]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/journal/journald-server.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
shared: add process-util.[ch]
[thirdparty/systemd.git] / src / journal / journald-server.c
CommitLineData
d025f1e4
ZJS		 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3/***
4 This file is part of systemd.
5
6 Copyright 2011 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
22#include <sys/signalfd.h>
23#include <sys/ioctl.h>
24#include <linux/sockios.h>
25#include <sys/statvfs.h>
26#include <sys/mman.h>
27
28#include <libudev.h>
d025f1e4 29
74df0fca
LP		 30#include "sd-journal.h"
31#include "sd-messages.h"
32#include "sd-daemon.h"
d025f1e4 33#include "mkdir.h"
c6878637 34#include "rm-rf.h"
d025f1e4
ZJS		 35#include "hashmap.h"
36#include "journal-file.h"
37#include "socket-util.h"
38#include "cgroup-util.h"
d025f1e4
ZJS		 39#include "missing.h"
40#include "conf-parser.h"
74df0fca 41#include "selinux-util.h"
d025f1e4
ZJS		 42#include "journal-internal.h"
43#include "journal-vacuum.h"
44#include "journal-authenticate.h"
d025f1e4
ZJS		 45#include "journald-rate-limit.h"
46#include "journald-kmsg.h"
47#include "journald-syslog.h"
48#include "journald-stream.h"
d025f1e4 49#include "journald-native.h"
875c2e22 50#include "journald-audit.h"
74df0fca 51#include "journald-server.h"
d025f1e4 52#include "acl-util.h"
6482f626 53#include "formats-util.h"
0b452006 54#include "process-util.h"
d025f1e4
ZJS		 55
56#ifdef HAVE_SELINUX
57#include <selinux/selinux.h>
58#endif
59
60#define USER_JOURNALS_MAX 1024
61
26687bf8 62#define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
7f1ad696
LP		 63#define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC)
64#define DEFAULT_RATE_LIMIT_BURST 1000
e150e820 65#define DEFAULT_MAX_FILE_USEC USEC_PER_MONTH
d025f1e4
ZJS		 66
67#define RECHECK_AVAILABLE_SPACE_USEC (30*USEC_PER_SEC)
68
2c5859af 69static const char* const storage_table[_STORAGE_MAX] = {
d025f1e4
ZJS		 70 [STORAGE_AUTO] = "auto",
71 [STORAGE_VOLATILE] = "volatile",
72 [STORAGE_PERSISTENT] = "persistent",
73 [STORAGE_NONE] = "none"
74};
75
76DEFINE_STRING_TABLE_LOOKUP(storage, Storage);
77DEFINE_CONFIG_PARSE_ENUM(config_parse_storage, storage, Storage, "Failed to parse storage setting");
78
2c5859af
DM		 79static const char* const split_mode_table[_SPLIT_MAX] = {
80 [SPLIT_LOGIN] = "login",
d025f1e4 81 [SPLIT_UID] = "uid",
2c5859af 82 [SPLIT_NONE] = "none",
d025f1e4
ZJS		 83};
84
85DEFINE_STRING_TABLE_LOOKUP(split_mode, SplitMode);
86DEFINE_CONFIG_PARSE_ENUM(config_parse_split_mode, split_mode, SplitMode, "Failed to parse split mode setting");
87
670b110c 88static uint64_t available_space(Server *s, bool verbose) {
db91ea32 89 char ids[33];
7fd1b19b 90 _cleanup_free_ char *p = NULL;
d025f1e4
ZJS		 91 sd_id128_t machine;
92 struct statvfs ss;
670b110c 93 uint64_t sum = 0, ss_avail = 0, avail = 0;
d025f1e4 94 int r;
7fd1b19b 95 _cleanup_closedir_ DIR *d = NULL;
d025f1e4 96 usec_t ts;
670b110c 97 const char *f;
d025f1e4
ZJS		 98 JournalMetrics *m;
99
100 ts = now(CLOCK_MONOTONIC);
101
670b110c
ZJS		 102 if (s->cached_available_space_timestamp + RECHECK_AVAILABLE_SPACE_USEC > ts
103 && !verbose)
d025f1e4
ZJS		 104 return s->cached_available_space;
105
106 r = sd_id128_get_machine(&machine);
107 if (r < 0)
108 return 0;
109
110 if (s->system_journal) {
111 f = "/var/log/journal/";
112 m = &s->system_metrics;
113 } else {
114 f = "/run/log/journal/";
115 m = &s->runtime_metrics;
116 }
117
118 assert(m);
119
120 p = strappend(f, sd_id128_to_string(machine, ids));
121 if (!p)
122 return 0;
123
124 d = opendir(p);
d025f1e4
ZJS		 125 if (!d)
126 return 0;
127
128 if (fstatvfs(dirfd(d), &ss) < 0)
db91ea32 129 return 0;
d025f1e4
ZJS		 130
131 for (;;) {
132 struct stat st;
133 struct dirent *de;
d025f1e4 134
0371ca0d
FW		 135 errno = 0;
136 de = readdir(d);
137 if (!de && errno != 0)
138 return 0;
d025f1e4
ZJS		 139
140 if (!de)
141 break;
142
143 if (!endswith(de->d_name, ".journal") &&
144 !endswith(de->d_name, ".journal~"))
145 continue;
146
147 if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0)
148 continue;
149
150 if (!S_ISREG(st.st_mode))
151 continue;
152
153 sum += (uint64_t) st.st_blocks * 512UL;
154 }
155
d025f1e4
ZJS		 156 ss_avail = ss.f_bsize * ss.f_bavail;
157
348ced90
ZJS		 158 /* If we reached a high mark, we will always allow this much
159 * again, unless usage goes above max_use. This watermark
160 * value is cached so that we don't give up space on pressure,
161 * but hover below the maximum usage. */
162
163 if (m->use < sum)
164 m->use = sum;
165
166 avail = LESS_BY(ss_avail, m->keep_free);
167
168 s->cached_available_space = LESS_BY(MIN(m->max_use, avail), sum);
d025f1e4
ZJS		 169 s->cached_available_space_timestamp = ts;
170
670b110c
ZJS		 171 if (verbose) {
172 char fb1[FORMAT_BYTES_MAX], fb2[FORMAT_BYTES_MAX], fb3[FORMAT_BYTES_MAX],
173 fb4[FORMAT_BYTES_MAX], fb5[FORMAT_BYTES_MAX];
174
175 server_driver_message(s, SD_MESSAGE_JOURNAL_USAGE,
348ced90
ZJS		 176 "%s journal is using %s (max allowed %s, "
177 "trying to leave %s free of %s available → current limit %s).",
670b110c
ZJS		 178 s->system_journal ? "Permanent" : "Runtime",
179 format_bytes(fb1, sizeof(fb1), sum),
180 format_bytes(fb2, sizeof(fb2), m->max_use),
181 format_bytes(fb3, sizeof(fb3), m->keep_free),
182 format_bytes(fb4, sizeof(fb4), ss_avail),
348ced90 183 format_bytes(fb5, sizeof(fb5), s->cached_available_space + sum));
670b110c
ZJS		 184 }
185
186 return s->cached_available_space;
d025f1e4
ZJS		 187}
188
d025f1e4
ZJS		 189void server_fix_perms(Server *s, JournalFile *f, uid_t uid) {
190 int r;
191#ifdef HAVE_ACL
192 acl_t acl;
193 acl_entry_t entry;
194 acl_permset_t permset;
195#endif
196
197 assert(f);
198
4608af43 199 r = fchmod(f->fd, 0640);
d025f1e4 200 if (r < 0)
da927ba9 201 log_warning_errno(r, "Failed to fix access mode on %s, ignoring: %m", f->path);
d025f1e4
ZJS		 202
203#ifdef HAVE_ACL
34c10968 204 if (uid <= SYSTEM_UID_MAX)
d025f1e4
ZJS		 205 return;
206
207 acl = acl_get_fd(f->fd);
208 if (!acl) {
56f64d95 209 log_warning_errno(errno, "Failed to read ACL on %s, ignoring: %m", f->path);
d025f1e4
ZJS		 210 return;
211 }
212
213 r = acl_find_uid(acl, uid, &entry);
214 if (r <= 0) {
215
216 if (acl_create_entry(&acl, &entry) < 0 ||
217 acl_set_tag_type(entry, ACL_USER) < 0 ||
218 acl_set_qualifier(entry, &uid) < 0) {
56f64d95 219 log_warning_errno(errno, "Failed to patch ACL on %s, ignoring: %m", f->path);
d025f1e4
ZJS		 220 goto finish;
221 }
222 }
223
23ad4dd8
JAS		 224 /* We do not recalculate the mask unconditionally here,
225 * so that the fchmod() mask above stays intact. */
d025f1e4 226 if (acl_get_permset(entry, &permset) < 0 ||
23ad4dd8
JAS		 227 acl_add_perm(permset, ACL_READ) < 0 ||
228 calc_acl_mask_if_needed(&acl) < 0) {
56f64d95 229 log_warning_errno(errno, "Failed to patch ACL on %s, ignoring: %m", f->path);
d025f1e4
ZJS		 230 goto finish;
231 }
232
233 if (acl_set_fd(f->fd, acl) < 0)
56f64d95 234 log_warning_errno(errno, "Failed to set ACL on %s, ignoring: %m", f->path);
d025f1e4
ZJS		 235
236finish:
237 acl_free(acl);
238#endif
239}
240
241static JournalFile* find_journal(Server *s, uid_t uid) {
ed375beb 242 _cleanup_free_ char *p = NULL;
d025f1e4
ZJS		 243 int r;
244 JournalFile *f;
245 sd_id128_t machine;
246
247 assert(s);
248
249 /* We split up user logs only on /var, not on /run. If the
250 * runtime file is open, we write to it exclusively, in order
251 * to guarantee proper order as soon as we flush /run to
252 * /var and close the runtime file. */
253
254 if (s->runtime_journal)
255 return s->runtime_journal;
256
f7dc3ab9 257 if (uid <= SYSTEM_UID_MAX)
d025f1e4
ZJS		 258 return s->system_journal;
259
260 r = sd_id128_get_machine(&machine);
261 if (r < 0)
262 return s->system_journal;
263
43cf8388 264 f = ordered_hashmap_get(s->user_journals, UINT32_TO_PTR(uid));
d025f1e4
ZJS		 265 if (f)
266 return f;
267
de0671ee
ZJS		 268 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/user-"UID_FMT".journal",
269 SD_ID128_FORMAT_VAL(machine), uid) < 0)
d025f1e4
ZJS		 270 return s->system_journal;
271
43cf8388 272 while (ordered_hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
d025f1e4 273 /* Too many open? Then let's close one */
43cf8388 274 f = ordered_hashmap_steal_first(s->user_journals);
d025f1e4
ZJS		 275 assert(f);
276 journal_file_close(f);
277 }
278
cbd67177 279 r = journal_file_open_reliably(p, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &f);
d025f1e4
ZJS		 280 if (r < 0)
281 return s->system_journal;
282
283 server_fix_perms(s, f, uid);
284
43cf8388 285 r = ordered_hashmap_put(s->user_journals, UINT32_TO_PTR(uid), f);
d025f1e4
ZJS		 286 if (r < 0) {
287 journal_file_close(f);
288 return s->system_journal;
289 }
290
291 return f;
292}
293
ea69bd41
LP		 294static int do_rotate(
295 Server *s,
296 JournalFile **f,
297 const char* name,
298 bool seal,
299 uint32_t uid) {
300
fc55baee
ZJS		 301 int r;
302 assert(s);
303
304 if (!*f)
305 return -EINVAL;
306
307 r = journal_file_rotate(f, s->compress, seal);
308 if (r < 0)
309 if (*f)
ea69bd41 310 log_error_errno(r, "Failed to rotate %s: %m", (*f)->path);
fc55baee 311 else
ea69bd41 312 log_error_errno(r, "Failed to create new %s journal: %m", name);
fc55baee
ZJS		 313 else
314 server_fix_perms(s, *f, uid);
2678031a 315
fc55baee
ZJS		 316 return r;
317}
318
d025f1e4
ZJS		 319void server_rotate(Server *s) {
320 JournalFile *f;
321 void *k;
322 Iterator i;
323 int r;
324
325 log_debug("Rotating...");
326
fc55baee
ZJS		 327 do_rotate(s, &s->runtime_journal, "runtime", false, 0);
328 do_rotate(s, &s->system_journal, "system", s->seal, 0);
d025f1e4 329
43cf8388 330 ORDERED_HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
fc55baee
ZJS		 331 r = do_rotate(s, &f, "user", s->seal, PTR_TO_UINT32(k));
332 if (r >= 0)
43cf8388 333 ordered_hashmap_replace(s->user_journals, k, f);
fc55baee
ZJS		 334 else if (!f)
335 /* Old file has been closed and deallocated */
43cf8388 336 ordered_hashmap_remove(s->user_journals, k);
d025f1e4
ZJS		 337 }
338}
339
26687bf8
OS		 340void server_sync(Server *s) {
341 JournalFile *f;
342 void *k;
343 Iterator i;
344 int r;
345
26687bf8
OS		 346 if (s->system_journal) {
347 r = journal_file_set_offline(s->system_journal);
348 if (r < 0)
da927ba9 349 log_error_errno(r, "Failed to sync system journal: %m");
26687bf8
OS		 350 }
351
43cf8388 352 ORDERED_HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
26687bf8
OS		 353 r = journal_file_set_offline(f);
354 if (r < 0)
da927ba9 355 log_error_errno(r, "Failed to sync user journal: %m");
26687bf8
OS		 356 }
357
f9a810be
LP		 358 if (s->sync_event_source) {
359 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_OFF);
360 if (r < 0)
da927ba9 361 log_error_errno(r, "Failed to disable sync timer source: %m");
f9a810be 362 }
26687bf8
OS		 363
364 s->sync_scheduled = false;
365}
366
ea69bd41
LP		 367static void do_vacuum(
368 Server *s,
369 const char *id,
370 JournalFile *f,
371 const char* path,
372 JournalMetrics *metrics) {
373
374 const char *p;
63c8666b
ZJS		 375 int r;
376
377 if (!f)
378 return;
379
63c372cb 380 p = strjoina(path, id);
dbd2a83f 381 r = journal_directory_vacuum(p, metrics->max_use, s->max_retention_usec, &s->oldest_file_usec, false);
63c8666b 382 if (r < 0 && r != -ENOENT)
da927ba9 383 log_error_errno(r, "Failed to vacuum %s: %m", p);
63c8666b
ZJS		 384}
385
d025f1e4 386void server_vacuum(Server *s) {
d025f1e4
ZJS		 387 char ids[33];
388 sd_id128_t machine;
389 int r;
390
391 log_debug("Vacuuming...");
392
393 s->oldest_file_usec = 0;
394
395 r = sd_id128_get_machine(&machine);
396 if (r < 0) {
da927ba9 397 log_error_errno(r, "Failed to get machine ID: %m");
d025f1e4
ZJS		 398 return;
399 }
d025f1e4
ZJS		 400 sd_id128_to_string(machine, ids);
401
63c8666b
ZJS		 402 do_vacuum(s, ids, s->system_journal, "/var/log/journal/", &s->system_metrics);
403 do_vacuum(s, ids, s->runtime_journal, "/run/log/journal/", &s->runtime_metrics);
d025f1e4
ZJS		 404
405 s->cached_available_space_timestamp = 0;
406}
407
0c24bb23
LP		 408static void server_cache_machine_id(Server *s) {
409 sd_id128_t id;
410 int r;
411
412 assert(s);
413
414 r = sd_id128_get_machine(&id);
415 if (r < 0)
416 return;
417
418 sd_id128_to_string(id, stpcpy(s->machine_id_field, "_MACHINE_ID="));
419}
420
421static void server_cache_boot_id(Server *s) {
422 sd_id128_t id;
423 int r;
424
425 assert(s);
426
427 r = sd_id128_get_boot(&id);
428 if (r < 0)
429 return;
430
431 sd_id128_to_string(id, stpcpy(s->boot_id_field, "_BOOT_ID="));
432}
433
434static void server_cache_hostname(Server *s) {
435 _cleanup_free_ char *t = NULL;
436 char *x;
437
438 assert(s);
439
440 t = gethostname_malloc();
441 if (!t)
442 return;
443
444 x = strappend("_HOSTNAME=", t);
445 if (!x)
446 return;
447
448 free(s->hostname_field);
449 s->hostname_field = x;
450}
451
8531ae70 452static bool shall_try_append_again(JournalFile *f, int r) {
d025f1e4
ZJS		 453
454 /* -E2BIG Hit configured limit
455 -EFBIG Hit fs limit
456 -EDQUOT Quota limit hit
457 -ENOSPC Disk full
fa6ac760 458 -EIO I/O error of some kind (mmap)
d025f1e4
ZJS		 459 -EHOSTDOWN Other machine
460 -EBUSY Unclean shutdown
461 -EPROTONOSUPPORT Unsupported feature
462 -EBADMSG Corrupted
463 -ENODATA Truncated
2678031a
LP		 464 -ESHUTDOWN Already archived
465 -EIDRM Journal file has been deleted */
d025f1e4
ZJS		 466
467 if (r == -E2BIG || r == -EFBIG || r == -EDQUOT || r == -ENOSPC)
468 log_debug("%s: Allocation limit reached, rotating.", f->path);
469 else if (r == -EHOSTDOWN)
470 log_info("%s: Journal file from other machine, rotating.", f->path);
471 else if (r == -EBUSY)
472 log_info("%s: Unclean shutdown, rotating.", f->path);
473 else if (r == -EPROTONOSUPPORT)
474 log_info("%s: Unsupported feature, rotating.", f->path);
475 else if (r == -EBADMSG || r == -ENODATA || r == ESHUTDOWN)
476 log_warning("%s: Journal file corrupted, rotating.", f->path);
fa6ac760
LP		 477 else if (r == -EIO)
478 log_warning("%s: IO error, rotating.", f->path);
2678031a
LP		 479 else if (r == -EIDRM)
480 log_warning("%s: Journal file has been deleted, rotating.", f->path);
d025f1e4
ZJS		 481 else
482 return false;
483
484 return true;
485}
486
d07f7b9e 487static void write_to_journal(Server *s, uid_t uid, struct iovec *iovec, unsigned n, int priority) {
d025f1e4
ZJS		 488 JournalFile *f;
489 bool vacuumed = false;
490 int r;
491
492 assert(s);
493 assert(iovec);
494 assert(n > 0);
495
496 f = find_journal(s, uid);
497 if (!f)
498 return;
499
500 if (journal_file_rotate_suggested(f, s->max_file_usec)) {
501 log_debug("%s: Journal header limits reached or header out-of-date, rotating.", f->path);
502 server_rotate(s);
503 server_vacuum(s);
504 vacuumed = true;
505
506 f = find_journal(s, uid);
507 if (!f)
508 return;
509 }
510
511 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
26687bf8 512 if (r >= 0) {
d07f7b9e 513 server_schedule_sync(s, priority);
d025f1e4 514 return;
26687bf8 515 }
d025f1e4
ZJS		 516
517 if (vacuumed || !shall_try_append_again(f, r)) {
8266e1c0 518 log_error_errno(r, "Failed to write entry (%d items, %zu bytes), ignoring: %m", n, IOVEC_TOTAL_SIZE(iovec, n));
d025f1e4
ZJS		 519 return;
520 }
521
522 server_rotate(s);
523 server_vacuum(s);
524
525 f = find_journal(s, uid);
526 if (!f)
527 return;
528
529 log_debug("Retrying write.");
530 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
8266e1c0
LP		 531 if (r < 0)
532 log_error_errno(r, "Failed to write entry (%d items, %zu bytes) despite vacuuming, ignoring: %m", n, IOVEC_TOTAL_SIZE(iovec, n));
533 else
d07f7b9e 534 server_schedule_sync(s, priority);
d025f1e4
ZJS		 535}
536
537static void dispatch_message_real(
538 Server *s,
539 struct iovec *iovec, unsigned n, unsigned m,
3b3154df
LP		 540 const struct ucred *ucred,
541 const struct timeval *tv,
d025f1e4 542 const char *label, size_t label_len,
968f3196 543 const char *unit_id,
d07f7b9e 544 int priority,
968f3196 545 pid_t object_pid) {
d025f1e4 546
968f3196 547 char pid[sizeof("_PID=") + DECIMAL_STR_MAX(pid_t)],
ae018d9b
LP		 548 uid[sizeof("_UID=") + DECIMAL_STR_MAX(uid_t)],
549 gid[sizeof("_GID=") + DECIMAL_STR_MAX(gid_t)],
550 owner_uid[sizeof("_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)],
d3789917 551 source_time[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)],
968f3196
ZJS		 552 o_uid[sizeof("OBJECT_UID=") + DECIMAL_STR_MAX(uid_t)],
553 o_gid[sizeof("OBJECT_GID=") + DECIMAL_STR_MAX(gid_t)],
554 o_owner_uid[sizeof("OBJECT_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)];
555 uid_t object_uid;
556 gid_t object_gid;
968f3196 557 char *x;
d025f1e4 558 int r;
ae018d9b 559 char *t, *c;
82499507
LP		 560 uid_t realuid = 0, owner = 0, journal_uid;
561 bool owner_valid = false;
ae018d9b 562#ifdef HAVE_AUDIT
968f3196
ZJS		 563 char audit_session[sizeof("_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
564 audit_loginuid[sizeof("_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)],
565 o_audit_session[sizeof("OBJECT_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
566 o_audit_loginuid[sizeof("OBJECT_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)];
ae018d9b
LP		 567
568 uint32_t audit;
569 uid_t loginuid;
570#endif
d025f1e4
ZJS		 571
572 assert(s);
573 assert(iovec);
574 assert(n > 0);
968f3196 575 assert(n + N_IOVEC_META_FIELDS + (object_pid ? N_IOVEC_OBJECT_FIELDS : 0) <= m);
d025f1e4
ZJS		 576
577 if (ucred) {
d025f1e4
ZJS		 578 realuid = ucred->uid;
579
de0671ee 580 sprintf(pid, "_PID="PID_FMT, ucred->pid);
c2457105 581 IOVEC_SET_STRING(iovec[n++], pid);
d025f1e4 582
de0671ee 583 sprintf(uid, "_UID="UID_FMT, ucred->uid);
c2457105 584 IOVEC_SET_STRING(iovec[n++], uid);
d025f1e4 585
de0671ee 586 sprintf(gid, "_GID="GID_FMT, ucred->gid);
c2457105 587 IOVEC_SET_STRING(iovec[n++], gid);
d025f1e4
ZJS		 588
589 r = get_process_comm(ucred->pid, &t);
590 if (r >= 0) {
63c372cb 591 x = strjoina("_COMM=", t);
d025f1e4 592 free(t);
968f3196 593 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4
ZJS		 594 }
595
596 r = get_process_exe(ucred->pid, &t);
597 if (r >= 0) {
63c372cb 598 x = strjoina("_EXE=", t);
d025f1e4 599 free(t);
968f3196 600 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4
ZJS		 601 }
602
9bdbc2e2 603 r = get_process_cmdline(ucred->pid, 0, false, &t);
d025f1e4 604 if (r >= 0) {
63c372cb 605 x = strjoina("_CMDLINE=", t);
d025f1e4 606 free(t);
3a832116
SL		 607 IOVEC_SET_STRING(iovec[n++], x);
608 }
609
610 r = get_process_capeff(ucred->pid, &t);
611 if (r >= 0) {
63c372cb 612 x = strjoina("_CAP_EFFECTIVE=", t);
3a832116 613 free(t);
968f3196 614 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4
ZJS		 615 }
616
0a20e3c1 617#ifdef HAVE_AUDIT
d025f1e4 618 r = audit_session_from_pid(ucred->pid, &audit);
ae018d9b 619 if (r >= 0) {
de0671ee 620 sprintf(audit_session, "_AUDIT_SESSION=%"PRIu32, audit);
ae018d9b
LP		 621 IOVEC_SET_STRING(iovec[n++], audit_session);
622 }
d025f1e4
ZJS		 623
624 r = audit_loginuid_from_pid(ucred->pid, &loginuid);
7027ff61 625 if (r >= 0) {
de0671ee 626 sprintf(audit_loginuid, "_AUDIT_LOGINUID="UID_FMT, loginuid);
ae018d9b 627 IOVEC_SET_STRING(iovec[n++], audit_loginuid);
d025f1e4 628 }
ae018d9b 629#endif
d025f1e4 630
e9174f29 631 r = cg_pid_get_path_shifted(ucred->pid, s->cgroup_root, &c);
7027ff61 632 if (r >= 0) {
968f3196
ZJS		 633 char *session = NULL;
634
63c372cb 635 x = strjoina("_SYSTEMD_CGROUP=", c);
968f3196 636 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4 637
ae018d9b
LP		 638 r = cg_path_get_session(c, &t);
639 if (r >= 0) {
63c372cb 640 session = strjoina("_SYSTEMD_SESSION=", t);
ae018d9b 641 free(t);
d025f1e4 642 IOVEC_SET_STRING(iovec[n++], session);
ae018d9b
LP		 643 }
644
645 if (cg_path_get_owner_uid(c, &owner) >= 0) {
646 owner_valid = true;
d025f1e4 647
de0671ee 648 sprintf(owner_uid, "_SYSTEMD_OWNER_UID="UID_FMT, owner);
d025f1e4 649 IOVEC_SET_STRING(iovec[n++], owner_uid);
ae018d9b 650 }
d025f1e4 651
ae018d9b 652 if (cg_path_get_unit(c, &t) >= 0) {
63c372cb 653 x = strjoina("_SYSTEMD_UNIT=", t);
ae018d9b 654 free(t);
19cace37
LP		 655 IOVEC_SET_STRING(iovec[n++], x);
656 } else if (unit_id && !session) {
63c372cb 657 x = strjoina("_SYSTEMD_UNIT=", unit_id);
19cace37
LP		 658 IOVEC_SET_STRING(iovec[n++], x);
659 }
660
661 if (cg_path_get_user_unit(c, &t) >= 0) {
63c372cb 662 x = strjoina("_SYSTEMD_USER_UNIT=", t);
ae018d9b 663 free(t);
968f3196 664 IOVEC_SET_STRING(iovec[n++], x);
19cace37 665 } else if (unit_id && session) {
63c372cb 666 x = strjoina("_SYSTEMD_USER_UNIT=", unit_id);
19cace37
LP		 667 IOVEC_SET_STRING(iovec[n++], x);
668 }
ae018d9b 669
0a244b8e 670 if (cg_path_get_slice(c, &t) >= 0) {
63c372cb 671 x = strjoina("_SYSTEMD_SLICE=", t);
0a244b8e
LP		 672 free(t);
673 IOVEC_SET_STRING(iovec[n++], x);
674 }
675
ae018d9b 676 free(c);
2d43b190 677 } else if (unit_id) {
63c372cb 678 x = strjoina("_SYSTEMD_UNIT=", unit_id);
2d43b190 679 IOVEC_SET_STRING(iovec[n++], x);
ef1673d1 680 }
d025f1e4 681
d025f1e4 682#ifdef HAVE_SELINUX
6baa7db0 683 if (mac_selinux_use()) {
d682b3a7 684 if (label) {
f8294e41 685 x = alloca(strlen("_SELINUX_CONTEXT=") + label_len + 1);
ae018d9b 686
d682b3a7
LP		 687 *((char*) mempcpy(stpcpy(x, "_SELINUX_CONTEXT="), label, label_len)) = 0;
688 IOVEC_SET_STRING(iovec[n++], x);
689 } else {
690 security_context_t con;
d025f1e4 691
d682b3a7 692 if (getpidcon(ucred->pid, &con) >= 0) {
63c372cb 693 x = strjoina("_SELINUX_CONTEXT=", con);
e7ff4e7f 694
d682b3a7
LP		 695 freecon(con);
696 IOVEC_SET_STRING(iovec[n++], x);
697 }
d025f1e4
ZJS		 698 }
699 }
700#endif
701 }
968f3196
ZJS		 702 assert(n <= m);
703
704 if (object_pid) {
705 r = get_process_uid(object_pid, &object_uid);
706 if (r >= 0) {
de0671ee 707 sprintf(o_uid, "OBJECT_UID="UID_FMT, object_uid);
968f3196
ZJS		 708 IOVEC_SET_STRING(iovec[n++], o_uid);
709 }
710
711 r = get_process_gid(object_pid, &object_gid);
712 if (r >= 0) {
de0671ee 713 sprintf(o_gid, "OBJECT_GID="GID_FMT, object_gid);
968f3196
ZJS		 714 IOVEC_SET_STRING(iovec[n++], o_gid);
715 }
716
717 r = get_process_comm(object_pid, &t);
718 if (r >= 0) {
63c372cb 719 x = strjoina("OBJECT_COMM=", t);
968f3196
ZJS		 720 free(t);
721 IOVEC_SET_STRING(iovec[n++], x);
722 }
723
724 r = get_process_exe(object_pid, &t);
725 if (r >= 0) {
63c372cb 726 x = strjoina("OBJECT_EXE=", t);
968f3196
ZJS		 727 free(t);
728 IOVEC_SET_STRING(iovec[n++], x);
729 }
730
731 r = get_process_cmdline(object_pid, 0, false, &t);
732 if (r >= 0) {
63c372cb 733 x = strjoina("OBJECT_CMDLINE=", t);
968f3196
ZJS		 734 free(t);
735 IOVEC_SET_STRING(iovec[n++], x);
736 }
737
738#ifdef HAVE_AUDIT
739 r = audit_session_from_pid(object_pid, &audit);
740 if (r >= 0) {
de0671ee 741 sprintf(o_audit_session, "OBJECT_AUDIT_SESSION=%"PRIu32, audit);
968f3196
ZJS		 742 IOVEC_SET_STRING(iovec[n++], o_audit_session);
743 }
744
745 r = audit_loginuid_from_pid(object_pid, &loginuid);
746 if (r >= 0) {
de0671ee 747 sprintf(o_audit_loginuid, "OBJECT_AUDIT_LOGINUID="UID_FMT, loginuid);
968f3196
ZJS		 748 IOVEC_SET_STRING(iovec[n++], o_audit_loginuid);
749 }
750#endif
751
e9174f29 752 r = cg_pid_get_path_shifted(object_pid, s->cgroup_root, &c);
968f3196 753 if (r >= 0) {
63c372cb 754 x = strjoina("OBJECT_SYSTEMD_CGROUP=", c);
968f3196
ZJS		 755 IOVEC_SET_STRING(iovec[n++], x);
756
757 r = cg_path_get_session(c, &t);
758 if (r >= 0) {
63c372cb 759 x = strjoina("OBJECT_SYSTEMD_SESSION=", t);
968f3196
ZJS		 760 free(t);
761 IOVEC_SET_STRING(iovec[n++], x);
762 }
763
764 if (cg_path_get_owner_uid(c, &owner) >= 0) {
de0671ee 765 sprintf(o_owner_uid, "OBJECT_SYSTEMD_OWNER_UID="UID_FMT, owner);
968f3196
ZJS		 766 IOVEC_SET_STRING(iovec[n++], o_owner_uid);
767 }
768
769 if (cg_path_get_unit(c, &t) >= 0) {
63c372cb 770 x = strjoina("OBJECT_SYSTEMD_UNIT=", t);
968f3196 771 free(t);
19cace37
LP		 772 IOVEC_SET_STRING(iovec[n++], x);
773 }
774
775 if (cg_path_get_user_unit(c, &t) >= 0) {
63c372cb 776 x = strjoina("OBJECT_SYSTEMD_USER_UNIT=", t);
968f3196 777 free(t);
968f3196 778 IOVEC_SET_STRING(iovec[n++], x);
19cace37 779 }
968f3196
ZJS		 780
781 free(c);
782 }
783 }
784 assert(n <= m);
d025f1e4
ZJS		 785
786 if (tv) {
ae018d9b 787 sprintf(source_time, "_SOURCE_REALTIME_TIMESTAMP=%llu", (unsigned long long) timeval_load(tv));
a5693989 788 IOVEC_SET_STRING(iovec[n++], source_time);
d025f1e4
ZJS		 789 }
790
791 /* Note that strictly speaking storing the boot id here is
792 * redundant since the entry includes this in-line
793 * anyway. However, we need this indexed, too. */
0c24bb23
LP		 794 if (!isempty(s->boot_id_field))
795 IOVEC_SET_STRING(iovec[n++], s->boot_id_field);
d025f1e4 796
0c24bb23
LP		 797 if (!isempty(s->machine_id_field))
798 IOVEC_SET_STRING(iovec[n++], s->machine_id_field);
d025f1e4 799
0c24bb23
LP		 800 if (!isempty(s->hostname_field))
801 IOVEC_SET_STRING(iovec[n++], s->hostname_field);
d025f1e4
ZJS		 802
803 assert(n <= m);
804
da499392 805 if (s->split_mode == SPLIT_UID && realuid > 0)
40adcda8 806 /* Split up strictly by any UID */
759c945a 807 journal_uid = realuid;
82499507 808 else if (s->split_mode == SPLIT_LOGIN && realuid > 0 && owner_valid && owner > 0)
edc3797f
LP		 809 /* Split up by login UIDs. We do this only if the
810 * realuid is not root, in order not to accidentally
811 * leak privileged information to the user that is
812 * logged by a privileged process that is part of an
7517e174 813 * unprivileged session. */
8a0889df 814 journal_uid = owner;
da499392
KS		 815 else
816 journal_uid = 0;
759c945a 817
d07f7b9e 818 write_to_journal(s, journal_uid, iovec, n, priority);
d025f1e4
ZJS		 819}
820
821void server_driver_message(Server *s, sd_id128_t message_id, const char *format, ...) {
822 char mid[11 + 32 + 1];
823 char buffer[16 + LINE_MAX + 1];
824 struct iovec iovec[N_IOVEC_META_FIELDS + 4];
825 int n = 0;
826 va_list ap;
b92bea5d 827 struct ucred ucred = {};
d025f1e4
ZJS		 828
829 assert(s);
830 assert(format);
831
832 IOVEC_SET_STRING(iovec[n++], "PRIORITY=6");
833 IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=driver");
834
835 memcpy(buffer, "MESSAGE=", 8);
836 va_start(ap, format);
837 vsnprintf(buffer + 8, sizeof(buffer) - 8, format, ap);
838 va_end(ap);
d025f1e4
ZJS		 839 IOVEC_SET_STRING(iovec[n++], buffer);
840
841 if (!sd_id128_equal(message_id, SD_ID128_NULL)) {
e2cc6eca 842 snprintf(mid, sizeof(mid), LOG_MESSAGE_ID(message_id));
d025f1e4
ZJS		 843 IOVEC_SET_STRING(iovec[n++], mid);
844 }
845
d025f1e4
ZJS		 846 ucred.pid = getpid();
847 ucred.uid = getuid();
848 ucred.gid = getgid();
849
d07f7b9e 850 dispatch_message_real(s, iovec, n, ELEMENTSOF(iovec), &ucred, NULL, NULL, 0, NULL, LOG_INFO, 0);
d025f1e4
ZJS		 851}
852
853void server_dispatch_message(
854 Server *s,
855 struct iovec *iovec, unsigned n, unsigned m,
3b3154df
LP		 856 const struct ucred *ucred,
857 const struct timeval *tv,
d025f1e4
ZJS		 858 const char *label, size_t label_len,
859 const char *unit_id,
968f3196
ZJS		 860 int priority,
861 pid_t object_pid) {
d025f1e4 862
7027ff61 863 int rl, r;
7fd1b19b 864 _cleanup_free_ char *path = NULL;
db91ea32 865 char *c;
d025f1e4
ZJS		 866
867 assert(s);
868 assert(iovec || n == 0);
869
870 if (n == 0)
871 return;
872
873 if (LOG_PRI(priority) > s->max_level_store)
874 return;
875
2f5df74a
HHPF		 876 /* Stop early in case the information will not be stored
877 * in a journal. */
878 if (s->storage == STORAGE_NONE)
879 return;
880
d025f1e4
ZJS		 881 if (!ucred)
882 goto finish;
883
e9174f29 884 r = cg_pid_get_path_shifted(ucred->pid, s->cgroup_root, &path);
7027ff61 885 if (r < 0)
d025f1e4
ZJS		 886 goto finish;
887
888 /* example: /user/lennart/3/foobar
889 * /system/dbus.service/foobar
890 *
891 * So let's cut of everything past the third /, since that is
892 * where user directories start */
893
894 c = strchr(path, '/');
895 if (c) {
896 c = strchr(c+1, '/');
897 if (c) {
898 c = strchr(c+1, '/');
899 if (c)
900 *c = 0;
901 }
902 }
903
db91ea32 904 rl = journal_rate_limit_test(s->rate_limit, path,
670b110c 905 priority & LOG_PRIMASK, available_space(s, false));
d025f1e4 906
db91ea32 907 if (rl == 0)
d025f1e4 908 return;
d025f1e4
ZJS		 909
910 /* Write a suppression message if we suppressed something */
911 if (rl > 1)
db91ea32
ZJS		 912 server_driver_message(s, SD_MESSAGE_JOURNAL_DROPPED,
913 "Suppressed %u messages from %s", rl - 1, path);
d025f1e4
ZJS		 914
915finish:
d07f7b9e 916 dispatch_message_real(s, iovec, n, m, ucred, tv, label, label_len, unit_id, priority, object_pid);
d025f1e4
ZJS		 917}
918
919
caa2f4c0 920static int system_journal_open(Server *s, bool flush_requested) {
d025f1e4
ZJS		 921 int r;
922 char *fn;
923 sd_id128_t machine;
924 char ids[33];
925
926 r = sd_id128_get_machine(&machine);
23bbb0de
MS		 927 if (r < 0)
928 return log_error_errno(r, "Failed to get machine id: %m");
d025f1e4
ZJS		 929
930 sd_id128_to_string(machine, ids);
931
932 if (!s->system_journal &&
933 (s->storage == STORAGE_PERSISTENT || s->storage == STORAGE_AUTO) &&
caa2f4c0
ZJS		 934 (flush_requested
935 || access("/run/systemd/journal/flushed", F_OK) >= 0)) {
d025f1e4
ZJS		 936
937 /* If in auto mode: first try to create the machine
938 * path, but not the prefix.
939 *
940 * If in persistent mode: create /var/log/journal and
941 * the machine path */
942
943 if (s->storage == STORAGE_PERSISTENT)
944 (void) mkdir("/var/log/journal/", 0755);
945
63c372cb 946 fn = strjoina("/var/log/journal/", ids);
d025f1e4 947 (void) mkdir(fn, 0755);
d025f1e4 948
63c372cb 949 fn = strjoina(fn, "/system.journal");
d025f1e4 950 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &s->system_journal);
d025f1e4 951
670b110c 952 if (r >= 0)
d025f1e4 953 server_fix_perms(s, s->system_journal, 0);
433dd100
LN		 954 else if (r < 0) {
955 if (r != -ENOENT && r != -EROFS)
da927ba9 956 log_warning_errno(r, "Failed to open system journal: %m");
e40ec7ae 957
433dd100
LN		 958 r = 0;
959 }
d025f1e4
ZJS		 960 }
961
962 if (!s->runtime_journal &&
963 (s->storage != STORAGE_NONE)) {
964
965 fn = strjoin("/run/log/journal/", ids, "/system.journal", NULL);
966 if (!fn)
967 return -ENOMEM;
968
969 if (s->system_journal) {
970
971 /* Try to open the runtime journal, but only
972 * if it already exists, so that we can flush
973 * it into the system journal */
974
975 r = journal_file_open(fn, O_RDWR, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
976 free(fn);
977
978 if (r < 0) {
979 if (r != -ENOENT)
da927ba9 980 log_warning_errno(r, "Failed to open runtime journal: %m");
d025f1e4
ZJS		 981
982 r = 0;
983 }
984
985 } else {
986
987 /* OK, we really need the runtime journal, so create
988 * it if necessary. */
989
fc1d70af
LP		 990 (void) mkdir("/run/log", 0755);
991 (void) mkdir("/run/log/journal", 0755);
992 (void) mkdir_parents(fn, 0750);
993
d025f1e4
ZJS		 994 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
995 free(fn);
996
23bbb0de
MS		 997 if (r < 0)
998 return log_error_errno(r, "Failed to open runtime journal: %m");
d025f1e4
ZJS		 999 }
1000
670b110c 1001 if (s->runtime_journal)
d025f1e4 1002 server_fix_perms(s, s->runtime_journal, 0);
d025f1e4
ZJS		 1003 }
1004
670b110c
ZJS		 1005 available_space(s, true);
1006
d025f1e4
ZJS		 1007 return r;
1008}
1009
1010int server_flush_to_var(Server *s) {
d025f1e4
ZJS		 1011 sd_id128_t machine;
1012 sd_journal *j = NULL;
fbb63411
LP		 1013 char ts[FORMAT_TIMESPAN_MAX];
1014 usec_t start;
1015 unsigned n = 0;
1016 int r;
d025f1e4
ZJS		 1017
1018 assert(s);
1019
1020 if (s->storage != STORAGE_AUTO &&
1021 s->storage != STORAGE_PERSISTENT)
1022 return 0;
1023
1024 if (!s->runtime_journal)
1025 return 0;
1026
caa2f4c0 1027 system_journal_open(s, true);
d025f1e4
ZJS		 1028
1029 if (!s->system_journal)
1030 return 0;
1031
1032 log_debug("Flushing to /var...");
1033
fbb63411
LP		 1034 start = now(CLOCK_MONOTONIC);
1035
d025f1e4 1036 r = sd_id128_get_machine(&machine);
00a16861 1037 if (r < 0)
d025f1e4 1038 return r;
d025f1e4
ZJS		 1039
1040 r = sd_journal_open(&j, SD_JOURNAL_RUNTIME_ONLY);
23bbb0de
MS		 1041 if (r < 0)
1042 return log_error_errno(r, "Failed to read runtime journal: %m");
d025f1e4 1043
93b73b06
LP		 1044 sd_journal_set_data_threshold(j, 0);
1045
d025f1e4
ZJS		 1046 SD_JOURNAL_FOREACH(j) {
1047 Object *o = NULL;
1048 JournalFile *f;
1049
1050 f = j->current_file;
1051 assert(f && f->current_offset > 0);
1052
fbb63411
LP		 1053 n++;
1054
d025f1e4
ZJS		 1055 r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
1056 if (r < 0) {
da927ba9 1057 log_error_errno(r, "Can't read entry: %m");
d025f1e4
ZJS		 1058 goto finish;
1059 }
1060
1061 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
1062 if (r >= 0)
1063 continue;
1064
1065 if (!shall_try_append_again(s->system_journal, r)) {
da927ba9 1066 log_error_errno(r, "Can't write entry: %m");
d025f1e4
ZJS		 1067 goto finish;
1068 }
1069
1070 server_rotate(s);
1071 server_vacuum(s);
1072
253f59df
LP		 1073 if (!s->system_journal) {
1074 log_notice("Didn't flush runtime journal since rotation of system journal wasn't successful.");
1075 r = -EIO;
1076 goto finish;
1077 }
1078
d025f1e4
ZJS		 1079 log_debug("Retrying write.");
1080 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
1081 if (r < 0) {
da927ba9 1082 log_error_errno(r, "Can't write entry: %m");
d025f1e4
ZJS		 1083 goto finish;
1084 }
1085 }
1086
1087finish:
1088 journal_file_post_change(s->system_journal);
1089
1090 journal_file_close(s->runtime_journal);
1091 s->runtime_journal = NULL;
1092
1093 if (r >= 0)
c6878637 1094 (void) rm_rf("/run/log/journal", REMOVE_ROOT);
d025f1e4 1095
763c7aa2 1096 sd_journal_close(j);
d025f1e4 1097
fbb63411
LP		 1098 server_driver_message(s, SD_ID128_NULL, "Time spent on flushing to /var is %s for %u entries.", format_timespan(ts, sizeof(ts), now(CLOCK_MONOTONIC) - start, 0), n);
1099
d025f1e4
ZJS		 1100 return r;
1101}
1102
8531ae70 1103int server_process_datagram(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
f9a810be
LP		 1104 Server *s = userdata;
1105
d025f1e4 1106 assert(s);
875c2e22 1107 assert(fd == s->native_fd || fd == s->syslog_fd || fd == s->audit_fd);
f9a810be
LP		 1108
1109 if (revents != EPOLLIN) {
1110 log_error("Got invalid event from epoll for datagram fd: %"PRIx32, revents);
1111 return -EIO;
1112 }
1113
1114 for (;;) {
1115 struct ucred *ucred = NULL;
1116 struct timeval *tv = NULL;
1117 struct cmsghdr *cmsg;
1118 char *label = NULL;
1119 size_t label_len = 0;
1120 struct iovec iovec;
1121
1122 union {
1123 struct cmsghdr cmsghdr;
1124
bdd13f6b
ZJS		 1125 /* We use NAME_MAX space for the SELinux label
1126 * here. The kernel currently enforces no
1127 * limit, but according to suggestions from
1128 * the SELinux people this will change and it
1129 * will probably be identical to NAME_MAX. For
1130 * now we use that, but this should be updated
7517e174 1131 * one day when the final limit is known. */
f9a810be
LP		 1132 uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
1133 CMSG_SPACE(sizeof(struct timeval)) +
1134 CMSG_SPACE(sizeof(int)) + /* fd */
1135 CMSG_SPACE(NAME_MAX)]; /* selinux label */
1136 } control = {};
875c2e22 1137 union sockaddr_union sa = {};
f9a810be
LP		 1138 struct msghdr msghdr = {
1139 .msg_iov = &iovec,
1140 .msg_iovlen = 1,
1141 .msg_control = &control,
1142 .msg_controllen = sizeof(control),
875c2e22
LP		 1143 .msg_name = &sa,
1144 .msg_namelen = sizeof(sa),
f9a810be 1145 };
d025f1e4 1146
d025f1e4 1147 ssize_t n;
f9a810be
LP		 1148 int *fds = NULL;
1149 unsigned n_fds = 0;
875c2e22
LP		 1150 int v = 0;
1151 size_t m;
d025f1e4 1152
875c2e22
LP		 1153 /* Try to get the right size, if we can. (Not all
1154 * sockets support SIOCINQ, hence we just try, but
1155 * don't rely on it. */
1156 (void) ioctl(fd, SIOCINQ, &v);
1157
7517e174 1158 /* Fix it up, if it is too small. We use the same fixed value as auditd here. Awful! */
875c2e22
LP		 1159 m = PAGE_ALIGN(MAX3((size_t) v + 1,
1160 (size_t) LINE_MAX,
1161 ALIGN(sizeof(struct nlmsghdr)) + ALIGN((size_t) MAX_AUDIT_MESSAGE_LENGTH)) + 1);
d025f1e4 1162
875c2e22 1163 if (!GREEDY_REALLOC(s->buffer, s->buffer_size, m))
f9a810be 1164 return log_oom();
d025f1e4 1165
f9a810be 1166 iovec.iov_base = s->buffer;
875c2e22 1167 iovec.iov_len = s->buffer_size - 1; /* Leave room for trailing NUL we add later */
d025f1e4 1168
f9a810be
LP		 1169 n = recvmsg(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
1170 if (n < 0) {
d025f1e4 1171 if (errno == EINTR || errno == EAGAIN)
f9a810be 1172 return 0;
d025f1e4 1173
56f64d95 1174 log_error_errno(errno, "recvmsg() failed: %m");
d025f1e4
ZJS		 1175 return -errno;
1176 }
1177
f9a810be
LP		 1178 for (cmsg = CMSG_FIRSTHDR(&msghdr); cmsg; cmsg = CMSG_NXTHDR(&msghdr, cmsg)) {
1179
1180 if (cmsg->cmsg_level == SOL_SOCKET &&
1181 cmsg->cmsg_type == SCM_CREDENTIALS &&
1182 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
1183 ucred = (struct ucred*) CMSG_DATA(cmsg);
1184 else if (cmsg->cmsg_level == SOL_SOCKET &&
1185 cmsg->cmsg_type == SCM_SECURITY) {
1186 label = (char*) CMSG_DATA(cmsg);
1187 label_len = cmsg->cmsg_len - CMSG_LEN(0);
1188 } else if (cmsg->cmsg_level == SOL_SOCKET &&
1189 cmsg->cmsg_type == SO_TIMESTAMP &&
1190 cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval)))
1191 tv = (struct timeval*) CMSG_DATA(cmsg);
1192 else if (cmsg->cmsg_level == SOL_SOCKET &&
1193 cmsg->cmsg_type == SCM_RIGHTS) {
1194 fds = (int*) CMSG_DATA(cmsg);
1195 n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
1196 }
d025f1e4
ZJS		 1197 }
1198
875c2e22
LP		 1199 /* And a trailing NUL, just in case */
1200 s->buffer[n] = 0;
1201
f9a810be 1202 if (fd == s->syslog_fd) {
875c2e22 1203 if (n > 0 && n_fds == 0)
f9a810be 1204 server_process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len);
875c2e22 1205 else if (n_fds > 0)
f9a810be 1206 log_warning("Got file descriptors via syslog socket. Ignoring.");
d025f1e4 1207
875c2e22 1208 } else if (fd == s->native_fd) {
f9a810be
LP		 1209 if (n > 0 && n_fds == 0)
1210 server_process_native_message(s, s->buffer, n, ucred, tv, label, label_len);
1211 else if (n == 0 && n_fds == 1)
1212 server_process_native_file(s, fds[0], ucred, tv, label, label_len);
1213 else if (n_fds > 0)
1214 log_warning("Got too many file descriptors via native socket. Ignoring.");
875c2e22
LP		 1215
1216 } else {
1217 assert(fd == s->audit_fd);
1218
1219 if (n > 0 && n_fds == 0)
0b97208d 1220 server_process_audit_message(s, s->buffer, n, ucred, &sa, msghdr.msg_namelen);
875c2e22
LP		 1221 else if (n_fds > 0)
1222 log_warning("Got file descriptors via audit socket. Ignoring.");
d025f1e4
ZJS		 1223 }
1224
f9a810be
LP		 1225 close_many(fds, n_fds);
1226 }
f9a810be 1227}
d025f1e4 1228
f9a810be
LP		 1229static int dispatch_sigusr1(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1230 Server *s = userdata;
d025f1e4 1231
f9a810be 1232 assert(s);
d025f1e4 1233
f9a810be 1234 log_info("Received request to flush runtime journal from PID %"PRIu32, si->ssi_pid);
d025f1e4 1235
f9a810be
LP		 1236 server_flush_to_var(s);
1237 server_sync(s);
3bfd4e0c 1238 server_vacuum(s);
d025f1e4 1239
74055aa7
LP		 1240 touch("/run/systemd/journal/flushed");
1241
f9a810be
LP		 1242 return 0;
1243}
d025f1e4 1244
f9a810be
LP		 1245static int dispatch_sigusr2(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1246 Server *s = userdata;
d025f1e4 1247
f9a810be 1248 assert(s);
d025f1e4 1249
f9a810be
LP		 1250 log_info("Received request to rotate journal from PID %"PRIu32, si->ssi_pid);
1251 server_rotate(s);
1252 server_vacuum(s);
d025f1e4 1253
f9a810be
LP		 1254 return 0;
1255}
d025f1e4 1256
f9a810be
LP		 1257static int dispatch_sigterm(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1258 Server *s = userdata;
d025f1e4 1259
f9a810be 1260 assert(s);
d025f1e4 1261
4daf54a8 1262 log_received_signal(LOG_INFO, si);
d025f1e4 1263
6203e07a 1264 sd_event_exit(s->event, 0);
d025f1e4
ZJS		 1265 return 0;
1266}
1267
f9a810be 1268static int setup_signals(Server *s) {
d025f1e4 1269 sigset_t mask;
f9a810be 1270 int r;
d025f1e4
ZJS		 1271
1272 assert(s);
1273
1274 assert_se(sigemptyset(&mask) == 0);
1275 sigset_add_many(&mask, SIGINT, SIGTERM, SIGUSR1, SIGUSR2, -1);
1276 assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);
1277
151b9b96 1278 r = sd_event_add_signal(s->event, &s->sigusr1_event_source, SIGUSR1, dispatch_sigusr1, s);
f9a810be
LP		 1279 if (r < 0)
1280 return r;
1281
151b9b96 1282 r = sd_event_add_signal(s->event, &s->sigusr2_event_source, SIGUSR2, dispatch_sigusr2, s);
f9a810be
LP		 1283 if (r < 0)
1284 return r;
d025f1e4 1285
151b9b96 1286 r = sd_event_add_signal(s->event, &s->sigterm_event_source, SIGTERM, dispatch_sigterm, s);
f9a810be
LP		 1287 if (r < 0)
1288 return r;
d025f1e4 1289
151b9b96 1290 r = sd_event_add_signal(s->event, &s->sigint_event_source, SIGINT, dispatch_sigterm, s);
f9a810be
LP		 1291 if (r < 0)
1292 return r;
d025f1e4
ZJS		 1293
1294 return 0;
1295}
1296
1297static int server_parse_proc_cmdline(Server *s) {
7fd1b19b 1298 _cleanup_free_ char *line = NULL;
a2a5291b 1299 const char *w, *state;
d025f1e4 1300 size_t l;
74df0fca 1301 int r;
d025f1e4 1302
74df0fca 1303 r = proc_cmdline(&line);
b5884878 1304 if (r < 0) {
da927ba9 1305 log_warning_errno(r, "Failed to read /proc/cmdline, ignoring: %m");
d025f1e4 1306 return 0;
b5884878 1307 }
d025f1e4
ZJS		 1308
1309 FOREACH_WORD_QUOTED(w, l, line, state) {
7fd1b19b 1310 _cleanup_free_ char *word;
d025f1e4
ZJS		 1311
1312 word = strndup(w, l);
db91ea32
ZJS		 1313 if (!word)
1314 return -ENOMEM;
d025f1e4
ZJS		 1315
1316 if (startswith(word, "systemd.journald.forward_to_syslog=")) {
1317 r = parse_boolean(word + 35);
1318 if (r < 0)
1319 log_warning("Failed to parse forward to syslog switch %s. Ignoring.", word + 35);
1320 else
1321 s->forward_to_syslog = r;
1322 } else if (startswith(word, "systemd.journald.forward_to_kmsg=")) {
1323 r = parse_boolean(word + 33);
1324 if (r < 0)
1325 log_warning("Failed to parse forward to kmsg switch %s. Ignoring.", word + 33);
1326 else
1327 s->forward_to_kmsg = r;
1328 } else if (startswith(word, "systemd.journald.forward_to_console=")) {
1329 r = parse_boolean(word + 36);
1330 if (r < 0)
1331 log_warning("Failed to parse forward to console switch %s. Ignoring.", word + 36);
1332 else
1333 s->forward_to_console = r;
40b71e89
ST		 1334 } else if (startswith(word, "systemd.journald.forward_to_wall=")) {
1335 r = parse_boolean(word + 33);
1336 if (r < 0)
1337 log_warning("Failed to parse forward to wall switch %s. Ignoring.", word + 33);
1338 else
1339 s->forward_to_wall = r;
d025f1e4
ZJS		 1340 } else if (startswith(word, "systemd.journald"))
1341 log_warning("Invalid systemd.journald parameter. Ignoring.");
d025f1e4 1342 }
b2fadec6 1343 /* do not warn about state here, since probably systemd already did */
d025f1e4 1344
db91ea32 1345 return 0;
d025f1e4
ZJS		 1346}
1347
1348static int server_parse_config_file(Server *s) {
d025f1e4
ZJS		 1349 assert(s);
1350
a9edaeff
JT		 1351 return config_parse_many("/etc/systemd/journald.conf",
1352 CONF_DIRS_NULSTR("systemd/journald.conf"),
1353 "Journal\0",
1354 config_item_perf_lookup, journald_gperf_lookup,
1355 false, s);
d025f1e4
ZJS		 1356}
1357
f9a810be
LP		 1358static int server_dispatch_sync(sd_event_source *es, usec_t t, void *userdata) {
1359 Server *s = userdata;
26687bf8
OS		 1360
1361 assert(s);
1362
f9a810be 1363 server_sync(s);
26687bf8
OS		 1364 return 0;
1365}
1366
d07f7b9e 1367int server_schedule_sync(Server *s, int priority) {
26687bf8
OS		 1368 int r;
1369
26687bf8
OS		 1370 assert(s);
1371
d07f7b9e
LP		 1372 if (priority <= LOG_CRIT) {
1373 /* Immediately sync to disk when this is of priority CRIT, ALERT, EMERG */
1374 server_sync(s);
1375 return 0;
1376 }
1377
26687bf8
OS		 1378 if (s->sync_scheduled)
1379 return 0;
1380
f9a810be
LP		 1381 if (s->sync_interval_usec > 0) {
1382 usec_t when;
ca267016 1383
6a0f1f6d 1384 r = sd_event_now(s->event, CLOCK_MONOTONIC, &when);
f9a810be
LP		 1385 if (r < 0)
1386 return r;
26687bf8 1387
f9a810be
LP		 1388 when += s->sync_interval_usec;
1389
1390 if (!s->sync_event_source) {
6a0f1f6d
LP		 1391 r = sd_event_add_time(
1392 s->event,
1393 &s->sync_event_source,
1394 CLOCK_MONOTONIC,
1395 when, 0,
1396 server_dispatch_sync, s);
f9a810be
LP		 1397 if (r < 0)
1398 return r;
1399
1400 r = sd_event_source_set_priority(s->sync_event_source, SD_EVENT_PRIORITY_IMPORTANT);
1401 } else {
1402 r = sd_event_source_set_time(s->sync_event_source, when);
1403 if (r < 0)
1404 return r;
1405
1406 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_ONESHOT);
1407 }
26687bf8 1408 if (r < 0)
f9a810be 1409 return r;
26687bf8 1410
f9a810be
LP		 1411 s->sync_scheduled = true;
1412 }
26687bf8
OS		 1413
1414 return 0;
1415}
1416
0c24bb23
LP		 1417static int dispatch_hostname_change(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
1418 Server *s = userdata;
1419
1420 assert(s);
1421
1422 server_cache_hostname(s);
1423 return 0;
1424}
1425
1426static int server_open_hostname(Server *s) {
1427 int r;
1428
1429 assert(s);
1430
1431 s->hostname_fd = open("/proc/sys/kernel/hostname", O_RDONLY|O_CLOEXEC|O_NDELAY|O_NOCTTY);
4a62c710
MS		 1432 if (s->hostname_fd < 0)
1433 return log_error_errno(errno, "Failed to open /proc/sys/kernel/hostname: %m");
0c24bb23 1434
151b9b96 1435 r = sd_event_add_io(s->event, &s->hostname_event_source, s->hostname_fd, 0, dispatch_hostname_change, s);
0c24bb23 1436 if (r < 0) {
28def94c
DR		 1437 /* kernels prior to 3.2 don't support polling this file. Ignore
1438 * the failure. */
1439 if (r == -EPERM) {
1440 log_warning("Failed to register hostname fd in event loop: %s. Ignoring.",
1441 strerror(-r));
03e334a1 1442 s->hostname_fd = safe_close(s->hostname_fd);
28def94c
DR		 1443 return 0;
1444 }
1445
23bbb0de 1446 return log_error_errno(r, "Failed to register hostname fd in event loop: %m");
0c24bb23
LP		 1447 }
1448
1449 r = sd_event_source_set_priority(s->hostname_event_source, SD_EVENT_PRIORITY_IMPORTANT-10);
23bbb0de
MS		 1450 if (r < 0)
1451 return log_error_errno(r, "Failed to adjust priority of host name event source: %m");
0c24bb23
LP		 1452
1453 return 0;
1454}
1455
d025f1e4 1456int server_init(Server *s) {
13790add 1457 _cleanup_fdset_free_ FDSet *fds = NULL;
d025f1e4
ZJS		 1458 int n, r, fd;
1459
1460 assert(s);
1461
1462 zero(*s);
875c2e22 1463 s->syslog_fd = s->native_fd = s->stdout_fd = s->dev_kmsg_fd = s->audit_fd = s->hostname_fd = -1;
d025f1e4
ZJS		 1464 s->compress = true;
1465 s->seal = true;
1466
26687bf8
OS		 1467 s->sync_interval_usec = DEFAULT_SYNC_INTERVAL_USEC;
1468 s->sync_scheduled = false;
1469
d025f1e4
ZJS		 1470 s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL;
1471 s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST;
1472
40b71e89 1473 s->forward_to_wall = true;
d025f1e4 1474
e150e820
MB		 1475 s->max_file_usec = DEFAULT_MAX_FILE_USEC;
1476
d025f1e4
ZJS		 1477 s->max_level_store = LOG_DEBUG;
1478 s->max_level_syslog = LOG_DEBUG;
1479 s->max_level_kmsg = LOG_NOTICE;
1480 s->max_level_console = LOG_INFO;
40b71e89 1481 s->max_level_wall = LOG_EMERG;
d025f1e4
ZJS		 1482
1483 memset(&s->system_metrics, 0xFF, sizeof(s->system_metrics));
1484 memset(&s->runtime_metrics, 0xFF, sizeof(s->runtime_metrics));
1485
1486 server_parse_config_file(s);
1487 server_parse_proc_cmdline(s);
d288f79f 1488 if (!!s->rate_limit_interval ^ !!s->rate_limit_burst) {
b1389b0d
ZJS		 1489 log_debug("Setting both rate limit interval and burst from "USEC_FMT",%u to 0,0",
1490 s->rate_limit_interval, s->rate_limit_burst);
d288f79f
ZJS		 1491 s->rate_limit_interval = s->rate_limit_burst = 0;
1492 }
d025f1e4
ZJS		 1493
1494 mkdir_p("/run/systemd/journal", 0755);
1495
43cf8388 1496 s->user_journals = ordered_hashmap_new(NULL);
d025f1e4
ZJS		 1497 if (!s->user_journals)
1498 return log_oom();
1499
1500 s->mmap = mmap_cache_new();
1501 if (!s->mmap)
1502 return log_oom();
1503
f9a810be 1504 r = sd_event_default(&s->event);
23bbb0de
MS		 1505 if (r < 0)
1506 return log_error_errno(r, "Failed to create event loop: %m");
d025f1e4 1507
f9a810be
LP		 1508 sd_event_set_watchdog(s->event, true);
1509
d025f1e4 1510 n = sd_listen_fds(true);
23bbb0de
MS		 1511 if (n < 0)
1512 return log_error_errno(n, "Failed to read listening file descriptors from environment: %m");
d025f1e4
ZJS		 1513
1514 for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
1515
1516 if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/socket", 0) > 0) {
1517
1518 if (s->native_fd >= 0) {
1519 log_error("Too many native sockets passed.");
1520 return -EINVAL;
1521 }
1522
1523 s->native_fd = fd;
1524
1525 } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, "/run/systemd/journal/stdout", 0) > 0) {
1526
1527 if (s->stdout_fd >= 0) {
1528 log_error("Too many stdout sockets passed.");
1529 return -EINVAL;
1530 }
1531
1532 s->stdout_fd = fd;
1533
03ee5c38
LP		 1534 } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0 ||
1535 sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/dev-log", 0) > 0) {
d025f1e4
ZJS		 1536
1537 if (s->syslog_fd >= 0) {
1538 log_error("Too many /dev/log sockets passed.");
1539 return -EINVAL;
1540 }
1541
1542 s->syslog_fd = fd;
1543
875c2e22
LP		 1544 } else if (sd_is_socket(fd, AF_NETLINK, SOCK_RAW, -1) > 0) {
1545
1546 if (s->audit_fd >= 0) {
1547 log_error("Too many audit sockets passed.");
1548 return -EINVAL;
1549 }
1550
1551 s->audit_fd = fd;
1552
4ec3cd73 1553 } else {
4ec3cd73 1554
13790add
LP		 1555 if (!fds) {
1556 fds = fdset_new();
1557 if (!fds)
1558 return log_oom();
1559 }
4ec3cd73 1560
13790add
LP		 1561 r = fdset_put(fds, fd);
1562 if (r < 0)
1563 return log_oom();
4ec3cd73 1564 }
d025f1e4
ZJS		 1565 }
1566
13790add 1567 r = server_open_stdout_socket(s, fds);
d025f1e4
ZJS		 1568 if (r < 0)
1569 return r;
1570
13790add
LP		 1571 if (fdset_size(fds) > 0) {
1572 log_warning("%u unknown file descriptors passed, closing.", fdset_size(fds));
1573 fds = fdset_free(fds);
1574 }
1575
1576 r = server_open_syslog_socket(s);
d025f1e4
ZJS		 1577 if (r < 0)
1578 return r;
1579
13790add 1580 r = server_open_native_socket(s);
d025f1e4
ZJS		 1581 if (r < 0)
1582 return r;
1583
1584 r = server_open_dev_kmsg(s);
1585 if (r < 0)
1586 return r;
1587
875c2e22
LP		 1588 r = server_open_audit(s);
1589 if (r < 0)
1590 return r;
1591
d025f1e4
ZJS		 1592 r = server_open_kernel_seqnum(s);
1593 if (r < 0)
1594 return r;
1595
0c24bb23
LP		 1596 r = server_open_hostname(s);
1597 if (r < 0)
1598 return r;
1599
f9a810be 1600 r = setup_signals(s);
d025f1e4
ZJS		 1601 if (r < 0)
1602 return r;
1603
1604 s->udev = udev_new();
1605 if (!s->udev)
1606 return -ENOMEM;
1607
f9a810be 1608 s->rate_limit = journal_rate_limit_new(s->rate_limit_interval, s->rate_limit_burst);
d025f1e4
ZJS		 1609 if (!s->rate_limit)
1610 return -ENOMEM;
1611
e9174f29
LP		 1612 r = cg_get_root_path(&s->cgroup_root);
1613 if (r < 0)
1614 return r;
1615
0c24bb23
LP		 1616 server_cache_hostname(s);
1617 server_cache_boot_id(s);
1618 server_cache_machine_id(s);
1619
caa2f4c0 1620 r = system_journal_open(s, false);
d025f1e4
ZJS		 1621 if (r < 0)
1622 return r;
1623
1624 return 0;
1625}
1626
1627void server_maybe_append_tags(Server *s) {
1628#ifdef HAVE_GCRYPT
1629 JournalFile *f;
1630 Iterator i;
1631 usec_t n;
1632
1633 n = now(CLOCK_REALTIME);
1634
1635 if (s->system_journal)
1636 journal_file_maybe_append_tag(s->system_journal, n);
1637
43cf8388 1638 ORDERED_HASHMAP_FOREACH(f, s->user_journals, i)
d025f1e4
ZJS		 1639 journal_file_maybe_append_tag(f, n);
1640#endif
1641}
1642
1643void server_done(Server *s) {
1644 JournalFile *f;
1645 assert(s);
1646
1647 while (s->stdout_streams)
1648 stdout_stream_free(s->stdout_streams);
1649
1650 if (s->system_journal)
1651 journal_file_close(s->system_journal);
1652
1653 if (s->runtime_journal)
1654 journal_file_close(s->runtime_journal);
1655
43cf8388 1656 while ((f = ordered_hashmap_steal_first(s->user_journals)))
d025f1e4
ZJS		 1657 journal_file_close(f);
1658
43cf8388 1659 ordered_hashmap_free(s->user_journals);
d025f1e4 1660
f9a810be
LP		 1661 sd_event_source_unref(s->syslog_event_source);
1662 sd_event_source_unref(s->native_event_source);
1663 sd_event_source_unref(s->stdout_event_source);
1664 sd_event_source_unref(s->dev_kmsg_event_source);
875c2e22 1665 sd_event_source_unref(s->audit_event_source);
f9a810be
LP		 1666 sd_event_source_unref(s->sync_event_source);
1667 sd_event_source_unref(s->sigusr1_event_source);
1668 sd_event_source_unref(s->sigusr2_event_source);
1669 sd_event_source_unref(s->sigterm_event_source);
1670 sd_event_source_unref(s->sigint_event_source);
0c24bb23 1671 sd_event_source_unref(s->hostname_event_source);
f9a810be 1672 sd_event_unref(s->event);
d025f1e4 1673
03e334a1
LP		 1674 safe_close(s->syslog_fd);
1675 safe_close(s->native_fd);
1676 safe_close(s->stdout_fd);
1677 safe_close(s->dev_kmsg_fd);
875c2e22 1678 safe_close(s->audit_fd);
03e334a1 1679 safe_close(s->hostname_fd);
0c24bb23 1680
d025f1e4
ZJS		 1681 if (s->rate_limit)
1682 journal_rate_limit_free(s->rate_limit);
1683
1684 if (s->kernel_seqnum)
1685 munmap(s->kernel_seqnum, sizeof(uint64_t));
1686
1687 free(s->buffer);
1688 free(s->tty_path);
e9174f29 1689 free(s->cgroup_root);
99d0966e 1690 free(s->hostname_field);
d025f1e4
ZJS		 1691
1692 if (s->mmap)
1693 mmap_cache_unref(s->mmap);
1694
1695 if (s->udev)
1696 udev_unref(s->udev);
1697}
Unnamed repository; edit this file 'description' to name the repository.