]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/journal/journald-server.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
cgroup: always validate cgroup controller names
[thirdparty/systemd.git] / src / journal / journald-server.c
CommitLineData
d025f1e4
ZJS		 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3/***
4 This file is part of systemd.
5
6 Copyright 2011 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
22#include <sys/signalfd.h>
23#include <sys/ioctl.h>
24#include <linux/sockios.h>
25#include <sys/statvfs.h>
26#include <sys/mman.h>
26687bf8 27#include <sys/timerfd.h>
d025f1e4
ZJS		 28
29#include <libudev.h>
30#include <systemd/sd-journal.h>
31#include <systemd/sd-messages.h>
32#include <systemd/sd-daemon.h>
33
a5c32cff 34#include "fileio.h"
d025f1e4
ZJS		 35#include "mkdir.h"
36#include "hashmap.h"
37#include "journal-file.h"
38#include "socket-util.h"
39#include "cgroup-util.h"
40#include "list.h"
41#include "virt.h"
42#include "missing.h"
43#include "conf-parser.h"
44#include "journal-internal.h"
45#include "journal-vacuum.h"
46#include "journal-authenticate.h"
47#include "journald-server.h"
48#include "journald-rate-limit.h"
49#include "journald-kmsg.h"
50#include "journald-syslog.h"
51#include "journald-stream.h"
52#include "journald-console.h"
53#include "journald-native.h"
54
55#ifdef HAVE_ACL
56#include <sys/acl.h>
57#include <acl/libacl.h>
58#include "acl-util.h"
59#endif
60
61#ifdef HAVE_SELINUX
62#include <selinux/selinux.h>
63#endif
64
65#define USER_JOURNALS_MAX 1024
66
26687bf8 67#define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
d025f1e4
ZJS		 68#define DEFAULT_RATE_LIMIT_INTERVAL (10*USEC_PER_SEC)
69#define DEFAULT_RATE_LIMIT_BURST 200
70
71#define RECHECK_AVAILABLE_SPACE_USEC (30*USEC_PER_SEC)
72
73static const char* const storage_table[] = {
74 [STORAGE_AUTO] = "auto",
75 [STORAGE_VOLATILE] = "volatile",
76 [STORAGE_PERSISTENT] = "persistent",
77 [STORAGE_NONE] = "none"
78};
79
80DEFINE_STRING_TABLE_LOOKUP(storage, Storage);
81DEFINE_CONFIG_PARSE_ENUM(config_parse_storage, storage, Storage, "Failed to parse storage setting");
82
83static const char* const split_mode_table[] = {
84 [SPLIT_NONE] = "none",
85 [SPLIT_UID] = "uid",
86 [SPLIT_LOGIN] = "login"
87};
88
89DEFINE_STRING_TABLE_LOOKUP(split_mode, SplitMode);
90DEFINE_CONFIG_PARSE_ENUM(config_parse_split_mode, split_mode, SplitMode, "Failed to parse split mode setting");
91
92static uint64_t available_space(Server *s) {
db91ea32 93 char ids[33];
7fd1b19b 94 _cleanup_free_ char *p = NULL;
d025f1e4
ZJS		 95 const char *f;
96 sd_id128_t machine;
97 struct statvfs ss;
98 uint64_t sum = 0, avail = 0, ss_avail = 0;
99 int r;
7fd1b19b 100 _cleanup_closedir_ DIR *d = NULL;
d025f1e4
ZJS		 101 usec_t ts;
102 JournalMetrics *m;
103
104 ts = now(CLOCK_MONOTONIC);
105
106 if (s->cached_available_space_timestamp + RECHECK_AVAILABLE_SPACE_USEC > ts)
107 return s->cached_available_space;
108
109 r = sd_id128_get_machine(&machine);
110 if (r < 0)
111 return 0;
112
113 if (s->system_journal) {
114 f = "/var/log/journal/";
115 m = &s->system_metrics;
116 } else {
117 f = "/run/log/journal/";
118 m = &s->runtime_metrics;
119 }
120
121 assert(m);
122
123 p = strappend(f, sd_id128_to_string(machine, ids));
124 if (!p)
125 return 0;
126
127 d = opendir(p);
d025f1e4
ZJS		 128 if (!d)
129 return 0;
130
131 if (fstatvfs(dirfd(d), &ss) < 0)
db91ea32 132 return 0;
d025f1e4
ZJS		 133
134 for (;;) {
135 struct stat st;
136 struct dirent *de;
137 union dirent_storage buf;
138
139 r = readdir_r(d, &buf.de, &de);
140 if (r != 0)
141 break;
142
143 if (!de)
144 break;
145
146 if (!endswith(de->d_name, ".journal") &&
147 !endswith(de->d_name, ".journal~"))
148 continue;
149
150 if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0)
151 continue;
152
153 if (!S_ISREG(st.st_mode))
154 continue;
155
156 sum += (uint64_t) st.st_blocks * 512UL;
157 }
158
159 avail = sum >= m->max_use ? 0 : m->max_use - sum;
160
161 ss_avail = ss.f_bsize * ss.f_bavail;
162
163 ss_avail = ss_avail < m->keep_free ? 0 : ss_avail - m->keep_free;
164
165 if (ss_avail < avail)
166 avail = ss_avail;
167
168 s->cached_available_space = avail;
169 s->cached_available_space_timestamp = ts;
170
d025f1e4
ZJS		 171 return avail;
172}
173
174static void server_read_file_gid(Server *s) {
a24c64f0 175 const char *g = "systemd-journal";
d025f1e4
ZJS		 176 int r;
177
178 assert(s);
179
180 if (s->file_gid_valid)
181 return;
182
a24c64f0 183 r = get_group_creds(&g, &s->file_gid);
d025f1e4 184 if (r < 0)
a24c64f0 185 log_warning("Failed to resolve '%s' group: %s", g, strerror(-r));
d025f1e4
ZJS		 186
187 /* if we couldn't read the gid, then it will be 0, but that's
188 * fine and we shouldn't try to resolve the group again, so
189 * let's just pretend it worked right-away. */
190 s->file_gid_valid = true;
191}
192
193void server_fix_perms(Server *s, JournalFile *f, uid_t uid) {
194 int r;
195#ifdef HAVE_ACL
196 acl_t acl;
197 acl_entry_t entry;
198 acl_permset_t permset;
199#endif
200
201 assert(f);
202
203 server_read_file_gid(s);
204
205 r = fchmod_and_fchown(f->fd, 0640, 0, s->file_gid);
206 if (r < 0)
207 log_warning("Failed to fix access mode/rights on %s, ignoring: %s", f->path, strerror(-r));
208
209#ifdef HAVE_ACL
210 if (uid <= 0)
211 return;
212
213 acl = acl_get_fd(f->fd);
214 if (!acl) {
215 log_warning("Failed to read ACL on %s, ignoring: %m", f->path);
216 return;
217 }
218
219 r = acl_find_uid(acl, uid, &entry);
220 if (r <= 0) {
221
222 if (acl_create_entry(&acl, &entry) < 0 ||
223 acl_set_tag_type(entry, ACL_USER) < 0 ||
224 acl_set_qualifier(entry, &uid) < 0) {
225 log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
226 goto finish;
227 }
228 }
229
230 if (acl_get_permset(entry, &permset) < 0 ||
231 acl_add_perm(permset, ACL_READ) < 0 ||
232 acl_calc_mask(&acl) < 0) {
233 log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
234 goto finish;
235 }
236
237 if (acl_set_fd(f->fd, acl) < 0)
238 log_warning("Failed to set ACL on %s, ignoring: %m", f->path);
239
240finish:
241 acl_free(acl);
242#endif
243}
244
245static JournalFile* find_journal(Server *s, uid_t uid) {
246 char *p;
247 int r;
248 JournalFile *f;
249 sd_id128_t machine;
250
251 assert(s);
252
253 /* We split up user logs only on /var, not on /run. If the
254 * runtime file is open, we write to it exclusively, in order
255 * to guarantee proper order as soon as we flush /run to
256 * /var and close the runtime file. */
257
258 if (s->runtime_journal)
259 return s->runtime_journal;
260
261 if (uid <= 0)
262 return s->system_journal;
263
264 r = sd_id128_get_machine(&machine);
265 if (r < 0)
266 return s->system_journal;
267
268 f = hashmap_get(s->user_journals, UINT32_TO_PTR(uid));
269 if (f)
270 return f;
271
272 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/user-%lu.journal",
273 SD_ID128_FORMAT_VAL(machine), (unsigned long) uid) < 0)
274 return s->system_journal;
275
276 while (hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
277 /* Too many open? Then let's close one */
278 f = hashmap_steal_first(s->user_journals);
279 assert(f);
280 journal_file_close(f);
281 }
282
283 r = journal_file_open_reliably(p, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, s->system_journal, &f);
284 free(p);
285
286 if (r < 0)
287 return s->system_journal;
288
289 server_fix_perms(s, f, uid);
290
291 r = hashmap_put(s->user_journals, UINT32_TO_PTR(uid), f);
292 if (r < 0) {
293 journal_file_close(f);
294 return s->system_journal;
295 }
296
297 return f;
298}
299
300void server_rotate(Server *s) {
301 JournalFile *f;
302 void *k;
303 Iterator i;
304 int r;
305
306 log_debug("Rotating...");
307
308 if (s->runtime_journal) {
309 r = journal_file_rotate(&s->runtime_journal, s->compress, false);
310 if (r < 0)
311 if (s->runtime_journal)
312 log_error("Failed to rotate %s: %s", s->runtime_journal->path, strerror(-r));
313 else
314 log_error("Failed to create new runtime journal: %s", strerror(-r));
315 else
316 server_fix_perms(s, s->runtime_journal, 0);
317 }
318
319 if (s->system_journal) {
320 r = journal_file_rotate(&s->system_journal, s->compress, s->seal);
321 if (r < 0)
322 if (s->system_journal)
323 log_error("Failed to rotate %s: %s", s->system_journal->path, strerror(-r));
324 else
325 log_error("Failed to create new system journal: %s", strerror(-r));
326
327 else
328 server_fix_perms(s, s->system_journal, 0);
329 }
330
331 HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
332 r = journal_file_rotate(&f, s->compress, s->seal);
333 if (r < 0)
7d73c134 334 if (f)
d025f1e4
ZJS		 335 log_error("Failed to rotate %s: %s", f->path, strerror(-r));
336 else
337 log_error("Failed to create user journal: %s", strerror(-r));
338 else {
339 hashmap_replace(s->user_journals, k, f);
340 server_fix_perms(s, f, PTR_TO_UINT32(k));
341 }
342 }
343}
344
26687bf8
OS		 345void server_sync(Server *s) {
346 JournalFile *f;
347 void *k;
348 Iterator i;
349 int r;
350
351 static const struct itimerspec sync_timer_disable = {};
352
353 if (s->system_journal) {
354 r = journal_file_set_offline(s->system_journal);
355 if (r < 0)
356 log_error("Failed to sync system journal: %s", strerror(-r));
357 }
358
359 HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
360 r = journal_file_set_offline(f);
361 if (r < 0)
362 log_error("Failed to sync user journal: %s", strerror(-r));
363 }
364
365 r = timerfd_settime(s->sync_timer_fd, 0, &sync_timer_disable, NULL);
366 if (r < 0)
367 log_error("Failed to disable max timer: %m");
368
369 s->sync_scheduled = false;
370}
371
d025f1e4
ZJS		 372void server_vacuum(Server *s) {
373 char *p;
374 char ids[33];
375 sd_id128_t machine;
376 int r;
377
378 log_debug("Vacuuming...");
379
380 s->oldest_file_usec = 0;
381
382 r = sd_id128_get_machine(&machine);
383 if (r < 0) {
384 log_error("Failed to get machine ID: %s", strerror(-r));
385 return;
386 }
387
388 sd_id128_to_string(machine, ids);
389
390 if (s->system_journal) {
391 p = strappend("/var/log/journal/", ids);
392 if (!p) {
393 log_oom();
394 return;
395 }
396
397 r = journal_directory_vacuum(p, s->system_metrics.max_use, s->system_metrics.keep_free, s->max_retention_usec, &s->oldest_file_usec);
398 if (r < 0 && r != -ENOENT)
399 log_error("Failed to vacuum %s: %s", p, strerror(-r));
400 free(p);
401 }
402
403 if (s->runtime_journal) {
404 p = strappend("/run/log/journal/", ids);
405 if (!p) {
406 log_oom();
407 return;
408 }
409
410 r = journal_directory_vacuum(p, s->runtime_metrics.max_use, s->runtime_metrics.keep_free, s->max_retention_usec, &s->oldest_file_usec);
411 if (r < 0 && r != -ENOENT)
412 log_error("Failed to vacuum %s: %s", p, strerror(-r));
413 free(p);
414 }
415
416 s->cached_available_space_timestamp = 0;
417}
418
d025f1e4
ZJS		 419bool shall_try_append_again(JournalFile *f, int r) {
420
421 /* -E2BIG Hit configured limit
422 -EFBIG Hit fs limit
423 -EDQUOT Quota limit hit
424 -ENOSPC Disk full
425 -EHOSTDOWN Other machine
426 -EBUSY Unclean shutdown
427 -EPROTONOSUPPORT Unsupported feature
428 -EBADMSG Corrupted
429 -ENODATA Truncated
430 -ESHUTDOWN Already archived */
431
432 if (r == -E2BIG || r == -EFBIG || r == -EDQUOT || r == -ENOSPC)
433 log_debug("%s: Allocation limit reached, rotating.", f->path);
434 else if (r == -EHOSTDOWN)
435 log_info("%s: Journal file from other machine, rotating.", f->path);
436 else if (r == -EBUSY)
437 log_info("%s: Unclean shutdown, rotating.", f->path);
438 else if (r == -EPROTONOSUPPORT)
439 log_info("%s: Unsupported feature, rotating.", f->path);
440 else if (r == -EBADMSG || r == -ENODATA || r == ESHUTDOWN)
441 log_warning("%s: Journal file corrupted, rotating.", f->path);
442 else
443 return false;
444
445 return true;
446}
447
448static void write_to_journal(Server *s, uid_t uid, struct iovec *iovec, unsigned n) {
449 JournalFile *f;
450 bool vacuumed = false;
451 int r;
452
453 assert(s);
454 assert(iovec);
455 assert(n > 0);
456
457 f = find_journal(s, uid);
458 if (!f)
459 return;
460
461 if (journal_file_rotate_suggested(f, s->max_file_usec)) {
462 log_debug("%s: Journal header limits reached or header out-of-date, rotating.", f->path);
463 server_rotate(s);
464 server_vacuum(s);
465 vacuumed = true;
466
467 f = find_journal(s, uid);
468 if (!f)
469 return;
470 }
471
472 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
26687bf8
OS		 473 if (r >= 0) {
474 server_schedule_sync(s);
d025f1e4 475 return;
26687bf8 476 }
d025f1e4
ZJS		 477
478 if (vacuumed || !shall_try_append_again(f, r)) {
479 log_error("Failed to write entry, ignoring: %s", strerror(-r));
480 return;
481 }
482
483 server_rotate(s);
484 server_vacuum(s);
485
486 f = find_journal(s, uid);
487 if (!f)
488 return;
489
490 log_debug("Retrying write.");
491 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
492 if (r < 0)
493 log_error("Failed to write entry, ignoring: %s", strerror(-r));
494}
495
496static void dispatch_message_real(
497 Server *s,
498 struct iovec *iovec, unsigned n, unsigned m,
499 struct ucred *ucred,
500 struct timeval *tv,
501 const char *label, size_t label_len,
502 const char *unit_id) {
503
ae018d9b
LP		 504 char pid[sizeof("_PID=") + DECIMAL_STR_MAX(pid_t)],
505 uid[sizeof("_UID=") + DECIMAL_STR_MAX(uid_t)],
506 gid[sizeof("_GID=") + DECIMAL_STR_MAX(gid_t)],
507 owner_uid[sizeof("_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)],
d3789917 508 source_time[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)],
adb435bb
LP		 509 boot_id[sizeof("_BOOT_ID=") + 32] = "_BOOT_ID=",
510 machine_id[sizeof("_MACHINE_ID=") + 32] = "_MACHINE_ID=";
ae018d9b 511 char *comm, *exe, *cmdline, *cgroup, *session, *unit, *selinux_context, *hostname;
d025f1e4
ZJS		 512 sd_id128_t id;
513 int r;
ae018d9b 514 char *t, *c;
82499507
LP		 515 uid_t realuid = 0, owner = 0, journal_uid;
516 bool owner_valid = false;
ae018d9b
LP		 517#ifdef HAVE_AUDIT
518 char audit_session[sizeof("_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
519 audit_loginuid[sizeof("_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)];
520
521 uint32_t audit;
522 uid_t loginuid;
523#endif
d025f1e4
ZJS		 524
525 assert(s);
526 assert(iovec);
527 assert(n > 0);
528 assert(n + N_IOVEC_META_FIELDS <= m);
529
530 if (ucred) {
d025f1e4
ZJS		 531 realuid = ucred->uid;
532
ae018d9b 533 sprintf(pid, "_PID=%lu", (unsigned long) ucred->pid);
c2457105 534 IOVEC_SET_STRING(iovec[n++], pid);
d025f1e4 535
ae018d9b 536 sprintf(uid, "_UID=%lu", (unsigned long) ucred->uid);
c2457105 537 IOVEC_SET_STRING(iovec[n++], uid);
d025f1e4 538
ae018d9b 539 sprintf(gid, "_GID=%lu", (unsigned long) ucred->gid);
c2457105 540 IOVEC_SET_STRING(iovec[n++], gid);
d025f1e4
ZJS		 541
542 r = get_process_comm(ucred->pid, &t);
543 if (r >= 0) {
ae018d9b 544 comm = strappenda("_COMM=", t);
d025f1e4 545 free(t);
ae018d9b 546 IOVEC_SET_STRING(iovec[n++], comm);
d025f1e4
ZJS		 547 }
548
549 r = get_process_exe(ucred->pid, &t);
550 if (r >= 0) {
ae018d9b 551 exe = strappenda("_EXE=", t);
d025f1e4 552 free(t);
ae018d9b 553 IOVEC_SET_STRING(iovec[n++], exe);
d025f1e4
ZJS		 554 }
555
9bdbc2e2 556 r = get_process_cmdline(ucred->pid, 0, false, &t);
d025f1e4 557 if (r >= 0) {
ae018d9b 558 cmdline = strappenda("_CMDLINE=", t);
d025f1e4 559 free(t);
ae018d9b 560 IOVEC_SET_STRING(iovec[n++], cmdline);
d025f1e4
ZJS		 561 }
562
0a20e3c1 563#ifdef HAVE_AUDIT
d025f1e4 564 r = audit_session_from_pid(ucred->pid, &audit);
ae018d9b
LP		 565 if (r >= 0) {
566 sprintf(audit_session, "_AUDIT_SESSION=%lu", (unsigned long) audit);
567 IOVEC_SET_STRING(iovec[n++], audit_session);
568 }
d025f1e4
ZJS		 569
570 r = audit_loginuid_from_pid(ucred->pid, &loginuid);
7027ff61 571 if (r >= 0) {
ae018d9b
LP		 572 sprintf(audit_loginuid, "_AUDIT_LOGINUID=%lu", (unsigned long) loginuid);
573 IOVEC_SET_STRING(iovec[n++], audit_loginuid);
d025f1e4 574 }
ae018d9b 575#endif
d025f1e4 576
ae018d9b 577 r = cg_pid_get_path_shifted(ucred->pid, NULL, &c);
7027ff61 578 if (r >= 0) {
ae018d9b
LP		 579 cgroup = strappenda("_SYSTEMD_CGROUP=", c);
580 IOVEC_SET_STRING(iovec[n++], cgroup);
d025f1e4 581
ae018d9b
LP		 582 r = cg_path_get_session(c, &t);
583 if (r >= 0) {
584 session = strappenda("_SYSTEMD_SESSION=", t);
585 free(t);
d025f1e4 586 IOVEC_SET_STRING(iovec[n++], session);
ae018d9b
LP		 587 }
588
589 if (cg_path_get_owner_uid(c, &owner) >= 0) {
590 owner_valid = true;
d025f1e4 591
ae018d9b 592 sprintf(owner_uid, "_SYSTEMD_OWNER_UID=%lu", (unsigned long) owner);
d025f1e4 593 IOVEC_SET_STRING(iovec[n++], owner_uid);
ae018d9b 594 }
d025f1e4 595
ae018d9b
LP		 596 if (cg_path_get_unit(c, &t) >= 0) {
597 unit = strappenda("_SYSTEMD_UNIT=", t);
598 free(t);
599 } else if (cg_path_get_user_unit(c, &t) >= 0) {
600 unit = strappenda("_SYSTEMD_USER_UNIT=", t);
601 free(t);
602 } else if (unit_id) {
603 if (session)
604 unit = strappenda("_SYSTEMD_USER_UNIT=", unit_id);
605 else
606 unit = strappenda("_SYSTEMD_UNIT=", unit_id);
607 } else
608 unit = NULL;
609
610 if (unit)
611 IOVEC_SET_STRING(iovec[n++], unit);
612
613 free(c);
ef1673d1 614 }
d025f1e4 615
d025f1e4
ZJS		 616#ifdef HAVE_SELINUX
617 if (label) {
ae018d9b
LP		 618 selinux_context = alloca(sizeof("_SELINUX_CONTEXT=") + label_len);
619
620 *((char*) mempcpy(stpcpy(selinux_context, "_SELINUX_CONTEXT="), label, label_len)) = 0;
621 IOVEC_SET_STRING(iovec[n++], selinux_context);
d025f1e4
ZJS		 622 } else {
623 security_context_t con;
624
625 if (getpidcon(ucred->pid, &con) >= 0) {
ae018d9b 626 selinux_context = strappenda("_SELINUX_CONTEXT=", con);
d025f1e4 627 freecon(con);
ae018d9b 628 IOVEC_SET_STRING(iovec[n++], selinux_context);
d025f1e4
ZJS		 629 }
630 }
631#endif
632 }
633
634 if (tv) {
ae018d9b 635 sprintf(source_time, "_SOURCE_REALTIME_TIMESTAMP=%llu", (unsigned long long) timeval_load(tv));
a5693989 636 IOVEC_SET_STRING(iovec[n++], source_time);
d025f1e4
ZJS		 637 }
638
639 /* Note that strictly speaking storing the boot id here is
640 * redundant since the entry includes this in-line
641 * anyway. However, we need this indexed, too. */
642 r = sd_id128_get_boot(&id);
adb435bb
LP		 643 if (r >= 0) {
644 sd_id128_to_string(id, boot_id + sizeof("_BOOT_ID=") - 1);
645 IOVEC_SET_STRING(iovec[n++], boot_id);
646 }
d025f1e4
ZJS		 647
648 r = sd_id128_get_machine(&id);
adb435bb 649 if (r >= 0) {
d3789917 650 sd_id128_to_string(id, machine_id + sizeof("_MACHINE_ID=") - 1);
adb435bb
LP		 651 IOVEC_SET_STRING(iovec[n++], machine_id);
652 }
d025f1e4
ZJS		 653
654 t = gethostname_malloc();
655 if (t) {
ae018d9b 656 hostname = strappenda("_HOSTNAME=", t);
d025f1e4 657 free(t);
ae018d9b 658 IOVEC_SET_STRING(iovec[n++], hostname);
d025f1e4
ZJS		 659 }
660
661 assert(n <= m);
662
da499392 663 if (s->split_mode == SPLIT_UID && realuid > 0)
40adcda8 664 /* Split up strictly by any UID */
759c945a 665 journal_uid = realuid;
82499507 666 else if (s->split_mode == SPLIT_LOGIN && realuid > 0 && owner_valid && owner > 0)
40adcda8
LP		 667 /* Split up by login UIDs, this avoids creation of
668 * individual journals for system UIDs. We do this
669 * only if the realuid is not root, in order not to
82499507
LP		 670 * accidentally leak privileged information to the
671 * user that is logged by a privileged process that is
672 * part of an unprivileged session.*/
8a0889df 673 journal_uid = owner;
da499392
KS		 674 else
675 journal_uid = 0;
759c945a
CW		 676
677 write_to_journal(s, journal_uid, iovec, n);
d025f1e4
ZJS		 678}
679
680void server_driver_message(Server *s, sd_id128_t message_id, const char *format, ...) {
681 char mid[11 + 32 + 1];
682 char buffer[16 + LINE_MAX + 1];
683 struct iovec iovec[N_IOVEC_META_FIELDS + 4];
684 int n = 0;
685 va_list ap;
b92bea5d 686 struct ucred ucred = {};
d025f1e4
ZJS		 687
688 assert(s);
689 assert(format);
690
691 IOVEC_SET_STRING(iovec[n++], "PRIORITY=6");
692 IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=driver");
693
694 memcpy(buffer, "MESSAGE=", 8);
695 va_start(ap, format);
696 vsnprintf(buffer + 8, sizeof(buffer) - 8, format, ap);
697 va_end(ap);
698 char_array_0(buffer);
699 IOVEC_SET_STRING(iovec[n++], buffer);
700
701 if (!sd_id128_equal(message_id, SD_ID128_NULL)) {
702 snprintf(mid, sizeof(mid), MESSAGE_ID(message_id));
703 char_array_0(mid);
704 IOVEC_SET_STRING(iovec[n++], mid);
705 }
706
d025f1e4
ZJS		 707 ucred.pid = getpid();
708 ucred.uid = getuid();
709 ucred.gid = getgid();
710
711 dispatch_message_real(s, iovec, n, ELEMENTSOF(iovec), &ucred, NULL, NULL, 0, NULL);
712}
713
714void server_dispatch_message(
715 Server *s,
716 struct iovec *iovec, unsigned n, unsigned m,
717 struct ucred *ucred,
718 struct timeval *tv,
719 const char *label, size_t label_len,
720 const char *unit_id,
721 int priority) {
722
7027ff61 723 int rl, r;
7fd1b19b 724 _cleanup_free_ char *path = NULL;
db91ea32 725 char *c;
d025f1e4
ZJS		 726
727 assert(s);
728 assert(iovec || n == 0);
729
730 if (n == 0)
731 return;
732
733 if (LOG_PRI(priority) > s->max_level_store)
734 return;
735
736 if (!ucred)
737 goto finish;
738
7027ff61
LP		 739 r = cg_pid_get_path_shifted(ucred->pid, NULL, &path);
740 if (r < 0)
d025f1e4
ZJS		 741 goto finish;
742
743 /* example: /user/lennart/3/foobar
744 * /system/dbus.service/foobar
745 *
746 * So let's cut of everything past the third /, since that is
747 * where user directories start */
748
749 c = strchr(path, '/');
750 if (c) {
751 c = strchr(c+1, '/');
752 if (c) {
753 c = strchr(c+1, '/');
754 if (c)
755 *c = 0;
756 }
757 }
758
db91ea32
ZJS		 759 rl = journal_rate_limit_test(s->rate_limit, path,
760 priority & LOG_PRIMASK, available_space(s));
d025f1e4 761
db91ea32 762 if (rl == 0)
d025f1e4 763 return;
d025f1e4
ZJS		 764
765 /* Write a suppression message if we suppressed something */
766 if (rl > 1)
db91ea32
ZJS		 767 server_driver_message(s, SD_MESSAGE_JOURNAL_DROPPED,
768 "Suppressed %u messages from %s", rl - 1, path);
d025f1e4
ZJS		 769
770finish:
771 dispatch_message_real(s, iovec, n, m, ucred, tv, label, label_len, unit_id);
772}
773
774
775static int system_journal_open(Server *s) {
776 int r;
777 char *fn;
778 sd_id128_t machine;
779 char ids[33];
780
781 r = sd_id128_get_machine(&machine);
782 if (r < 0)
783 return r;
784
785 sd_id128_to_string(machine, ids);
786
787 if (!s->system_journal &&
788 (s->storage == STORAGE_PERSISTENT || s->storage == STORAGE_AUTO) &&
789 access("/run/systemd/journal/flushed", F_OK) >= 0) {
790
791 /* If in auto mode: first try to create the machine
792 * path, but not the prefix.
793 *
794 * If in persistent mode: create /var/log/journal and
795 * the machine path */
796
797 if (s->storage == STORAGE_PERSISTENT)
798 (void) mkdir("/var/log/journal/", 0755);
799
800 fn = strappend("/var/log/journal/", ids);
801 if (!fn)
802 return -ENOMEM;
803
804 (void) mkdir(fn, 0755);
805 free(fn);
806
807 fn = strjoin("/var/log/journal/", ids, "/system.journal", NULL);
808 if (!fn)
809 return -ENOMEM;
810
811 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &s->system_journal);
812 free(fn);
813
814 if (r >= 0) {
815 char fb[FORMAT_BYTES_MAX];
816
817 server_fix_perms(s, s->system_journal, 0);
818 server_driver_message(s, SD_ID128_NULL, "Allowing system journal files to grow to %s.",
819 format_bytes(fb, sizeof(fb), s->system_metrics.max_use));
820
821 } else if (r < 0) {
822
823 if (r != -ENOENT && r != -EROFS)
824 log_warning("Failed to open system journal: %s", strerror(-r));
825
826 r = 0;
827 }
828 }
829
830 if (!s->runtime_journal &&
831 (s->storage != STORAGE_NONE)) {
832
833 fn = strjoin("/run/log/journal/", ids, "/system.journal", NULL);
834 if (!fn)
835 return -ENOMEM;
836
837 if (s->system_journal) {
838
839 /* Try to open the runtime journal, but only
840 * if it already exists, so that we can flush
841 * it into the system journal */
842
843 r = journal_file_open(fn, O_RDWR, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
844 free(fn);
845
846 if (r < 0) {
847 if (r != -ENOENT)
848 log_warning("Failed to open runtime journal: %s", strerror(-r));
849
850 r = 0;
851 }
852
853 } else {
854
855 /* OK, we really need the runtime journal, so create
856 * it if necessary. */
857
858 (void) mkdir_parents(fn, 0755);
859 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
860 free(fn);
861
862 if (r < 0) {
863 log_error("Failed to open runtime journal: %s", strerror(-r));
864 return r;
865 }
866 }
867
868 if (s->runtime_journal) {
869 char fb[FORMAT_BYTES_MAX];
870
871 server_fix_perms(s, s->runtime_journal, 0);
872 server_driver_message(s, SD_ID128_NULL, "Allowing runtime journal files to grow to %s.",
873 format_bytes(fb, sizeof(fb), s->runtime_metrics.max_use));
874 }
875 }
876
877 return r;
878}
879
880int server_flush_to_var(Server *s) {
881 int r;
882 sd_id128_t machine;
883 sd_journal *j = NULL;
884
885 assert(s);
886
887 if (s->storage != STORAGE_AUTO &&
888 s->storage != STORAGE_PERSISTENT)
889 return 0;
890
891 if (!s->runtime_journal)
892 return 0;
893
894 system_journal_open(s);
895
896 if (!s->system_journal)
897 return 0;
898
899 log_debug("Flushing to /var...");
900
901 r = sd_id128_get_machine(&machine);
902 if (r < 0) {
903 log_error("Failed to get machine id: %s", strerror(-r));
904 return r;
905 }
906
907 r = sd_journal_open(&j, SD_JOURNAL_RUNTIME_ONLY);
908 if (r < 0) {
909 log_error("Failed to read runtime journal: %s", strerror(-r));
910 return r;
911 }
912
93b73b06
LP		 913 sd_journal_set_data_threshold(j, 0);
914
d025f1e4
ZJS		 915 SD_JOURNAL_FOREACH(j) {
916 Object *o = NULL;
917 JournalFile *f;
918
919 f = j->current_file;
920 assert(f && f->current_offset > 0);
921
922 r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
923 if (r < 0) {
924 log_error("Can't read entry: %s", strerror(-r));
925 goto finish;
926 }
927
928 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
929 if (r >= 0)
930 continue;
931
932 if (!shall_try_append_again(s->system_journal, r)) {
933 log_error("Can't write entry: %s", strerror(-r));
934 goto finish;
935 }
936
937 server_rotate(s);
938 server_vacuum(s);
939
940 log_debug("Retrying write.");
941 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
942 if (r < 0) {
943 log_error("Can't write entry: %s", strerror(-r));
944 goto finish;
945 }
946 }
947
948finish:
949 journal_file_post_change(s->system_journal);
950
951 journal_file_close(s->runtime_journal);
952 s->runtime_journal = NULL;
953
954 if (r >= 0)
955 rm_rf("/run/log/journal", false, true, false);
956
763c7aa2 957 sd_journal_close(j);
d025f1e4
ZJS		 958
959 return r;
960}
961
962int process_event(Server *s, struct epoll_event *ev) {
963 assert(s);
964 assert(ev);
965
966 if (ev->data.fd == s->signal_fd) {
967 struct signalfd_siginfo sfsi;
968 ssize_t n;
969
970 if (ev->events != EPOLLIN) {
971 log_error("Got invalid event from epoll.");
972 return -EIO;
973 }
974
975 n = read(s->signal_fd, &sfsi, sizeof(sfsi));
976 if (n != sizeof(sfsi)) {
977
978 if (n >= 0)
979 return -EIO;
980
981 if (errno == EINTR || errno == EAGAIN)
982 return 1;
983
984 return -errno;
985 }
986
d025f1e4
ZJS		 987 if (sfsi.ssi_signo == SIGUSR1) {
988 touch("/run/systemd/journal/flushed");
989 server_flush_to_var(s);
26687bf8 990 server_sync(s);
d025f1e4
ZJS		 991 return 1;
992 }
993
994 if (sfsi.ssi_signo == SIGUSR2) {
995 server_rotate(s);
996 server_vacuum(s);
997 return 1;
998 }
999
26687bf8
OS		 1000 log_info("Received SIG%s", signal_to_string(sfsi.ssi_signo));
1001
d025f1e4
ZJS		 1002 return 0;
1003
26687bf8
OS		 1004 } else if (ev->data.fd == s->sync_timer_fd) {
1005 int r;
1006 uint64_t t;
1007
1008 log_debug("Got sync request from epoll.");
1009
1010 r = read(ev->data.fd, (void *)&t, sizeof(t));
1011 if (r < 0)
1012 return 0;
1013
1014 server_sync(s);
1015 return 1;
1016
d025f1e4
ZJS		 1017 } else if (ev->data.fd == s->dev_kmsg_fd) {
1018 int r;
1019
1020 if (ev->events != EPOLLIN) {
1021 log_error("Got invalid event from epoll.");
1022 return -EIO;
1023 }
1024
1025 r = server_read_dev_kmsg(s);
1026 if (r < 0)
1027 return r;
1028
1029 return 1;
1030
1031 } else if (ev->data.fd == s->native_fd ||
1032 ev->data.fd == s->syslog_fd) {
1033
1034 if (ev->events != EPOLLIN) {
1035 log_error("Got invalid event from epoll.");
1036 return -EIO;
1037 }
1038
1039 for (;;) {
1040 struct msghdr msghdr;
1041 struct iovec iovec;
1042 struct ucred *ucred = NULL;
1043 struct timeval *tv = NULL;
1044 struct cmsghdr *cmsg;
1045 char *label = NULL;
1046 size_t label_len = 0;
1047 union {
1048 struct cmsghdr cmsghdr;
1049
1050 /* We use NAME_MAX space for the
1051 * SELinux label here. The kernel
1052 * currently enforces no limit, but
1053 * according to suggestions from the
1054 * SELinux people this will change and
1055 * it will probably be identical to
1056 * NAME_MAX. For now we use that, but
1057 * this should be updated one day when
1058 * the final limit is known.*/
1059 uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
1060 CMSG_SPACE(sizeof(struct timeval)) +
1061 CMSG_SPACE(sizeof(int)) + /* fd */
1062 CMSG_SPACE(NAME_MAX)]; /* selinux label */
1063 } control;
1064 ssize_t n;
1065 int v;
1066 int *fds = NULL;
1067 unsigned n_fds = 0;
1068
1069 if (ioctl(ev->data.fd, SIOCINQ, &v) < 0) {
1070 log_error("SIOCINQ failed: %m");
1071 return -errno;
1072 }
1073
1074 if (s->buffer_size < (size_t) v) {
1075 void *b;
1076 size_t l;
1077
1078 l = MAX(LINE_MAX + (size_t) v, s->buffer_size * 2);
1079 b = realloc(s->buffer, l+1);
1080
1081 if (!b) {
1082 log_error("Couldn't increase buffer.");
1083 return -ENOMEM;
1084 }
1085
1086 s->buffer_size = l;
1087 s->buffer = b;
1088 }
1089
1090 zero(iovec);
1091 iovec.iov_base = s->buffer;
1092 iovec.iov_len = s->buffer_size;
1093
1094 zero(control);
1095 zero(msghdr);
1096 msghdr.msg_iov = &iovec;
1097 msghdr.msg_iovlen = 1;
1098 msghdr.msg_control = &control;
1099 msghdr.msg_controllen = sizeof(control);
1100
1101 n = recvmsg(ev->data.fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
1102 if (n < 0) {
1103
1104 if (errno == EINTR || errno == EAGAIN)
1105 return 1;
1106
1107 log_error("recvmsg() failed: %m");
1108 return -errno;
1109 }
1110
1111 for (cmsg = CMSG_FIRSTHDR(&msghdr); cmsg; cmsg = CMSG_NXTHDR(&msghdr, cmsg)) {
1112
1113 if (cmsg->cmsg_level == SOL_SOCKET &&
1114 cmsg->cmsg_type == SCM_CREDENTIALS &&
1115 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
1116 ucred = (struct ucred*) CMSG_DATA(cmsg);
1117 else if (cmsg->cmsg_level == SOL_SOCKET &&
1118 cmsg->cmsg_type == SCM_SECURITY) {
1119 label = (char*) CMSG_DATA(cmsg);
1120 label_len = cmsg->cmsg_len - CMSG_LEN(0);
1121 } else if (cmsg->cmsg_level == SOL_SOCKET &&
1122 cmsg->cmsg_type == SO_TIMESTAMP &&
1123 cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval)))
1124 tv = (struct timeval*) CMSG_DATA(cmsg);
1125 else if (cmsg->cmsg_level == SOL_SOCKET &&
1126 cmsg->cmsg_type == SCM_RIGHTS) {
1127 fds = (int*) CMSG_DATA(cmsg);
1128 n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
1129 }
1130 }
1131
1132 if (ev->data.fd == s->syslog_fd) {
1133 char *e;
1134
1135 if (n > 0 && n_fds == 0) {
1136 e = memchr(s->buffer, '\n', n);
1137 if (e)
1138 *e = 0;
1139 else
1140 s->buffer[n] = 0;
1141
1142 server_process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len);
1143 } else if (n_fds > 0)
1144 log_warning("Got file descriptors via syslog socket. Ignoring.");
1145
1146 } else {
1147 if (n > 0 && n_fds == 0)
1148 server_process_native_message(s, s->buffer, n, ucred, tv, label, label_len);
1149 else if (n == 0 && n_fds == 1)
1150 server_process_native_file(s, fds[0], ucred, tv, label, label_len);
1151 else if (n_fds > 0)
1152 log_warning("Got too many file descriptors via native socket. Ignoring.");
1153 }
1154
1155 close_many(fds, n_fds);
1156 }
1157
1158 return 1;
1159
1160 } else if (ev->data.fd == s->stdout_fd) {
1161
1162 if (ev->events != EPOLLIN) {
1163 log_error("Got invalid event from epoll.");
1164 return -EIO;
1165 }
1166
1167 stdout_stream_new(s);
1168 return 1;
1169
1170 } else {
1171 StdoutStream *stream;
1172
1173 if ((ev->events|EPOLLIN|EPOLLHUP) != (EPOLLIN|EPOLLHUP)) {
1174 log_error("Got invalid event from epoll.");
1175 return -EIO;
1176 }
1177
1178 /* If it is none of the well-known fds, it must be an
1179 * stdout stream fd. Note that this is a bit ugly here
1180 * (since we rely that none of the well-known fds
1181 * could be interpreted as pointer), but nonetheless
1182 * safe, since the well-known fds would never get an
1183 * fd > 4096, i.e. beyond the first memory page */
1184
1185 stream = ev->data.ptr;
1186
1187 if (stdout_stream_process(stream) <= 0)
1188 stdout_stream_free(stream);
1189
1190 return 1;
1191 }
1192
1193 log_error("Unknown event.");
1194 return 0;
1195}
1196
1197static int open_signalfd(Server *s) {
1198 sigset_t mask;
1199 struct epoll_event ev;
1200
1201 assert(s);
1202
1203 assert_se(sigemptyset(&mask) == 0);
1204 sigset_add_many(&mask, SIGINT, SIGTERM, SIGUSR1, SIGUSR2, -1);
1205 assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);
1206
1207 s->signal_fd = signalfd(-1, &mask, SFD_NONBLOCK|SFD_CLOEXEC);
1208 if (s->signal_fd < 0) {
1209 log_error("signalfd(): %m");
1210 return -errno;
1211 }
1212
1213 zero(ev);
1214 ev.events = EPOLLIN;
1215 ev.data.fd = s->signal_fd;
1216
1217 if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->signal_fd, &ev) < 0) {
1218 log_error("epoll_ctl(): %m");
1219 return -errno;
1220 }
1221
1222 return 0;
1223}
1224
1225static int server_parse_proc_cmdline(Server *s) {
7fd1b19b 1226 _cleanup_free_ char *line = NULL;
db91ea32 1227 char *w, *state;
d025f1e4
ZJS		 1228 int r;
1229 size_t l;
1230
1231 if (detect_container(NULL) > 0)
1232 return 0;
1233
1234 r = read_one_line_file("/proc/cmdline", &line);
1235 if (r < 0) {
1236 log_warning("Failed to read /proc/cmdline, ignoring: %s", strerror(-r));
1237 return 0;
1238 }
1239
1240 FOREACH_WORD_QUOTED(w, l, line, state) {
7fd1b19b 1241 _cleanup_free_ char *word;
d025f1e4
ZJS		 1242
1243 word = strndup(w, l);
db91ea32
ZJS		 1244 if (!word)
1245 return -ENOMEM;
d025f1e4
ZJS		 1246
1247 if (startswith(word, "systemd.journald.forward_to_syslog=")) {
1248 r = parse_boolean(word + 35);
1249 if (r < 0)
1250 log_warning("Failed to parse forward to syslog switch %s. Ignoring.", word + 35);
1251 else
1252 s->forward_to_syslog = r;
1253 } else if (startswith(word, "systemd.journald.forward_to_kmsg=")) {
1254 r = parse_boolean(word + 33);
1255 if (r < 0)
1256 log_warning("Failed to parse forward to kmsg switch %s. Ignoring.", word + 33);
1257 else
1258 s->forward_to_kmsg = r;
1259 } else if (startswith(word, "systemd.journald.forward_to_console=")) {
1260 r = parse_boolean(word + 36);
1261 if (r < 0)
1262 log_warning("Failed to parse forward to console switch %s. Ignoring.", word + 36);
1263 else
1264 s->forward_to_console = r;
1265 } else if (startswith(word, "systemd.journald"))
1266 log_warning("Invalid systemd.journald parameter. Ignoring.");
d025f1e4
ZJS		 1267 }
1268
db91ea32 1269 return 0;
d025f1e4
ZJS		 1270}
1271
1272static int server_parse_config_file(Server *s) {
db91ea32 1273 static const char *fn = "/etc/systemd/journald.conf";
7fd1b19b 1274 _cleanup_fclose_ FILE *f = NULL;
d025f1e4
ZJS		 1275 int r;
1276
1277 assert(s);
1278
d025f1e4
ZJS		 1279 f = fopen(fn, "re");
1280 if (!f) {
1281 if (errno == ENOENT)
1282 return 0;
1283
1284 log_warning("Failed to open configuration file %s: %m", fn);
1285 return -errno;
1286 }
1287
e8e581bf 1288 r = config_parse(NULL, fn, f, "Journal\0", config_item_perf_lookup,
db91ea32 1289 (void*) journald_gperf_lookup, false, s);
d025f1e4
ZJS		 1290 if (r < 0)
1291 log_warning("Failed to parse configuration file: %s", strerror(-r));
1292
d025f1e4
ZJS		 1293 return r;
1294}
1295
26687bf8
OS		 1296static int server_open_sync_timer(Server *s) {
1297 int r;
1298 struct epoll_event ev;
1299
1300 assert(s);
1301
1302 s->sync_timer_fd = timerfd_create(CLOCK_MONOTONIC, TFD_CLOEXEC);
1303 if (s->sync_timer_fd < 0)
1304 return -errno;
1305
1306 zero(ev);
1307 ev.events = EPOLLIN;
1308 ev.data.fd = s->sync_timer_fd;
1309
1310 r = epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->sync_timer_fd, &ev);
1311 if (r < 0) {
1312 log_error("Failed to add idle timer fd to epoll object: %m");
1313 return -errno;
1314 }
1315
1316 return 0;
1317}
1318
1319int server_schedule_sync(Server *s) {
1320 int r;
1321
26687bf8
OS		 1322 assert(s);
1323
1324 if (s->sync_scheduled)
1325 return 0;
1326
1327 if (s->sync_interval_usec) {
b92bea5d
ZJS		 1328 struct itimerspec sync_timer_enable = {
1329 .it_value.tv_sec = s->sync_interval_usec / USEC_PER_SEC,
1330 .it_value.tv_nsec = s->sync_interval_usec % MSEC_PER_SEC,
1331 };
26687bf8
OS		 1332
1333 r = timerfd_settime(s->sync_timer_fd, 0, &sync_timer_enable, NULL);
1334 if (r < 0)
1335 return -errno;
1336 }
1337
1338 s->sync_scheduled = true;
1339
1340 return 0;
1341}
1342
d025f1e4
ZJS		 1343int server_init(Server *s) {
1344 int n, r, fd;
1345
1346 assert(s);
1347
1348 zero(*s);
26687bf8
OS		 1349 s->sync_timer_fd = s->syslog_fd = s->native_fd = s->stdout_fd =
1350 s->signal_fd = s->epoll_fd = s->dev_kmsg_fd = -1;
d025f1e4
ZJS		 1351 s->compress = true;
1352 s->seal = true;
1353
26687bf8
OS		 1354 s->sync_interval_usec = DEFAULT_SYNC_INTERVAL_USEC;
1355 s->sync_scheduled = false;
1356
d025f1e4
ZJS		 1357 s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL;
1358 s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST;
1359
1360 s->forward_to_syslog = true;
1361
1362 s->max_level_store = LOG_DEBUG;
1363 s->max_level_syslog = LOG_DEBUG;
1364 s->max_level_kmsg = LOG_NOTICE;
1365 s->max_level_console = LOG_INFO;
1366
1367 memset(&s->system_metrics, 0xFF, sizeof(s->system_metrics));
1368 memset(&s->runtime_metrics, 0xFF, sizeof(s->runtime_metrics));
1369
1370 server_parse_config_file(s);
1371 server_parse_proc_cmdline(s);
d288f79f
ZJS		 1372 if (!!s->rate_limit_interval ^ !!s->rate_limit_burst) {
1373 log_debug("Setting both rate limit interval and burst from %llu,%u to 0,0",
1374 (long long unsigned) s->rate_limit_interval,
1375 s->rate_limit_burst);
1376 s->rate_limit_interval = s->rate_limit_burst = 0;
1377 }
d025f1e4
ZJS		 1378
1379 mkdir_p("/run/systemd/journal", 0755);
1380
1381 s->user_journals = hashmap_new(trivial_hash_func, trivial_compare_func);
1382 if (!s->user_journals)
1383 return log_oom();
1384
1385 s->mmap = mmap_cache_new();
1386 if (!s->mmap)
1387 return log_oom();
1388
1389 s->epoll_fd = epoll_create1(EPOLL_CLOEXEC);
1390 if (s->epoll_fd < 0) {
1391 log_error("Failed to create epoll object: %m");
1392 return -errno;
1393 }
1394
1395 n = sd_listen_fds(true);
1396 if (n < 0) {
1397 log_error("Failed to read listening file descriptors from environment: %s", strerror(-n));
1398 return n;
1399 }
1400
1401 for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
1402
1403 if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/socket", 0) > 0) {
1404
1405 if (s->native_fd >= 0) {
1406 log_error("Too many native sockets passed.");
1407 return -EINVAL;
1408 }
1409
1410 s->native_fd = fd;
1411
1412 } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, "/run/systemd/journal/stdout", 0) > 0) {
1413
1414 if (s->stdout_fd >= 0) {
1415 log_error("Too many stdout sockets passed.");
1416 return -EINVAL;
1417 }
1418
1419 s->stdout_fd = fd;
1420
1421 } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0) {
1422
1423 if (s->syslog_fd >= 0) {
1424 log_error("Too many /dev/log sockets passed.");
1425 return -EINVAL;
1426 }
1427
1428 s->syslog_fd = fd;
1429
1430 } else {
1431 log_error("Unknown socket passed.");
1432 return -EINVAL;
1433 }
1434 }
1435
1436 r = server_open_syslog_socket(s);
1437 if (r < 0)
1438 return r;
1439
1440 r = server_open_native_socket(s);
1441 if (r < 0)
1442 return r;
1443
1444 r = server_open_stdout_socket(s);
1445 if (r < 0)
1446 return r;
1447
1448 r = server_open_dev_kmsg(s);
1449 if (r < 0)
1450 return r;
1451
1452 r = server_open_kernel_seqnum(s);
1453 if (r < 0)
1454 return r;
1455
26687bf8
OS		 1456 r = server_open_sync_timer(s);
1457 if (r < 0)
1458 return r;
1459
d025f1e4
ZJS		 1460 r = open_signalfd(s);
1461 if (r < 0)
1462 return r;
1463
1464 s->udev = udev_new();
1465 if (!s->udev)
1466 return -ENOMEM;
1467
d288f79f
ZJS		 1468 s->rate_limit = journal_rate_limit_new(s->rate_limit_interval,
1469 s->rate_limit_burst);
d025f1e4
ZJS		 1470 if (!s->rate_limit)
1471 return -ENOMEM;
1472
1473 r = system_journal_open(s);
1474 if (r < 0)
1475 return r;
1476
1477 return 0;
1478}
1479
1480void server_maybe_append_tags(Server *s) {
1481#ifdef HAVE_GCRYPT
1482 JournalFile *f;
1483 Iterator i;
1484 usec_t n;
1485
1486 n = now(CLOCK_REALTIME);
1487
1488 if (s->system_journal)
1489 journal_file_maybe_append_tag(s->system_journal, n);
1490
1491 HASHMAP_FOREACH(f, s->user_journals, i)
1492 journal_file_maybe_append_tag(f, n);
1493#endif
1494}
1495
1496void server_done(Server *s) {
1497 JournalFile *f;
1498 assert(s);
1499
1500 while (s->stdout_streams)
1501 stdout_stream_free(s->stdout_streams);
1502
1503 if (s->system_journal)
1504 journal_file_close(s->system_journal);
1505
1506 if (s->runtime_journal)
1507 journal_file_close(s->runtime_journal);
1508
1509 while ((f = hashmap_steal_first(s->user_journals)))
1510 journal_file_close(f);
1511
1512 hashmap_free(s->user_journals);
1513
1514 if (s->epoll_fd >= 0)
1515 close_nointr_nofail(s->epoll_fd);
1516
1517 if (s->signal_fd >= 0)
1518 close_nointr_nofail(s->signal_fd);
1519
1520 if (s->syslog_fd >= 0)
1521 close_nointr_nofail(s->syslog_fd);
1522
1523 if (s->native_fd >= 0)
1524 close_nointr_nofail(s->native_fd);
1525
1526 if (s->stdout_fd >= 0)
1527 close_nointr_nofail(s->stdout_fd);
1528
1529 if (s->dev_kmsg_fd >= 0)
1530 close_nointr_nofail(s->dev_kmsg_fd);
1531
26687bf8
OS		 1532 if (s->sync_timer_fd >= 0)
1533 close_nointr_nofail(s->sync_timer_fd);
1534
d025f1e4
ZJS		 1535 if (s->rate_limit)
1536 journal_rate_limit_free(s->rate_limit);
1537
1538 if (s->kernel_seqnum)
1539 munmap(s->kernel_seqnum, sizeof(uint64_t));
1540
1541 free(s->buffer);
1542 free(s->tty_path);
1543
1544 if (s->mmap)
1545 mmap_cache_unref(s->mmap);
1546
1547 if (s->udev)
1548 udev_unref(s->udev);
1549}
Unnamed repository; edit this file 'description' to name the repository.