG_GID], &gid);
	399	if (r < 0) {
	400	log_error("Failed to parse GID.");
	401	goto finish;
	402	}
	403
ba1261bc	404	if (cg_pid_get_unit(pid, &t) >= 0) {
803a3464 LP	405
803a3464 LP	406	if (streq(t, SPECIAL_JOURNALD_SERVICE)) {
803a3464	407
34c10968 LP	408	/* If we are journald, we cut things short,
	409	* don't write to the journal, but still
	410	* create a coredump. */
	411
	412	if (arg_storage != COREDUMP_STORAGE_NONE)
	413	arg_storage = COREDUMP_STORAGE_EXTERNAL;
	414
	415	r = save_external_coredump(argv, uid, &coredump_filename, &coredump_fd, &coredump_size);
	416	if (r < 0)
	417	goto finish;
	418
	419	r = maybe_remove_external_coredump(coredump_filename, coredump_size);
	420	if (r < 0)
	421	goto finish;
	422
	423	log_info("Detected coredump of the journal daemon itself, diverted to %s.", coredump_filename);
803a3464 LP	424	goto finish;
	425	}
	426
	427	core_unit = strappend("COREDUMP_UNIT=", t);
b7f7c685	428	} else if (cg_pid_get_user_unit(pid, &t) >= 0)
f9045468	429	core_unit = strappend("COREDUMP_USER_UNIT=", t);
803a3464	430
f9045468 MT	431	if (core_unit)
	432	IOVEC_SET_STRING(iovec[j++], core_unit);
	433
34c10968 LP	434	/* OK, now we know it's not the journal, hence we can make use
34c10968 LP	435	* of it now. */
803a3464 LP	436	log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
	437	log_open();
	438
f5e04665 LP	439	core_pid = strappend("COREDUMP_PID=", argv[ARG_PID]);
	440	if (core_pid)
	441	IOVEC_SET_STRING(iovec[j++], core_pid);
	442
	443	core_uid = strappend("COREDUMP_UID=", argv[ARG_UID]);
	444	if (core_uid)
	445	IOVEC_SET_STRING(iovec[j++], core_uid);
	446
	447	core_gid = strappend("COREDUMP_GID=", argv[ARG_GID]);
	448	if (core_gid)
	449	IOVEC_SET_STRING(iovec[j++], core_gid);
	450
	451	core_signal = strappend("COREDUMP_SIGNAL=", argv[ARG_SIGNAL]);
	452	if (core_signal)
	453	IOVEC_SET_STRING(iovec[j++], core_signal);
	454
	455	core_comm = strappend("COREDUMP_COMM=", argv[ARG_COMM]);
	456	if (core_comm)
	457	IOVEC_SET_STRING(iovec[j++], core_comm);
	458
	459	if (sd_pid_get_session(pid, &t) >= 0) {
	460	core_session = strappend("COREDUMP_SESSION=", t);
	461	free(t);
	462
	463	if (core_session)
	464	IOVEC_SET_STRING(iovec[j++], core_session);
	465	}
	466
a035f819 LP	467	if (sd_pid_get_owner_uid(pid, &owner_uid) >= 0) {
	468	asprintf(&core_owner_uid, "COREDUMP_OWNER_UID=" UID_FMT, owner_uid);
	469
	470	if (core_owner_uid)
	471	IOVEC_SET_STRING(iovec[j++], core_owner_uid);
	472	}
	473
	474	if (sd_pid_get_slice(pid, &t) >= 0) {
	475	core_slice = strappend("COREDUMP_SLICE=", t);
	476	free(t);
	477
	478	if (core_slice)
	479	IOVEC_SET_STRING(iovec[j++], core_slice);
	480	}
	481
8d4e028f LP	482	if (get_process_exe(pid, &exe) >= 0) {
8d4e028f LP	483	core_exe = strappend("COREDUMP_EXE=", exe);
f5e04665 LP	484	if (core_exe)
	485	IOVEC_SET_STRING(iovec[j++], core_exe);
	486	}
	487
9bdbc2e2	488	if (get_process_cmdline(pid, 0, false, &t) >= 0) {
f5e04665 LP	489	core_cmdline = strappend("COREDUMP_CMDLINE=", t);
	490	free(t);
	491
	492	if (core_cmdline)
	493	IOVEC_SET_STRING(iovec[j++], core_cmdline);
	494	}
	495
a035f819 LP	496	if (cg_pid_get_path_shifted(pid, NULL, &t) >= 0) {
	497	core_cgroup = strappend("COREDUMP_CGROUP=", t);
	498	free(t);
	499
	500	if (core_cgroup)
	501	IOVEC_SET_STRING(iovec[j++], core_cgroup);
	502	}
	503
b7def684	504	core_timestamp = strjoin("COREDUMP_TIMESTAMP=", argv[ARG_TIMESTAMP], "000000", NULL);
f5e04665 LP	505	if (core_timestamp)
	506	IOVEC_SET_STRING(iovec[j++], core_timestamp);
	507
	508	IOVEC_SET_STRING(iovec[j++], "MESSAGE_ID=fc2e22bc6ee647b6b90729ab34a250b1");
	509	IOVEC_SET_STRING(iovec[j++], "PRIORITY=2");
	510
34c10968 LP	511	/* Always stream the coredump to disk, if that's possible */
	512	r = save_external_coredump(argv, uid, &coredump_filename, &coredump_fd, &coredump_size);
	513	if (r < 0)
	514	goto finish;
	515
	516	/* If we don't want to keep the coredump on disk, remove it
8d4e028f LP	517	* now, as later on we will lack the privileges for
	518	* it. However, we keep the fd to it, so that we can still
	519	* process it and log it. */
34c10968 LP	520	r = maybe_remove_external_coredump(coredump_filename, coredump_size);
	521	if (r < 0)
	522	goto finish;
	523
fee80f69 LP	524	/* Now, let's drop privileges to become the user who owns the
	525	* segfaulted process and allocate the coredump memory under
	526	* his uid. This also ensures that the credentials journald
	527	* will see are the ones of the coredumping user, thus making
	528	* sure the user himself gets access to the core dump. */
fee80f69 LP	529	if (setresgid(gid, gid, gid) < 0 \|\|
	530	setresuid(uid, uid, uid) < 0) {
	531	log_error("Failed to drop privileges: %m");
	532	r = -errno;
	533	goto finish;
	534	}
	535
8d4e028f LP	536	#ifdef HAVE_ELFUTILS
	537	/* Try to get a strack trace if we can */
	538	if (coredump_size <= arg_process_size_max) {
	539	_cleanup_free_ char *stacktrace = NULL;
	540
	541	r = coredump_make_stack_trace(coredump_fd, exe, &stacktrace);
	542	if (r >= 0)
	543	core_message = strjoin("MESSAGE=Process ", argv[ARG_PID], " (", argv[ARG_COMM], ") of user ", argv[ARG_UID], " dumped core.\n\n", stacktrace, NULL);
	544	else
	545	log_warning("Failed to generate stack trace: %s", strerror(-r));
	546	}
	547
	548	if (!core_message)
	549	#endif
	550	core_message = strjoin("MESSAGE=Process ", argv[ARG_PID], " (", argv[ARG_COMM], ") of user ", argv[ARG_UID], " dumped core.", NULL);
	551	if (core_message)
	552	IOVEC_SET_STRING(iovec[j++], core_message);
	553
34c10968 LP	554	/* Optionally store the entire coredump in the journal */
	555	if (IN_SET(arg_storage, COREDUMP_STORAGE_JOURNAL, COREDUMP_STORAGE_BOTH) &&
	556	coredump_size <= (off_t) arg_journal_size_max) {
	557	size_t sz;
fee80f69	558
34c10968	559	/* Store the coredump itself in the journal */
fee80f69	560
34c10968 LP	561	r = allocate_journal_field(coredump_fd, (size_t) coredump_size, &coredump_data, &sz);
	562	if (r >= 0) {
	563	iovec[j].iov_base = coredump_data;
	564	iovec[j].iov_len = sz;
	565	j++;
ca0ceb6f	566	}
fee80f69 LP	567	}
fee80f69 LP	568
f5e04665 LP	569	r = sd_journal_sendv(iovec, j);
f5e04665 LP	570	if (r < 0)
872c8faa	571	log_error("Failed to log coredump: %s", strerror(-r));
f5e04665 LP	572
f5e04665 LP	573	finish:
f5e04665 LP	574	return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
f5e04665 LP	575	}