]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/journal/journald-server.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
treewide: use log_*_errno whenever %m is in the format string
[thirdparty/systemd.git] / src / journal / journald-server.c
CommitLineData
d025f1e4
ZJS		 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3/***
4 This file is part of systemd.
5
6 Copyright 2011 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
22#include <sys/signalfd.h>
23#include <sys/ioctl.h>
24#include <linux/sockios.h>
25#include <sys/statvfs.h>
26#include <sys/mman.h>
26687bf8 27#include <sys/timerfd.h>
d025f1e4
ZJS		 28
29#include <libudev.h>
d025f1e4 30
74df0fca
LP		 31#include "sd-journal.h"
32#include "sd-messages.h"
33#include "sd-daemon.h"
a5c32cff 34#include "fileio.h"
d025f1e4
ZJS		 35#include "mkdir.h"
36#include "hashmap.h"
37#include "journal-file.h"
38#include "socket-util.h"
39#include "cgroup-util.h"
40#include "list.h"
d025f1e4
ZJS		 41#include "missing.h"
42#include "conf-parser.h"
74df0fca 43#include "selinux-util.h"
d025f1e4
ZJS		 44#include "journal-internal.h"
45#include "journal-vacuum.h"
46#include "journal-authenticate.h"
d025f1e4
ZJS		 47#include "journald-rate-limit.h"
48#include "journald-kmsg.h"
49#include "journald-syslog.h"
50#include "journald-stream.h"
51#include "journald-console.h"
52#include "journald-native.h"
875c2e22 53#include "journald-audit.h"
74df0fca 54#include "journald-server.h"
d025f1e4
ZJS		 55
56#ifdef HAVE_ACL
57#include <sys/acl.h>
58#include <acl/libacl.h>
59#include "acl-util.h"
60#endif
61
62#ifdef HAVE_SELINUX
63#include <selinux/selinux.h>
64#endif
65
66#define USER_JOURNALS_MAX 1024
67
26687bf8 68#define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
7f1ad696
LP		 69#define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC)
70#define DEFAULT_RATE_LIMIT_BURST 1000
e150e820 71#define DEFAULT_MAX_FILE_USEC USEC_PER_MONTH
d025f1e4
ZJS		 72
73#define RECHECK_AVAILABLE_SPACE_USEC (30*USEC_PER_SEC)
74
2c5859af 75static const char* const storage_table[_STORAGE_MAX] = {
d025f1e4
ZJS		 76 [STORAGE_AUTO] = "auto",
77 [STORAGE_VOLATILE] = "volatile",
78 [STORAGE_PERSISTENT] = "persistent",
79 [STORAGE_NONE] = "none"
80};
81
82DEFINE_STRING_TABLE_LOOKUP(storage, Storage);
83DEFINE_CONFIG_PARSE_ENUM(config_parse_storage, storage, Storage, "Failed to parse storage setting");
84
2c5859af
DM		 85static const char* const split_mode_table[_SPLIT_MAX] = {
86 [SPLIT_LOGIN] = "login",
d025f1e4 87 [SPLIT_UID] = "uid",
2c5859af 88 [SPLIT_NONE] = "none",
d025f1e4
ZJS		 89};
90
91DEFINE_STRING_TABLE_LOOKUP(split_mode, SplitMode);
92DEFINE_CONFIG_PARSE_ENUM(config_parse_split_mode, split_mode, SplitMode, "Failed to parse split mode setting");
93
670b110c 94static uint64_t available_space(Server *s, bool verbose) {
db91ea32 95 char ids[33];
7fd1b19b 96 _cleanup_free_ char *p = NULL;
d025f1e4
ZJS		 97 sd_id128_t machine;
98 struct statvfs ss;
670b110c 99 uint64_t sum = 0, ss_avail = 0, avail = 0;
d025f1e4 100 int r;
7fd1b19b 101 _cleanup_closedir_ DIR *d = NULL;
d025f1e4 102 usec_t ts;
670b110c 103 const char *f;
d025f1e4
ZJS		 104 JournalMetrics *m;
105
106 ts = now(CLOCK_MONOTONIC);
107
670b110c
ZJS		 108 if (s->cached_available_space_timestamp + RECHECK_AVAILABLE_SPACE_USEC > ts
109 && !verbose)
d025f1e4
ZJS		 110 return s->cached_available_space;
111
112 r = sd_id128_get_machine(&machine);
113 if (r < 0)
114 return 0;
115
116 if (s->system_journal) {
117 f = "/var/log/journal/";
118 m = &s->system_metrics;
119 } else {
120 f = "/run/log/journal/";
121 m = &s->runtime_metrics;
122 }
123
124 assert(m);
125
126 p = strappend(f, sd_id128_to_string(machine, ids));
127 if (!p)
128 return 0;
129
130 d = opendir(p);
d025f1e4
ZJS		 131 if (!d)
132 return 0;
133
134 if (fstatvfs(dirfd(d), &ss) < 0)
db91ea32 135 return 0;
d025f1e4
ZJS		 136
137 for (;;) {
138 struct stat st;
139 struct dirent *de;
d025f1e4 140
0371ca0d
FW		 141 errno = 0;
142 de = readdir(d);
143 if (!de && errno != 0)
144 return 0;
d025f1e4
ZJS		 145
146 if (!de)
147 break;
148
149 if (!endswith(de->d_name, ".journal") &&
150 !endswith(de->d_name, ".journal~"))
151 continue;
152
153 if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0)
154 continue;
155
156 if (!S_ISREG(st.st_mode))
157 continue;
158
159 sum += (uint64_t) st.st_blocks * 512UL;
160 }
161
d025f1e4
ZJS		 162 ss_avail = ss.f_bsize * ss.f_bavail;
163
348ced90
ZJS		 164 /* If we reached a high mark, we will always allow this much
165 * again, unless usage goes above max_use. This watermark
166 * value is cached so that we don't give up space on pressure,
167 * but hover below the maximum usage. */
168
169 if (m->use < sum)
170 m->use = sum;
171
172 avail = LESS_BY(ss_avail, m->keep_free);
173
174 s->cached_available_space = LESS_BY(MIN(m->max_use, avail), sum);
d025f1e4
ZJS		 175 s->cached_available_space_timestamp = ts;
176
670b110c
ZJS		 177 if (verbose) {
178 char fb1[FORMAT_BYTES_MAX], fb2[FORMAT_BYTES_MAX], fb3[FORMAT_BYTES_MAX],
179 fb4[FORMAT_BYTES_MAX], fb5[FORMAT_BYTES_MAX];
180
181 server_driver_message(s, SD_MESSAGE_JOURNAL_USAGE,
348ced90
ZJS		 182 "%s journal is using %s (max allowed %s, "
183 "trying to leave %s free of %s available → current limit %s).",
670b110c
ZJS		 184 s->system_journal ? "Permanent" : "Runtime",
185 format_bytes(fb1, sizeof(fb1), sum),
186 format_bytes(fb2, sizeof(fb2), m->max_use),
187 format_bytes(fb3, sizeof(fb3), m->keep_free),
188 format_bytes(fb4, sizeof(fb4), ss_avail),
348ced90 189 format_bytes(fb5, sizeof(fb5), s->cached_available_space + sum));
670b110c
ZJS		 190 }
191
192 return s->cached_available_space;
d025f1e4
ZJS		 193}
194
d025f1e4
ZJS		 195void server_fix_perms(Server *s, JournalFile *f, uid_t uid) {
196 int r;
197#ifdef HAVE_ACL
198 acl_t acl;
199 acl_entry_t entry;
200 acl_permset_t permset;
201#endif
202
203 assert(f);
204
4608af43 205 r = fchmod(f->fd, 0640);
d025f1e4 206 if (r < 0)
da927ba9 207 log_warning_errno(r, "Failed to fix access mode on %s, ignoring: %m", f->path);
d025f1e4
ZJS		 208
209#ifdef HAVE_ACL
34c10968 210 if (uid <= SYSTEM_UID_MAX)
d025f1e4
ZJS		 211 return;
212
213 acl = acl_get_fd(f->fd);
214 if (!acl) {
56f64d95 215 log_warning_errno(errno, "Failed to read ACL on %s, ignoring: %m", f->path);
d025f1e4
ZJS		 216 return;
217 }
218
219 r = acl_find_uid(acl, uid, &entry);
220 if (r <= 0) {
221
222 if (acl_create_entry(&acl, &entry) < 0 ||
223 acl_set_tag_type(entry, ACL_USER) < 0 ||
224 acl_set_qualifier(entry, &uid) < 0) {
56f64d95 225 log_warning_errno(errno, "Failed to patch ACL on %s, ignoring: %m", f->path);
d025f1e4
ZJS		 226 goto finish;
227 }
228 }
229
23ad4dd8
JAS		 230 /* We do not recalculate the mask unconditionally here,
231 * so that the fchmod() mask above stays intact. */
d025f1e4 232 if (acl_get_permset(entry, &permset) < 0 ||
23ad4dd8
JAS		 233 acl_add_perm(permset, ACL_READ) < 0 ||
234 calc_acl_mask_if_needed(&acl) < 0) {
56f64d95 235 log_warning_errno(errno, "Failed to patch ACL on %s, ignoring: %m", f->path);
d025f1e4
ZJS		 236 goto finish;
237 }
238
239 if (acl_set_fd(f->fd, acl) < 0)
56f64d95 240 log_warning_errno(errno, "Failed to set ACL on %s, ignoring: %m", f->path);
d025f1e4
ZJS		 241
242finish:
243 acl_free(acl);
244#endif
245}
246
247static JournalFile* find_journal(Server *s, uid_t uid) {
ed375beb 248 _cleanup_free_ char *p = NULL;
d025f1e4
ZJS		 249 int r;
250 JournalFile *f;
251 sd_id128_t machine;
252
253 assert(s);
254
255 /* We split up user logs only on /var, not on /run. If the
256 * runtime file is open, we write to it exclusively, in order
257 * to guarantee proper order as soon as we flush /run to
258 * /var and close the runtime file. */
259
260 if (s->runtime_journal)
261 return s->runtime_journal;
262
f7dc3ab9 263 if (uid <= SYSTEM_UID_MAX)
d025f1e4
ZJS		 264 return s->system_journal;
265
266 r = sd_id128_get_machine(&machine);
267 if (r < 0)
268 return s->system_journal;
269
43cf8388 270 f = ordered_hashmap_get(s->user_journals, UINT32_TO_PTR(uid));
d025f1e4
ZJS		 271 if (f)
272 return f;
273
de0671ee
ZJS		 274 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/user-"UID_FMT".journal",
275 SD_ID128_FORMAT_VAL(machine), uid) < 0)
d025f1e4
ZJS		 276 return s->system_journal;
277
43cf8388 278 while (ordered_hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
d025f1e4 279 /* Too many open? Then let's close one */
43cf8388 280 f = ordered_hashmap_steal_first(s->user_journals);
d025f1e4
ZJS		 281 assert(f);
282 journal_file_close(f);
283 }
284
cbd67177 285 r = journal_file_open_reliably(p, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &f);
d025f1e4
ZJS		 286 if (r < 0)
287 return s->system_journal;
288
289 server_fix_perms(s, f, uid);
290
43cf8388 291 r = ordered_hashmap_put(s->user_journals, UINT32_TO_PTR(uid), f);
d025f1e4
ZJS		 292 if (r < 0) {
293 journal_file_close(f);
294 return s->system_journal;
295 }
296
297 return f;
298}
299
fc55baee
ZJS		 300static int do_rotate(Server *s, JournalFile **f, const char* name,
301 bool seal, uint32_t uid) {
302 int r;
303 assert(s);
304
305 if (!*f)
306 return -EINVAL;
307
308 r = journal_file_rotate(f, s->compress, seal);
309 if (r < 0)
310 if (*f)
c33b3297
MS		 311 log_error_errno(r, "Failed to rotate %s: %m",
312 (*f)->path);
fc55baee 313 else
c33b3297
MS		 314 log_error_errno(r, "Failed to create new %s journal: %m",
315 name);
fc55baee
ZJS		 316 else
317 server_fix_perms(s, *f, uid);
318 return r;
319}
320
d025f1e4
ZJS		 321void server_rotate(Server *s) {
322 JournalFile *f;
323 void *k;
324 Iterator i;
325 int r;
326
327 log_debug("Rotating...");
328
fc55baee
ZJS		 329 do_rotate(s, &s->runtime_journal, "runtime", false, 0);
330 do_rotate(s, &s->system_journal, "system", s->seal, 0);
d025f1e4 331
43cf8388 332 ORDERED_HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
fc55baee
ZJS		 333 r = do_rotate(s, &f, "user", s->seal, PTR_TO_UINT32(k));
334 if (r >= 0)
43cf8388 335 ordered_hashmap_replace(s->user_journals, k, f);
fc55baee
ZJS		 336 else if (!f)
337 /* Old file has been closed and deallocated */
43cf8388 338 ordered_hashmap_remove(s->user_journals, k);
d025f1e4
ZJS		 339 }
340}
341
26687bf8
OS		 342void server_sync(Server *s) {
343 JournalFile *f;
344 void *k;
345 Iterator i;
346 int r;
347
26687bf8
OS		 348 if (s->system_journal) {
349 r = journal_file_set_offline(s->system_journal);
350 if (r < 0)
da927ba9 351 log_error_errno(r, "Failed to sync system journal: %m");
26687bf8
OS		 352 }
353
43cf8388 354 ORDERED_HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
26687bf8
OS		 355 r = journal_file_set_offline(f);
356 if (r < 0)
da927ba9 357 log_error_errno(r, "Failed to sync user journal: %m");
26687bf8
OS		 358 }
359
f9a810be
LP		 360 if (s->sync_event_source) {
361 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_OFF);
362 if (r < 0)
da927ba9 363 log_error_errno(r, "Failed to disable sync timer source: %m");
f9a810be 364 }
26687bf8
OS		 365
366 s->sync_scheduled = false;
367}
368
63c8666b
ZJS		 369static void do_vacuum(Server *s, char *ids, JournalFile *f, const char* path,
370 JournalMetrics *metrics) {
371 char *p;
372 int r;
373
374 if (!f)
375 return;
376
377 p = strappenda(path, ids);
dbd2a83f 378 r = journal_directory_vacuum(p, metrics->max_use, s->max_retention_usec, &s->oldest_file_usec, false);
63c8666b 379 if (r < 0 && r != -ENOENT)
da927ba9 380 log_error_errno(r, "Failed to vacuum %s: %m", p);
63c8666b
ZJS		 381}
382
d025f1e4 383void server_vacuum(Server *s) {
d025f1e4
ZJS		 384 char ids[33];
385 sd_id128_t machine;
386 int r;
387
388 log_debug("Vacuuming...");
389
390 s->oldest_file_usec = 0;
391
392 r = sd_id128_get_machine(&machine);
393 if (r < 0) {
da927ba9 394 log_error_errno(r, "Failed to get machine ID: %m");
d025f1e4
ZJS		 395 return;
396 }
d025f1e4
ZJS		 397 sd_id128_to_string(machine, ids);
398
63c8666b
ZJS		 399 do_vacuum(s, ids, s->system_journal, "/var/log/journal/", &s->system_metrics);
400 do_vacuum(s, ids, s->runtime_journal, "/run/log/journal/", &s->runtime_metrics);
d025f1e4
ZJS		 401
402 s->cached_available_space_timestamp = 0;
403}
404
0c24bb23
LP		 405static void server_cache_machine_id(Server *s) {
406 sd_id128_t id;
407 int r;
408
409 assert(s);
410
411 r = sd_id128_get_machine(&id);
412 if (r < 0)
413 return;
414
415 sd_id128_to_string(id, stpcpy(s->machine_id_field, "_MACHINE_ID="));
416}
417
418static void server_cache_boot_id(Server *s) {
419 sd_id128_t id;
420 int r;
421
422 assert(s);
423
424 r = sd_id128_get_boot(&id);
425 if (r < 0)
426 return;
427
428 sd_id128_to_string(id, stpcpy(s->boot_id_field, "_BOOT_ID="));
429}
430
431static void server_cache_hostname(Server *s) {
432 _cleanup_free_ char *t = NULL;
433 char *x;
434
435 assert(s);
436
437 t = gethostname_malloc();
438 if (!t)
439 return;
440
441 x = strappend("_HOSTNAME=", t);
442 if (!x)
443 return;
444
445 free(s->hostname_field);
446 s->hostname_field = x;
447}
448
d025f1e4
ZJS		 449bool shall_try_append_again(JournalFile *f, int r) {
450
451 /* -E2BIG Hit configured limit
452 -EFBIG Hit fs limit
453 -EDQUOT Quota limit hit
454 -ENOSPC Disk full
455 -EHOSTDOWN Other machine
456 -EBUSY Unclean shutdown
457 -EPROTONOSUPPORT Unsupported feature
458 -EBADMSG Corrupted
459 -ENODATA Truncated
460 -ESHUTDOWN Already archived */
461
462 if (r == -E2BIG || r == -EFBIG || r == -EDQUOT || r == -ENOSPC)
463 log_debug("%s: Allocation limit reached, rotating.", f->path);
464 else if (r == -EHOSTDOWN)
465 log_info("%s: Journal file from other machine, rotating.", f->path);
466 else if (r == -EBUSY)
467 log_info("%s: Unclean shutdown, rotating.", f->path);
468 else if (r == -EPROTONOSUPPORT)
469 log_info("%s: Unsupported feature, rotating.", f->path);
470 else if (r == -EBADMSG || r == -ENODATA || r == ESHUTDOWN)
471 log_warning("%s: Journal file corrupted, rotating.", f->path);
472 else
473 return false;
474
475 return true;
476}
477
d07f7b9e 478static void write_to_journal(Server *s, uid_t uid, struct iovec *iovec, unsigned n, int priority) {
d025f1e4
ZJS		 479 JournalFile *f;
480 bool vacuumed = false;
481 int r;
482
483 assert(s);
484 assert(iovec);
485 assert(n > 0);
486
487 f = find_journal(s, uid);
488 if (!f)
489 return;
490
491 if (journal_file_rotate_suggested(f, s->max_file_usec)) {
492 log_debug("%s: Journal header limits reached or header out-of-date, rotating.", f->path);
493 server_rotate(s);
494 server_vacuum(s);
495 vacuumed = true;
496
497 f = find_journal(s, uid);
498 if (!f)
499 return;
500 }
501
502 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
26687bf8 503 if (r >= 0) {
d07f7b9e 504 server_schedule_sync(s, priority);
d025f1e4 505 return;
26687bf8 506 }
d025f1e4
ZJS		 507
508 if (vacuumed || !shall_try_append_again(f, r)) {
e40ec7ae
ZJS		 509 size_t size = 0;
510 unsigned i;
511 for (i = 0; i < n; i++)
512 size += iovec[i].iov_len;
513
da927ba9 514 log_error_errno(r, "Failed to write entry (%d items, %zu bytes), ignoring: %m", n, size);
d025f1e4
ZJS		 515 return;
516 }
517
518 server_rotate(s);
519 server_vacuum(s);
520
521 f = find_journal(s, uid);
522 if (!f)
523 return;
524
525 log_debug("Retrying write.");
526 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
e40ec7ae
ZJS		 527 if (r < 0) {
528 size_t size = 0;
529 unsigned i;
530 for (i = 0; i < n; i++)
531 size += iovec[i].iov_len;
532
da927ba9 533 log_error_errno(r, "Failed to write entry (%d items, %zu bytes) despite vacuuming, ignoring: %m", n, size);
d07f7b9e
LP		 534 } else
535 server_schedule_sync(s, priority);
d025f1e4
ZJS		 536}
537
538static void dispatch_message_real(
539 Server *s,
540 struct iovec *iovec, unsigned n, unsigned m,
3b3154df
LP		 541 const struct ucred *ucred,
542 const struct timeval *tv,
d025f1e4 543 const char *label, size_t label_len,
968f3196 544 const char *unit_id,
d07f7b9e 545 int priority,
968f3196 546 pid_t object_pid) {
d025f1e4 547
968f3196 548 char pid[sizeof("_PID=") + DECIMAL_STR_MAX(pid_t)],
ae018d9b
LP		 549 uid[sizeof("_UID=") + DECIMAL_STR_MAX(uid_t)],
550 gid[sizeof("_GID=") + DECIMAL_STR_MAX(gid_t)],
551 owner_uid[sizeof("_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)],
d3789917 552 source_time[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)],
968f3196
ZJS		 553 o_uid[sizeof("OBJECT_UID=") + DECIMAL_STR_MAX(uid_t)],
554 o_gid[sizeof("OBJECT_GID=") + DECIMAL_STR_MAX(gid_t)],
555 o_owner_uid[sizeof("OBJECT_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)];
556 uid_t object_uid;
557 gid_t object_gid;
968f3196 558 char *x;
d025f1e4 559 int r;
ae018d9b 560 char *t, *c;
82499507
LP		 561 uid_t realuid = 0, owner = 0, journal_uid;
562 bool owner_valid = false;
ae018d9b 563#ifdef HAVE_AUDIT
968f3196
ZJS		 564 char audit_session[sizeof("_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
565 audit_loginuid[sizeof("_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)],
566 o_audit_session[sizeof("OBJECT_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
567 o_audit_loginuid[sizeof("OBJECT_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)];
ae018d9b
LP		 568
569 uint32_t audit;
570 uid_t loginuid;
571#endif
d025f1e4
ZJS		 572
573 assert(s);
574 assert(iovec);
575 assert(n > 0);
968f3196 576 assert(n + N_IOVEC_META_FIELDS + (object_pid ? N_IOVEC_OBJECT_FIELDS : 0) <= m);
d025f1e4
ZJS		 577
578 if (ucred) {
d025f1e4
ZJS		 579 realuid = ucred->uid;
580
de0671ee 581 sprintf(pid, "_PID="PID_FMT, ucred->pid);
c2457105 582 IOVEC_SET_STRING(iovec[n++], pid);
d025f1e4 583
de0671ee 584 sprintf(uid, "_UID="UID_FMT, ucred->uid);
c2457105 585 IOVEC_SET_STRING(iovec[n++], uid);
d025f1e4 586
de0671ee 587 sprintf(gid, "_GID="GID_FMT, ucred->gid);
c2457105 588 IOVEC_SET_STRING(iovec[n++], gid);
d025f1e4
ZJS		 589
590 r = get_process_comm(ucred->pid, &t);
591 if (r >= 0) {
968f3196 592 x = strappenda("_COMM=", t);
d025f1e4 593 free(t);
968f3196 594 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4
ZJS		 595 }
596
597 r = get_process_exe(ucred->pid, &t);
598 if (r >= 0) {
968f3196 599 x = strappenda("_EXE=", t);
d025f1e4 600 free(t);
968f3196 601 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4
ZJS		 602 }
603
9bdbc2e2 604 r = get_process_cmdline(ucred->pid, 0, false, &t);
d025f1e4 605 if (r >= 0) {
968f3196 606 x = strappenda("_CMDLINE=", t);
d025f1e4 607 free(t);
3a832116
SL		 608 IOVEC_SET_STRING(iovec[n++], x);
609 }
610
611 r = get_process_capeff(ucred->pid, &t);
612 if (r >= 0) {
613 x = strappenda("_CAP_EFFECTIVE=", t);
614 free(t);
968f3196 615 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4
ZJS		 616 }
617
0a20e3c1 618#ifdef HAVE_AUDIT
d025f1e4 619 r = audit_session_from_pid(ucred->pid, &audit);
ae018d9b 620 if (r >= 0) {
de0671ee 621 sprintf(audit_session, "_AUDIT_SESSION=%"PRIu32, audit);
ae018d9b
LP		 622 IOVEC_SET_STRING(iovec[n++], audit_session);
623 }
d025f1e4
ZJS		 624
625 r = audit_loginuid_from_pid(ucred->pid, &loginuid);
7027ff61 626 if (r >= 0) {
de0671ee 627 sprintf(audit_loginuid, "_AUDIT_LOGINUID="UID_FMT, loginuid);
ae018d9b 628 IOVEC_SET_STRING(iovec[n++], audit_loginuid);
d025f1e4 629 }
ae018d9b 630#endif
d025f1e4 631
e9174f29 632 r = cg_pid_get_path_shifted(ucred->pid, s->cgroup_root, &c);
7027ff61 633 if (r >= 0) {
968f3196
ZJS		 634 char *session = NULL;
635
636 x = strappenda("_SYSTEMD_CGROUP=", c);
637 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4 638
ae018d9b
LP		 639 r = cg_path_get_session(c, &t);
640 if (r >= 0) {
641 session = strappenda("_SYSTEMD_SESSION=", t);
642 free(t);
d025f1e4 643 IOVEC_SET_STRING(iovec[n++], session);
ae018d9b
LP		 644 }
645
646 if (cg_path_get_owner_uid(c, &owner) >= 0) {
647 owner_valid = true;
d025f1e4 648
de0671ee 649 sprintf(owner_uid, "_SYSTEMD_OWNER_UID="UID_FMT, owner);
d025f1e4 650 IOVEC_SET_STRING(iovec[n++], owner_uid);
ae018d9b 651 }
d025f1e4 652
ae018d9b 653 if (cg_path_get_unit(c, &t) >= 0) {
968f3196 654 x = strappenda("_SYSTEMD_UNIT=", t);
ae018d9b 655 free(t);
19cace37
LP		 656 IOVEC_SET_STRING(iovec[n++], x);
657 } else if (unit_id && !session) {
658 x = strappenda("_SYSTEMD_UNIT=", unit_id);
659 IOVEC_SET_STRING(iovec[n++], x);
660 }
661
662 if (cg_path_get_user_unit(c, &t) >= 0) {
968f3196 663 x = strappenda("_SYSTEMD_USER_UNIT=", t);
ae018d9b 664 free(t);
968f3196 665 IOVEC_SET_STRING(iovec[n++], x);
19cace37
LP		 666 } else if (unit_id && session) {
667 x = strappenda("_SYSTEMD_USER_UNIT=", unit_id);
668 IOVEC_SET_STRING(iovec[n++], x);
669 }
ae018d9b 670
0a244b8e
LP		 671 if (cg_path_get_slice(c, &t) >= 0) {
672 x = strappenda("_SYSTEMD_SLICE=", t);
673 free(t);
674 IOVEC_SET_STRING(iovec[n++], x);
675 }
676
ae018d9b 677 free(c);
2d43b190
DM		 678 } else if (unit_id) {
679 x = strappenda("_SYSTEMD_UNIT=", unit_id);
680 IOVEC_SET_STRING(iovec[n++], x);
ef1673d1 681 }
d025f1e4 682
d025f1e4 683#ifdef HAVE_SELINUX
6baa7db0 684 if (mac_selinux_use()) {
d682b3a7 685 if (label) {
f8294e41 686 x = alloca(strlen("_SELINUX_CONTEXT=") + label_len + 1);
ae018d9b 687
d682b3a7
LP		 688 *((char*) mempcpy(stpcpy(x, "_SELINUX_CONTEXT="), label, label_len)) = 0;
689 IOVEC_SET_STRING(iovec[n++], x);
690 } else {
691 security_context_t con;
d025f1e4 692
d682b3a7
LP		 693 if (getpidcon(ucred->pid, &con) >= 0) {
694 x = strappenda("_SELINUX_CONTEXT=", con);
e7ff4e7f 695
d682b3a7
LP		 696 freecon(con);
697 IOVEC_SET_STRING(iovec[n++], x);
698 }
d025f1e4
ZJS		 699 }
700 }
701#endif
702 }
968f3196
ZJS		 703 assert(n <= m);
704
705 if (object_pid) {
706 r = get_process_uid(object_pid, &object_uid);
707 if (r >= 0) {
de0671ee 708 sprintf(o_uid, "OBJECT_UID="UID_FMT, object_uid);
968f3196
ZJS		 709 IOVEC_SET_STRING(iovec[n++], o_uid);
710 }
711
712 r = get_process_gid(object_pid, &object_gid);
713 if (r >= 0) {
de0671ee 714 sprintf(o_gid, "OBJECT_GID="GID_FMT, object_gid);
968f3196
ZJS		 715 IOVEC_SET_STRING(iovec[n++], o_gid);
716 }
717
718 r = get_process_comm(object_pid, &t);
719 if (r >= 0) {
720 x = strappenda("OBJECT_COMM=", t);
721 free(t);
722 IOVEC_SET_STRING(iovec[n++], x);
723 }
724
725 r = get_process_exe(object_pid, &t);
726 if (r >= 0) {
727 x = strappenda("OBJECT_EXE=", t);
728 free(t);
729 IOVEC_SET_STRING(iovec[n++], x);
730 }
731
732 r = get_process_cmdline(object_pid, 0, false, &t);
733 if (r >= 0) {
734 x = strappenda("OBJECT_CMDLINE=", t);
735 free(t);
736 IOVEC_SET_STRING(iovec[n++], x);
737 }
738
739#ifdef HAVE_AUDIT
740 r = audit_session_from_pid(object_pid, &audit);
741 if (r >= 0) {
de0671ee 742 sprintf(o_audit_session, "OBJECT_AUDIT_SESSION=%"PRIu32, audit);
968f3196
ZJS		 743 IOVEC_SET_STRING(iovec[n++], o_audit_session);
744 }
745
746 r = audit_loginuid_from_pid(object_pid, &loginuid);
747 if (r >= 0) {
de0671ee 748 sprintf(o_audit_loginuid, "OBJECT_AUDIT_LOGINUID="UID_FMT, loginuid);
968f3196
ZJS		 749 IOVEC_SET_STRING(iovec[n++], o_audit_loginuid);
750 }
751#endif
752
e9174f29 753 r = cg_pid_get_path_shifted(object_pid, s->cgroup_root, &c);
968f3196
ZJS		 754 if (r >= 0) {
755 x = strappenda("OBJECT_SYSTEMD_CGROUP=", c);
756 IOVEC_SET_STRING(iovec[n++], x);
757
758 r = cg_path_get_session(c, &t);
759 if (r >= 0) {
760 x = strappenda("OBJECT_SYSTEMD_SESSION=", t);
761 free(t);
762 IOVEC_SET_STRING(iovec[n++], x);
763 }
764
765 if (cg_path_get_owner_uid(c, &owner) >= 0) {
de0671ee 766 sprintf(o_owner_uid, "OBJECT_SYSTEMD_OWNER_UID="UID_FMT, owner);
968f3196
ZJS		 767 IOVEC_SET_STRING(iovec[n++], o_owner_uid);
768 }
769
770 if (cg_path_get_unit(c, &t) >= 0) {
771 x = strappenda("OBJECT_SYSTEMD_UNIT=", t);
772 free(t);
19cace37
LP		 773 IOVEC_SET_STRING(iovec[n++], x);
774 }
775
776 if (cg_path_get_user_unit(c, &t) >= 0) {
968f3196
ZJS		 777 x = strappenda("OBJECT_SYSTEMD_USER_UNIT=", t);
778 free(t);
968f3196 779 IOVEC_SET_STRING(iovec[n++], x);
19cace37 780 }
968f3196
ZJS		 781
782 free(c);
783 }
784 }
785 assert(n <= m);
d025f1e4
ZJS		 786
787 if (tv) {
ae018d9b 788 sprintf(source_time, "_SOURCE_REALTIME_TIMESTAMP=%llu", (unsigned long long) timeval_load(tv));
a5693989 789 IOVEC_SET_STRING(iovec[n++], source_time);
d025f1e4
ZJS		 790 }
791
792 /* Note that strictly speaking storing the boot id here is
793 * redundant since the entry includes this in-line
794 * anyway. However, we need this indexed, too. */
0c24bb23
LP		 795 if (!isempty(s->boot_id_field))
796 IOVEC_SET_STRING(iovec[n++], s->boot_id_field);
d025f1e4 797
0c24bb23
LP		 798 if (!isempty(s->machine_id_field))
799 IOVEC_SET_STRING(iovec[n++], s->machine_id_field);
d025f1e4 800
0c24bb23
LP		 801 if (!isempty(s->hostname_field))
802 IOVEC_SET_STRING(iovec[n++], s->hostname_field);
d025f1e4
ZJS		 803
804 assert(n <= m);
805
da499392 806 if (s->split_mode == SPLIT_UID && realuid > 0)
40adcda8 807 /* Split up strictly by any UID */
759c945a 808 journal_uid = realuid;
82499507 809 else if (s->split_mode == SPLIT_LOGIN && realuid > 0 && owner_valid && owner > 0)
edc3797f
LP		 810 /* Split up by login UIDs. We do this only if the
811 * realuid is not root, in order not to accidentally
812 * leak privileged information to the user that is
813 * logged by a privileged process that is part of an
814 * unprivileged session.*/
8a0889df 815 journal_uid = owner;
da499392
KS		 816 else
817 journal_uid = 0;
759c945a 818
d07f7b9e 819 write_to_journal(s, journal_uid, iovec, n, priority);
d025f1e4
ZJS		 820}
821
822void server_driver_message(Server *s, sd_id128_t message_id, const char *format, ...) {
823 char mid[11 + 32 + 1];
824 char buffer[16 + LINE_MAX + 1];
825 struct iovec iovec[N_IOVEC_META_FIELDS + 4];
826 int n = 0;
827 va_list ap;
b92bea5d 828 struct ucred ucred = {};
d025f1e4
ZJS		 829
830 assert(s);
831 assert(format);
832
833 IOVEC_SET_STRING(iovec[n++], "PRIORITY=6");
834 IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=driver");
835
836 memcpy(buffer, "MESSAGE=", 8);
837 va_start(ap, format);
838 vsnprintf(buffer + 8, sizeof(buffer) - 8, format, ap);
839 va_end(ap);
840 char_array_0(buffer);
841 IOVEC_SET_STRING(iovec[n++], buffer);
842
843 if (!sd_id128_equal(message_id, SD_ID128_NULL)) {
e2cc6eca 844 snprintf(mid, sizeof(mid), LOG_MESSAGE_ID(message_id));
d025f1e4
ZJS		 845 char_array_0(mid);
846 IOVEC_SET_STRING(iovec[n++], mid);
847 }
848
d025f1e4
ZJS		 849 ucred.pid = getpid();
850 ucred.uid = getuid();
851 ucred.gid = getgid();
852
d07f7b9e 853 dispatch_message_real(s, iovec, n, ELEMENTSOF(iovec), &ucred, NULL, NULL, 0, NULL, LOG_INFO, 0);
d025f1e4
ZJS		 854}
855
856void server_dispatch_message(
857 Server *s,
858 struct iovec *iovec, unsigned n, unsigned m,
3b3154df
LP		 859 const struct ucred *ucred,
860 const struct timeval *tv,
d025f1e4
ZJS		 861 const char *label, size_t label_len,
862 const char *unit_id,
968f3196
ZJS		 863 int priority,
864 pid_t object_pid) {
d025f1e4 865
7027ff61 866 int rl, r;
7fd1b19b 867 _cleanup_free_ char *path = NULL;
db91ea32 868 char *c;
d025f1e4
ZJS		 869
870 assert(s);
871 assert(iovec || n == 0);
872
873 if (n == 0)
874 return;
875
876 if (LOG_PRI(priority) > s->max_level_store)
877 return;
878
2f5df74a
HHPF		 879 /* Stop early in case the information will not be stored
880 * in a journal. */
881 if (s->storage == STORAGE_NONE)
882 return;
883
d025f1e4
ZJS		 884 if (!ucred)
885 goto finish;
886
e9174f29 887 r = cg_pid_get_path_shifted(ucred->pid, s->cgroup_root, &path);
7027ff61 888 if (r < 0)
d025f1e4
ZJS		 889 goto finish;
890
891 /* example: /user/lennart/3/foobar
892 * /system/dbus.service/foobar
893 *
894 * So let's cut of everything past the third /, since that is
895 * where user directories start */
896
897 c = strchr(path, '/');
898 if (c) {
899 c = strchr(c+1, '/');
900 if (c) {
901 c = strchr(c+1, '/');
902 if (c)
903 *c = 0;
904 }
905 }
906
db91ea32 907 rl = journal_rate_limit_test(s->rate_limit, path,
670b110c 908 priority & LOG_PRIMASK, available_space(s, false));
d025f1e4 909
db91ea32 910 if (rl == 0)
d025f1e4 911 return;
d025f1e4
ZJS		 912
913 /* Write a suppression message if we suppressed something */
914 if (rl > 1)
db91ea32
ZJS		 915 server_driver_message(s, SD_MESSAGE_JOURNAL_DROPPED,
916 "Suppressed %u messages from %s", rl - 1, path);
d025f1e4
ZJS		 917
918finish:
d07f7b9e 919 dispatch_message_real(s, iovec, n, m, ucred, tv, label, label_len, unit_id, priority, object_pid);
d025f1e4
ZJS		 920}
921
922
caa2f4c0 923static int system_journal_open(Server *s, bool flush_requested) {
d025f1e4
ZJS		 924 int r;
925 char *fn;
926 sd_id128_t machine;
927 char ids[33];
928
929 r = sd_id128_get_machine(&machine);
23bbb0de
MS		 930 if (r < 0)
931 return log_error_errno(r, "Failed to get machine id: %m");
d025f1e4
ZJS		 932
933 sd_id128_to_string(machine, ids);
934
935 if (!s->system_journal &&
936 (s->storage == STORAGE_PERSISTENT || s->storage == STORAGE_AUTO) &&
caa2f4c0
ZJS		 937 (flush_requested
938 || access("/run/systemd/journal/flushed", F_OK) >= 0)) {
d025f1e4
ZJS		 939
940 /* If in auto mode: first try to create the machine
941 * path, but not the prefix.
942 *
943 * If in persistent mode: create /var/log/journal and
944 * the machine path */
945
946 if (s->storage == STORAGE_PERSISTENT)
947 (void) mkdir("/var/log/journal/", 0755);
948
e40ec7ae 949 fn = strappenda("/var/log/journal/", ids);
d025f1e4 950 (void) mkdir(fn, 0755);
d025f1e4 951
e40ec7ae 952 fn = strappenda(fn, "/system.journal");
d025f1e4 953 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &s->system_journal);
d025f1e4 954
670b110c 955 if (r >= 0)
d025f1e4 956 server_fix_perms(s, s->system_journal, 0);
433dd100
LN		 957 else if (r < 0) {
958 if (r != -ENOENT && r != -EROFS)
da927ba9 959 log_warning_errno(r, "Failed to open system journal: %m");
e40ec7ae 960
433dd100
LN		 961 r = 0;
962 }
d025f1e4
ZJS		 963 }
964
965 if (!s->runtime_journal &&
966 (s->storage != STORAGE_NONE)) {
967
968 fn = strjoin("/run/log/journal/", ids, "/system.journal", NULL);
969 if (!fn)
970 return -ENOMEM;
971
972 if (s->system_journal) {
973
974 /* Try to open the runtime journal, but only
975 * if it already exists, so that we can flush
976 * it into the system journal */
977
978 r = journal_file_open(fn, O_RDWR, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
979 free(fn);
980
981 if (r < 0) {
982 if (r != -ENOENT)
da927ba9 983 log_warning_errno(r, "Failed to open runtime journal: %m");
d025f1e4
ZJS		 984
985 r = 0;
986 }
987
988 } else {
989
990 /* OK, we really need the runtime journal, so create
991 * it if necessary. */
992
fc1d70af
LP		 993 (void) mkdir("/run/log", 0755);
994 (void) mkdir("/run/log/journal", 0755);
995 (void) mkdir_parents(fn, 0750);
996
d025f1e4
ZJS		 997 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
998 free(fn);
999
23bbb0de
MS		 1000 if (r < 0)
1001 return log_error_errno(r, "Failed to open runtime journal: %m");
d025f1e4
ZJS		 1002 }
1003
670b110c 1004 if (s->runtime_journal)
d025f1e4 1005 server_fix_perms(s, s->runtime_journal, 0);
d025f1e4
ZJS		 1006 }
1007
670b110c
ZJS		 1008 available_space(s, true);
1009
d025f1e4
ZJS		 1010 return r;
1011}
1012
1013int server_flush_to_var(Server *s) {
d025f1e4
ZJS		 1014 sd_id128_t machine;
1015 sd_journal *j = NULL;
fbb63411
LP		 1016 char ts[FORMAT_TIMESPAN_MAX];
1017 usec_t start;
1018 unsigned n = 0;
1019 int r;
d025f1e4
ZJS		 1020
1021 assert(s);
1022
1023 if (s->storage != STORAGE_AUTO &&
1024 s->storage != STORAGE_PERSISTENT)
1025 return 0;
1026
1027 if (!s->runtime_journal)
1028 return 0;
1029
caa2f4c0 1030 system_journal_open(s, true);
d025f1e4
ZJS		 1031
1032 if (!s->system_journal)
1033 return 0;
1034
1035 log_debug("Flushing to /var...");
1036
fbb63411
LP		 1037 start = now(CLOCK_MONOTONIC);
1038
d025f1e4 1039 r = sd_id128_get_machine(&machine);
00a16861 1040 if (r < 0)
d025f1e4 1041 return r;
d025f1e4
ZJS		 1042
1043 r = sd_journal_open(&j, SD_JOURNAL_RUNTIME_ONLY);
23bbb0de
MS		 1044 if (r < 0)
1045 return log_error_errno(r, "Failed to read runtime journal: %m");
d025f1e4 1046
93b73b06
LP		 1047 sd_journal_set_data_threshold(j, 0);
1048
d025f1e4
ZJS		 1049 SD_JOURNAL_FOREACH(j) {
1050 Object *o = NULL;
1051 JournalFile *f;
1052
1053 f = j->current_file;
1054 assert(f && f->current_offset > 0);
1055
fbb63411
LP		 1056 n++;
1057
d025f1e4
ZJS		 1058 r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
1059 if (r < 0) {
da927ba9 1060 log_error_errno(r, "Can't read entry: %m");
d025f1e4
ZJS		 1061 goto finish;
1062 }
1063
1064 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
1065 if (r >= 0)
1066 continue;
1067
1068 if (!shall_try_append_again(s->system_journal, r)) {
da927ba9 1069 log_error_errno(r, "Can't write entry: %m");
d025f1e4
ZJS		 1070 goto finish;
1071 }
1072
1073 server_rotate(s);
1074 server_vacuum(s);
1075
253f59df
LP		 1076 if (!s->system_journal) {
1077 log_notice("Didn't flush runtime journal since rotation of system journal wasn't successful.");
1078 r = -EIO;
1079 goto finish;
1080 }
1081
d025f1e4
ZJS		 1082 log_debug("Retrying write.");
1083 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
1084 if (r < 0) {
da927ba9 1085 log_error_errno(r, "Can't write entry: %m");
d025f1e4
ZJS		 1086 goto finish;
1087 }
1088 }
1089
1090finish:
1091 journal_file_post_change(s->system_journal);
1092
1093 journal_file_close(s->runtime_journal);
1094 s->runtime_journal = NULL;
1095
1096 if (r >= 0)
1097 rm_rf("/run/log/journal", false, true, false);
1098
763c7aa2 1099 sd_journal_close(j);
d025f1e4 1100
fbb63411
LP		 1101 server_driver_message(s, SD_ID128_NULL, "Time spent on flushing to /var is %s for %u entries.", format_timespan(ts, sizeof(ts), now(CLOCK_MONOTONIC) - start, 0), n);
1102
d025f1e4
ZJS		 1103 return r;
1104}
1105
f9a810be
LP		 1106int process_datagram(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
1107 Server *s = userdata;
1108
d025f1e4 1109 assert(s);
875c2e22 1110 assert(fd == s->native_fd || fd == s->syslog_fd || fd == s->audit_fd);
f9a810be
LP		 1111
1112 if (revents != EPOLLIN) {
1113 log_error("Got invalid event from epoll for datagram fd: %"PRIx32, revents);
1114 return -EIO;
1115 }
1116
1117 for (;;) {
1118 struct ucred *ucred = NULL;
1119 struct timeval *tv = NULL;
1120 struct cmsghdr *cmsg;
1121 char *label = NULL;
1122 size_t label_len = 0;
1123 struct iovec iovec;
1124
1125 union {
1126 struct cmsghdr cmsghdr;
1127
bdd13f6b
ZJS		 1128 /* We use NAME_MAX space for the SELinux label
1129 * here. The kernel currently enforces no
1130 * limit, but according to suggestions from
1131 * the SELinux people this will change and it
1132 * will probably be identical to NAME_MAX. For
1133 * now we use that, but this should be updated
1134 * one day when the final limit is known.*/
f9a810be
LP		 1135 uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
1136 CMSG_SPACE(sizeof(struct timeval)) +
1137 CMSG_SPACE(sizeof(int)) + /* fd */
1138 CMSG_SPACE(NAME_MAX)]; /* selinux label */
1139 } control = {};
875c2e22 1140 union sockaddr_union sa = {};
f9a810be
LP		 1141 struct msghdr msghdr = {
1142 .msg_iov = &iovec,
1143 .msg_iovlen = 1,
1144 .msg_control = &control,
1145 .msg_controllen = sizeof(control),
875c2e22
LP		 1146 .msg_name = &sa,
1147 .msg_namelen = sizeof(sa),
f9a810be 1148 };
d025f1e4 1149
d025f1e4 1150 ssize_t n;
f9a810be
LP		 1151 int *fds = NULL;
1152 unsigned n_fds = 0;
875c2e22
LP		 1153 int v = 0;
1154 size_t m;
d025f1e4 1155
875c2e22
LP		 1156 /* Try to get the right size, if we can. (Not all
1157 * sockets support SIOCINQ, hence we just try, but
1158 * don't rely on it. */
1159 (void) ioctl(fd, SIOCINQ, &v);
1160
1161 /* Fix it up, if it is too small. We use the same fixed value as auditd here. Awful!*/
1162 m = PAGE_ALIGN(MAX3((size_t) v + 1,
1163 (size_t) LINE_MAX,
1164 ALIGN(sizeof(struct nlmsghdr)) + ALIGN((size_t) MAX_AUDIT_MESSAGE_LENGTH)) + 1);
d025f1e4 1165
875c2e22 1166 if (!GREEDY_REALLOC(s->buffer, s->buffer_size, m))
f9a810be 1167 return log_oom();
d025f1e4 1168
f9a810be 1169 iovec.iov_base = s->buffer;
875c2e22 1170 iovec.iov_len = s->buffer_size - 1; /* Leave room for trailing NUL we add later */
d025f1e4 1171
f9a810be
LP		 1172 n = recvmsg(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
1173 if (n < 0) {
d025f1e4 1174 if (errno == EINTR || errno == EAGAIN)
f9a810be 1175 return 0;
d025f1e4 1176
56f64d95 1177 log_error_errno(errno, "recvmsg() failed: %m");
d025f1e4
ZJS		 1178 return -errno;
1179 }
1180
f9a810be
LP		 1181 for (cmsg = CMSG_FIRSTHDR(&msghdr); cmsg; cmsg = CMSG_NXTHDR(&msghdr, cmsg)) {
1182
1183 if (cmsg->cmsg_level == SOL_SOCKET &&
1184 cmsg->cmsg_type == SCM_CREDENTIALS &&
1185 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
1186 ucred = (struct ucred*) CMSG_DATA(cmsg);
1187 else if (cmsg->cmsg_level == SOL_SOCKET &&
1188 cmsg->cmsg_type == SCM_SECURITY) {
1189 label = (char*) CMSG_DATA(cmsg);
1190 label_len = cmsg->cmsg_len - CMSG_LEN(0);
1191 } else if (cmsg->cmsg_level == SOL_SOCKET &&
1192 cmsg->cmsg_type == SO_TIMESTAMP &&
1193 cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval)))
1194 tv = (struct timeval*) CMSG_DATA(cmsg);
1195 else if (cmsg->cmsg_level == SOL_SOCKET &&
1196 cmsg->cmsg_type == SCM_RIGHTS) {
1197 fds = (int*) CMSG_DATA(cmsg);
1198 n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
1199 }
d025f1e4
ZJS		 1200 }
1201
875c2e22
LP		 1202 /* And a trailing NUL, just in case */
1203 s->buffer[n] = 0;
1204
f9a810be 1205 if (fd == s->syslog_fd) {
875c2e22 1206 if (n > 0 && n_fds == 0)
f9a810be 1207 server_process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len);
875c2e22 1208 else if (n_fds > 0)
f9a810be 1209 log_warning("Got file descriptors via syslog socket. Ignoring.");
d025f1e4 1210
875c2e22 1211 } else if (fd == s->native_fd) {
f9a810be
LP		 1212 if (n > 0 && n_fds == 0)
1213 server_process_native_message(s, s->buffer, n, ucred, tv, label, label_len);
1214 else if (n == 0 && n_fds == 1)
1215 server_process_native_file(s, fds[0], ucred, tv, label, label_len);
1216 else if (n_fds > 0)
1217 log_warning("Got too many file descriptors via native socket. Ignoring.");
875c2e22
LP		 1218
1219 } else {
1220 assert(fd == s->audit_fd);
1221
1222 if (n > 0 && n_fds == 0)
0b97208d 1223 server_process_audit_message(s, s->buffer, n, ucred, &sa, msghdr.msg_namelen);
875c2e22
LP		 1224 else if (n_fds > 0)
1225 log_warning("Got file descriptors via audit socket. Ignoring.");
d025f1e4
ZJS		 1226 }
1227
f9a810be
LP		 1228 close_many(fds, n_fds);
1229 }
f9a810be 1230}
d025f1e4 1231
f9a810be
LP		 1232static int dispatch_sigusr1(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1233 Server *s = userdata;
d025f1e4 1234
f9a810be 1235 assert(s);
d025f1e4 1236
f9a810be 1237 log_info("Received request to flush runtime journal from PID %"PRIu32, si->ssi_pid);
d025f1e4 1238
f9a810be
LP		 1239 server_flush_to_var(s);
1240 server_sync(s);
3bfd4e0c 1241 server_vacuum(s);
d025f1e4 1242
74055aa7
LP		 1243 touch("/run/systemd/journal/flushed");
1244
f9a810be
LP		 1245 return 0;
1246}
d025f1e4 1247
f9a810be
LP		 1248static int dispatch_sigusr2(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1249 Server *s = userdata;
d025f1e4 1250
f9a810be 1251 assert(s);
d025f1e4 1252
f9a810be
LP		 1253 log_info("Received request to rotate journal from PID %"PRIu32, si->ssi_pid);
1254 server_rotate(s);
1255 server_vacuum(s);
d025f1e4 1256
f9a810be
LP		 1257 return 0;
1258}
d025f1e4 1259
f9a810be
LP		 1260static int dispatch_sigterm(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1261 Server *s = userdata;
d025f1e4 1262
f9a810be 1263 assert(s);
d025f1e4 1264
4daf54a8 1265 log_received_signal(LOG_INFO, si);
d025f1e4 1266
6203e07a 1267 sd_event_exit(s->event, 0);
d025f1e4
ZJS		 1268 return 0;
1269}
1270
f9a810be 1271static int setup_signals(Server *s) {
d025f1e4 1272 sigset_t mask;
f9a810be 1273 int r;
d025f1e4
ZJS		 1274
1275 assert(s);
1276
1277 assert_se(sigemptyset(&mask) == 0);
1278 sigset_add_many(&mask, SIGINT, SIGTERM, SIGUSR1, SIGUSR2, -1);
1279 assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);
1280
151b9b96 1281 r = sd_event_add_signal(s->event, &s->sigusr1_event_source, SIGUSR1, dispatch_sigusr1, s);
f9a810be
LP		 1282 if (r < 0)
1283 return r;
1284
151b9b96 1285 r = sd_event_add_signal(s->event, &s->sigusr2_event_source, SIGUSR2, dispatch_sigusr2, s);
f9a810be
LP		 1286 if (r < 0)
1287 return r;
d025f1e4 1288
151b9b96 1289 r = sd_event_add_signal(s->event, &s->sigterm_event_source, SIGTERM, dispatch_sigterm, s);
f9a810be
LP		 1290 if (r < 0)
1291 return r;
d025f1e4 1292
151b9b96 1293 r = sd_event_add_signal(s->event, &s->sigint_event_source, SIGINT, dispatch_sigterm, s);
f9a810be
LP		 1294 if (r < 0)
1295 return r;
d025f1e4
ZJS		 1296
1297 return 0;
1298}
1299
1300static int server_parse_proc_cmdline(Server *s) {
7fd1b19b 1301 _cleanup_free_ char *line = NULL;
a2a5291b 1302 const char *w, *state;
d025f1e4 1303 size_t l;
74df0fca 1304 int r;
d025f1e4 1305
74df0fca 1306 r = proc_cmdline(&line);
b5884878 1307 if (r < 0) {
da927ba9 1308 log_warning_errno(r, "Failed to read /proc/cmdline, ignoring: %m");
d025f1e4 1309 return 0;
b5884878 1310 }
d025f1e4
ZJS		 1311
1312 FOREACH_WORD_QUOTED(w, l, line, state) {
7fd1b19b 1313 _cleanup_free_ char *word;
d025f1e4
ZJS		 1314
1315 word = strndup(w, l);
db91ea32
ZJS		 1316 if (!word)
1317 return -ENOMEM;
d025f1e4
ZJS		 1318
1319 if (startswith(word, "systemd.journald.forward_to_syslog=")) {
1320 r = parse_boolean(word + 35);
1321 if (r < 0)
1322 log_warning("Failed to parse forward to syslog switch %s. Ignoring.", word + 35);
1323 else
1324 s->forward_to_syslog = r;
1325 } else if (startswith(word, "systemd.journald.forward_to_kmsg=")) {
1326 r = parse_boolean(word + 33);
1327 if (r < 0)
1328 log_warning("Failed to parse forward to kmsg switch %s. Ignoring.", word + 33);
1329 else
1330 s->forward_to_kmsg = r;
1331 } else if (startswith(word, "systemd.journald.forward_to_console=")) {
1332 r = parse_boolean(word + 36);
1333 if (r < 0)
1334 log_warning("Failed to parse forward to console switch %s. Ignoring.", word + 36);
1335 else
1336 s->forward_to_console = r;
40b71e89
ST		 1337 } else if (startswith(word, "systemd.journald.forward_to_wall=")) {
1338 r = parse_boolean(word + 33);
1339 if (r < 0)
1340 log_warning("Failed to parse forward to wall switch %s. Ignoring.", word + 33);
1341 else
1342 s->forward_to_wall = r;
d025f1e4
ZJS		 1343 } else if (startswith(word, "systemd.journald"))
1344 log_warning("Invalid systemd.journald parameter. Ignoring.");
d025f1e4 1345 }
b2fadec6 1346 /* do not warn about state here, since probably systemd already did */
d025f1e4 1347
db91ea32 1348 return 0;
d025f1e4
ZJS		 1349}
1350
1351static int server_parse_config_file(Server *s) {
d025f1e4
ZJS		 1352 assert(s);
1353
36f822c4
ZJS		 1354 return config_parse(NULL, "/etc/systemd/journald.conf", NULL,
1355 "Journal\0",
1356 config_item_perf_lookup, journald_gperf_lookup,
1357 false, false, true, s);
d025f1e4
ZJS		 1358}
1359
f9a810be
LP		 1360static int server_dispatch_sync(sd_event_source *es, usec_t t, void *userdata) {
1361 Server *s = userdata;
26687bf8
OS		 1362
1363 assert(s);
1364
f9a810be 1365 server_sync(s);
26687bf8
OS		 1366 return 0;
1367}
1368
d07f7b9e 1369int server_schedule_sync(Server *s, int priority) {
26687bf8
OS		 1370 int r;
1371
26687bf8
OS		 1372 assert(s);
1373
d07f7b9e
LP		 1374 if (priority <= LOG_CRIT) {
1375 /* Immediately sync to disk when this is of priority CRIT, ALERT, EMERG */
1376 server_sync(s);
1377 return 0;
1378 }
1379
26687bf8
OS		 1380 if (s->sync_scheduled)
1381 return 0;
1382
f9a810be
LP		 1383 if (s->sync_interval_usec > 0) {
1384 usec_t when;
ca267016 1385
6a0f1f6d 1386 r = sd_event_now(s->event, CLOCK_MONOTONIC, &when);
f9a810be
LP		 1387 if (r < 0)
1388 return r;
26687bf8 1389
f9a810be
LP		 1390 when += s->sync_interval_usec;
1391
1392 if (!s->sync_event_source) {
6a0f1f6d
LP		 1393 r = sd_event_add_time(
1394 s->event,
1395 &s->sync_event_source,
1396 CLOCK_MONOTONIC,
1397 when, 0,
1398 server_dispatch_sync, s);
f9a810be
LP		 1399 if (r < 0)
1400 return r;
1401
1402 r = sd_event_source_set_priority(s->sync_event_source, SD_EVENT_PRIORITY_IMPORTANT);
1403 } else {
1404 r = sd_event_source_set_time(s->sync_event_source, when);
1405 if (r < 0)
1406 return r;
1407
1408 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_ONESHOT);
1409 }
26687bf8 1410 if (r < 0)
f9a810be 1411 return r;
26687bf8 1412
f9a810be
LP		 1413 s->sync_scheduled = true;
1414 }
26687bf8
OS		 1415
1416 return 0;
1417}
1418
0c24bb23
LP		 1419static int dispatch_hostname_change(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
1420 Server *s = userdata;
1421
1422 assert(s);
1423
1424 server_cache_hostname(s);
1425 return 0;
1426}
1427
1428static int server_open_hostname(Server *s) {
1429 int r;
1430
1431 assert(s);
1432
1433 s->hostname_fd = open("/proc/sys/kernel/hostname", O_RDONLY|O_CLOEXEC|O_NDELAY|O_NOCTTY);
1434 if (s->hostname_fd < 0) {
56f64d95 1435 log_error_errno(errno, "Failed to open /proc/sys/kernel/hostname: %m");
0c24bb23
LP		 1436 return -errno;
1437 }
1438
151b9b96 1439 r = sd_event_add_io(s->event, &s->hostname_event_source, s->hostname_fd, 0, dispatch_hostname_change, s);
0c24bb23 1440 if (r < 0) {
28def94c
DR		 1441 /* kernels prior to 3.2 don't support polling this file. Ignore
1442 * the failure. */
1443 if (r == -EPERM) {
1444 log_warning("Failed to register hostname fd in event loop: %s. Ignoring.",
1445 strerror(-r));
03e334a1 1446 s->hostname_fd = safe_close(s->hostname_fd);
28def94c
DR		 1447 return 0;
1448 }
1449
23bbb0de 1450 return log_error_errno(r, "Failed to register hostname fd in event loop: %m");
0c24bb23
LP		 1451 }
1452
1453 r = sd_event_source_set_priority(s->hostname_event_source, SD_EVENT_PRIORITY_IMPORTANT-10);
23bbb0de
MS		 1454 if (r < 0)
1455 return log_error_errno(r, "Failed to adjust priority of host name event source: %m");
0c24bb23
LP		 1456
1457 return 0;
1458}
1459
d025f1e4
ZJS		 1460int server_init(Server *s) {
1461 int n, r, fd;
1462
1463 assert(s);
1464
1465 zero(*s);
875c2e22 1466 s->syslog_fd = s->native_fd = s->stdout_fd = s->dev_kmsg_fd = s->audit_fd = s->hostname_fd = -1;
d025f1e4
ZJS		 1467 s->compress = true;
1468 s->seal = true;
1469
26687bf8
OS		 1470 s->sync_interval_usec = DEFAULT_SYNC_INTERVAL_USEC;
1471 s->sync_scheduled = false;
1472
d025f1e4
ZJS		 1473 s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL;
1474 s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST;
1475
40b71e89 1476 s->forward_to_wall = true;
d025f1e4 1477
e150e820
MB		 1478 s->max_file_usec = DEFAULT_MAX_FILE_USEC;
1479
d025f1e4
ZJS		 1480 s->max_level_store = LOG_DEBUG;
1481 s->max_level_syslog = LOG_DEBUG;
1482 s->max_level_kmsg = LOG_NOTICE;
1483 s->max_level_console = LOG_INFO;
40b71e89 1484 s->max_level_wall = LOG_EMERG;
d025f1e4
ZJS		 1485
1486 memset(&s->system_metrics, 0xFF, sizeof(s->system_metrics));
1487 memset(&s->runtime_metrics, 0xFF, sizeof(s->runtime_metrics));
1488
1489 server_parse_config_file(s);
1490 server_parse_proc_cmdline(s);
d288f79f 1491 if (!!s->rate_limit_interval ^ !!s->rate_limit_burst) {
b1389b0d
ZJS		 1492 log_debug("Setting both rate limit interval and burst from "USEC_FMT",%u to 0,0",
1493 s->rate_limit_interval, s->rate_limit_burst);
d288f79f
ZJS		 1494 s->rate_limit_interval = s->rate_limit_burst = 0;
1495 }
d025f1e4
ZJS		 1496
1497 mkdir_p("/run/systemd/journal", 0755);
1498
43cf8388 1499 s->user_journals = ordered_hashmap_new(NULL);
d025f1e4
ZJS		 1500 if (!s->user_journals)
1501 return log_oom();
1502
1503 s->mmap = mmap_cache_new();
1504 if (!s->mmap)
1505 return log_oom();
1506
f9a810be 1507 r = sd_event_default(&s->event);
23bbb0de
MS		 1508 if (r < 0)
1509 return log_error_errno(r, "Failed to create event loop: %m");
d025f1e4 1510
f9a810be
LP		 1511 sd_event_set_watchdog(s->event, true);
1512
d025f1e4 1513 n = sd_listen_fds(true);
23bbb0de
MS		 1514 if (n < 0)
1515 return log_error_errno(n, "Failed to read listening file descriptors from environment: %m");
d025f1e4
ZJS		 1516
1517 for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
1518
1519 if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/socket", 0) > 0) {
1520
1521 if (s->native_fd >= 0) {
1522 log_error("Too many native sockets passed.");
1523 return -EINVAL;
1524 }
1525
1526 s->native_fd = fd;
1527
1528 } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, "/run/systemd/journal/stdout", 0) > 0) {
1529
1530 if (s->stdout_fd >= 0) {
1531 log_error("Too many stdout sockets passed.");
1532 return -EINVAL;
1533 }
1534
1535 s->stdout_fd = fd;
1536
03ee5c38
LP		 1537 } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0 ||
1538 sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/dev-log", 0) > 0) {
d025f1e4
ZJS		 1539
1540 if (s->syslog_fd >= 0) {
1541 log_error("Too many /dev/log sockets passed.");
1542 return -EINVAL;
1543 }
1544
1545 s->syslog_fd = fd;
1546
875c2e22
LP		 1547 } else if (sd_is_socket(fd, AF_NETLINK, SOCK_RAW, -1) > 0) {
1548
1549 if (s->audit_fd >= 0) {
1550 log_error("Too many audit sockets passed.");
1551 return -EINVAL;
1552 }
1553
1554 s->audit_fd = fd;
1555
3d823013
ZJS		 1556 } else
1557 log_error("Unknown socket passed as file descriptor %d, ignoring.", fd);
d025f1e4
ZJS		 1558 }
1559
1560 r = server_open_syslog_socket(s);
1561 if (r < 0)
1562 return r;
1563
1564 r = server_open_native_socket(s);
1565 if (r < 0)
1566 return r;
1567
1568 r = server_open_stdout_socket(s);
1569 if (r < 0)
1570 return r;
1571
1572 r = server_open_dev_kmsg(s);
1573 if (r < 0)
1574 return r;
1575
875c2e22
LP		 1576 r = server_open_audit(s);
1577 if (r < 0)
1578 return r;
1579
d025f1e4
ZJS		 1580 r = server_open_kernel_seqnum(s);
1581 if (r < 0)
1582 return r;
1583
0c24bb23
LP		 1584 r = server_open_hostname(s);
1585 if (r < 0)
1586 return r;
1587
f9a810be 1588 r = setup_signals(s);
d025f1e4
ZJS		 1589 if (r < 0)
1590 return r;
1591
1592 s->udev = udev_new();
1593 if (!s->udev)
1594 return -ENOMEM;
1595
f9a810be 1596 s->rate_limit = journal_rate_limit_new(s->rate_limit_interval, s->rate_limit_burst);
d025f1e4
ZJS		 1597 if (!s->rate_limit)
1598 return -ENOMEM;
1599
e9174f29
LP		 1600 r = cg_get_root_path(&s->cgroup_root);
1601 if (r < 0)
1602 return r;
1603
0c24bb23
LP		 1604 server_cache_hostname(s);
1605 server_cache_boot_id(s);
1606 server_cache_machine_id(s);
1607
caa2f4c0 1608 r = system_journal_open(s, false);
d025f1e4
ZJS		 1609 if (r < 0)
1610 return r;
1611
1612 return 0;
1613}
1614
1615void server_maybe_append_tags(Server *s) {
1616#ifdef HAVE_GCRYPT
1617 JournalFile *f;
1618 Iterator i;
1619 usec_t n;
1620
1621 n = now(CLOCK_REALTIME);
1622
1623 if (s->system_journal)
1624 journal_file_maybe_append_tag(s->system_journal, n);
1625
43cf8388 1626 ORDERED_HASHMAP_FOREACH(f, s->user_journals, i)
d025f1e4
ZJS		 1627 journal_file_maybe_append_tag(f, n);
1628#endif
1629}
1630
1631void server_done(Server *s) {
1632 JournalFile *f;
1633 assert(s);
1634
1635 while (s->stdout_streams)
1636 stdout_stream_free(s->stdout_streams);
1637
1638 if (s->system_journal)
1639 journal_file_close(s->system_journal);
1640
1641 if (s->runtime_journal)
1642 journal_file_close(s->runtime_journal);
1643
43cf8388 1644 while ((f = ordered_hashmap_steal_first(s->user_journals)))
d025f1e4
ZJS		 1645 journal_file_close(f);
1646
43cf8388 1647 ordered_hashmap_free(s->user_journals);
d025f1e4 1648
f9a810be
LP		 1649 sd_event_source_unref(s->syslog_event_source);
1650 sd_event_source_unref(s->native_event_source);
1651 sd_event_source_unref(s->stdout_event_source);
1652 sd_event_source_unref(s->dev_kmsg_event_source);
875c2e22 1653 sd_event_source_unref(s->audit_event_source);
f9a810be
LP		 1654 sd_event_source_unref(s->sync_event_source);
1655 sd_event_source_unref(s->sigusr1_event_source);
1656 sd_event_source_unref(s->sigusr2_event_source);
1657 sd_event_source_unref(s->sigterm_event_source);
1658 sd_event_source_unref(s->sigint_event_source);
0c24bb23 1659 sd_event_source_unref(s->hostname_event_source);
f9a810be 1660 sd_event_unref(s->event);
d025f1e4 1661
03e334a1
LP		 1662 safe_close(s->syslog_fd);
1663 safe_close(s->native_fd);
1664 safe_close(s->stdout_fd);
1665 safe_close(s->dev_kmsg_fd);
875c2e22 1666 safe_close(s->audit_fd);
03e334a1 1667 safe_close(s->hostname_fd);
0c24bb23 1668
d025f1e4
ZJS		 1669 if (s->rate_limit)
1670 journal_rate_limit_free(s->rate_limit);
1671
1672 if (s->kernel_seqnum)
1673 munmap(s->kernel_seqnum, sizeof(uint64_t));
1674
1675 free(s->buffer);
1676 free(s->tty_path);
e9174f29 1677 free(s->cgroup_root);
99d0966e 1678 free(s->hostname_field);
d025f1e4
ZJS		 1679
1680 if (s->mmap)
1681 mmap_cache_unref(s->mmap);
1682
1683 if (s->udev)
1684 udev_unref(s->udev);
1685}
Unnamed repository; edit this file 'description' to name the repository.