]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/journal/journald-server.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
sd-rtnl: message - protect against SEGFAULT when reading messages
[thirdparty/systemd.git] / src / journal / journald-server.c
CommitLineData
d025f1e4
ZJS		 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3/***
4 This file is part of systemd.
5
6 Copyright 2011 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
22#include <sys/signalfd.h>
23#include <sys/ioctl.h>
24#include <linux/sockios.h>
25#include <sys/statvfs.h>
26#include <sys/mman.h>
26687bf8 27#include <sys/timerfd.h>
d025f1e4
ZJS		 28
29#include <libudev.h>
d025f1e4 30
74df0fca
LP		 31#include "sd-journal.h"
32#include "sd-messages.h"
33#include "sd-daemon.h"
a5c32cff 34#include "fileio.h"
d025f1e4
ZJS		 35#include "mkdir.h"
36#include "hashmap.h"
37#include "journal-file.h"
38#include "socket-util.h"
39#include "cgroup-util.h"
40#include "list.h"
d025f1e4
ZJS		 41#include "missing.h"
42#include "conf-parser.h"
74df0fca 43#include "selinux-util.h"
d025f1e4
ZJS		 44#include "journal-internal.h"
45#include "journal-vacuum.h"
46#include "journal-authenticate.h"
d025f1e4
ZJS		 47#include "journald-rate-limit.h"
48#include "journald-kmsg.h"
49#include "journald-syslog.h"
50#include "journald-stream.h"
51#include "journald-console.h"
52#include "journald-native.h"
74df0fca 53#include "journald-server.h"
d025f1e4
ZJS		 54
55#ifdef HAVE_ACL
56#include <sys/acl.h>
57#include <acl/libacl.h>
58#include "acl-util.h"
59#endif
60
61#ifdef HAVE_SELINUX
62#include <selinux/selinux.h>
63#endif
64
65#define USER_JOURNALS_MAX 1024
66
26687bf8 67#define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
7f1ad696
LP		 68#define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC)
69#define DEFAULT_RATE_LIMIT_BURST 1000
d025f1e4
ZJS		 70
71#define RECHECK_AVAILABLE_SPACE_USEC (30*USEC_PER_SEC)
72
2c5859af 73static const char* const storage_table[_STORAGE_MAX] = {
d025f1e4
ZJS		 74 [STORAGE_AUTO] = "auto",
75 [STORAGE_VOLATILE] = "volatile",
76 [STORAGE_PERSISTENT] = "persistent",
77 [STORAGE_NONE] = "none"
78};
79
80DEFINE_STRING_TABLE_LOOKUP(storage, Storage);
81DEFINE_CONFIG_PARSE_ENUM(config_parse_storage, storage, Storage, "Failed to parse storage setting");
82
2c5859af
DM		 83static const char* const split_mode_table[_SPLIT_MAX] = {
84 [SPLIT_LOGIN] = "login",
d025f1e4 85 [SPLIT_UID] = "uid",
2c5859af 86 [SPLIT_NONE] = "none",
d025f1e4
ZJS		 87};
88
89DEFINE_STRING_TABLE_LOOKUP(split_mode, SplitMode);
90DEFINE_CONFIG_PARSE_ENUM(config_parse_split_mode, split_mode, SplitMode, "Failed to parse split mode setting");
91
670b110c 92static uint64_t available_space(Server *s, bool verbose) {
db91ea32 93 char ids[33];
7fd1b19b 94 _cleanup_free_ char *p = NULL;
d025f1e4
ZJS		 95 sd_id128_t machine;
96 struct statvfs ss;
670b110c 97 uint64_t sum = 0, ss_avail = 0, avail = 0;
d025f1e4 98 int r;
7fd1b19b 99 _cleanup_closedir_ DIR *d = NULL;
d025f1e4 100 usec_t ts;
670b110c 101 const char *f;
d025f1e4
ZJS		 102 JournalMetrics *m;
103
104 ts = now(CLOCK_MONOTONIC);
105
670b110c
ZJS		 106 if (s->cached_available_space_timestamp + RECHECK_AVAILABLE_SPACE_USEC > ts
107 && !verbose)
d025f1e4
ZJS		 108 return s->cached_available_space;
109
110 r = sd_id128_get_machine(&machine);
111 if (r < 0)
112 return 0;
113
114 if (s->system_journal) {
115 f = "/var/log/journal/";
116 m = &s->system_metrics;
117 } else {
118 f = "/run/log/journal/";
119 m = &s->runtime_metrics;
120 }
121
122 assert(m);
123
124 p = strappend(f, sd_id128_to_string(machine, ids));
125 if (!p)
126 return 0;
127
128 d = opendir(p);
d025f1e4
ZJS		 129 if (!d)
130 return 0;
131
132 if (fstatvfs(dirfd(d), &ss) < 0)
db91ea32 133 return 0;
d025f1e4
ZJS		 134
135 for (;;) {
136 struct stat st;
137 struct dirent *de;
d025f1e4 138
0371ca0d
FW		 139 errno = 0;
140 de = readdir(d);
141 if (!de && errno != 0)
142 return 0;
d025f1e4
ZJS		 143
144 if (!de)
145 break;
146
147 if (!endswith(de->d_name, ".journal") &&
148 !endswith(de->d_name, ".journal~"))
149 continue;
150
151 if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0)
152 continue;
153
154 if (!S_ISREG(st.st_mode))
155 continue;
156
157 sum += (uint64_t) st.st_blocks * 512UL;
158 }
159
d025f1e4
ZJS		 160 ss_avail = ss.f_bsize * ss.f_bavail;
161
348ced90
ZJS		 162 /* If we reached a high mark, we will always allow this much
163 * again, unless usage goes above max_use. This watermark
164 * value is cached so that we don't give up space on pressure,
165 * but hover below the maximum usage. */
166
167 if (m->use < sum)
168 m->use = sum;
169
170 avail = LESS_BY(ss_avail, m->keep_free);
171
172 s->cached_available_space = LESS_BY(MIN(m->max_use, avail), sum);
d025f1e4
ZJS		 173 s->cached_available_space_timestamp = ts;
174
670b110c
ZJS		 175 if (verbose) {
176 char fb1[FORMAT_BYTES_MAX], fb2[FORMAT_BYTES_MAX], fb3[FORMAT_BYTES_MAX],
177 fb4[FORMAT_BYTES_MAX], fb5[FORMAT_BYTES_MAX];
178
179 server_driver_message(s, SD_MESSAGE_JOURNAL_USAGE,
348ced90
ZJS		 180 "%s journal is using %s (max allowed %s, "
181 "trying to leave %s free of %s available → current limit %s).",
670b110c
ZJS		 182 s->system_journal ? "Permanent" : "Runtime",
183 format_bytes(fb1, sizeof(fb1), sum),
184 format_bytes(fb2, sizeof(fb2), m->max_use),
185 format_bytes(fb3, sizeof(fb3), m->keep_free),
186 format_bytes(fb4, sizeof(fb4), ss_avail),
348ced90 187 format_bytes(fb5, sizeof(fb5), s->cached_available_space + sum));
670b110c
ZJS		 188 }
189
190 return s->cached_available_space;
d025f1e4
ZJS		 191}
192
d025f1e4
ZJS		 193void server_fix_perms(Server *s, JournalFile *f, uid_t uid) {
194 int r;
195#ifdef HAVE_ACL
196 acl_t acl;
197 acl_entry_t entry;
198 acl_permset_t permset;
199#endif
200
201 assert(f);
202
4608af43 203 r = fchmod(f->fd, 0640);
d025f1e4 204 if (r < 0)
4608af43 205 log_warning("Failed to fix access mode on %s, ignoring: %s", f->path, strerror(-r));
d025f1e4
ZJS		 206
207#ifdef HAVE_ACL
208 if (uid <= 0)
209 return;
210
211 acl = acl_get_fd(f->fd);
212 if (!acl) {
213 log_warning("Failed to read ACL on %s, ignoring: %m", f->path);
214 return;
215 }
216
217 r = acl_find_uid(acl, uid, &entry);
218 if (r <= 0) {
219
220 if (acl_create_entry(&acl, &entry) < 0 ||
221 acl_set_tag_type(entry, ACL_USER) < 0 ||
222 acl_set_qualifier(entry, &uid) < 0) {
223 log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
224 goto finish;
225 }
226 }
227
23ad4dd8
JAS		 228 /* We do not recalculate the mask unconditionally here,
229 * so that the fchmod() mask above stays intact. */
d025f1e4 230 if (acl_get_permset(entry, &permset) < 0 ||
23ad4dd8
JAS		 231 acl_add_perm(permset, ACL_READ) < 0 ||
232 calc_acl_mask_if_needed(&acl) < 0) {
d025f1e4
ZJS		 233 log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
234 goto finish;
235 }
236
237 if (acl_set_fd(f->fd, acl) < 0)
238 log_warning("Failed to set ACL on %s, ignoring: %m", f->path);
239
240finish:
241 acl_free(acl);
242#endif
243}
244
245static JournalFile* find_journal(Server *s, uid_t uid) {
ed375beb 246 _cleanup_free_ char *p = NULL;
d025f1e4
ZJS		 247 int r;
248 JournalFile *f;
249 sd_id128_t machine;
250
251 assert(s);
252
253 /* We split up user logs only on /var, not on /run. If the
254 * runtime file is open, we write to it exclusively, in order
255 * to guarantee proper order as soon as we flush /run to
256 * /var and close the runtime file. */
257
258 if (s->runtime_journal)
259 return s->runtime_journal;
260
261 if (uid <= 0)
262 return s->system_journal;
263
264 r = sd_id128_get_machine(&machine);
265 if (r < 0)
266 return s->system_journal;
267
268 f = hashmap_get(s->user_journals, UINT32_TO_PTR(uid));
269 if (f)
270 return f;
271
272 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/user-%lu.journal",
273 SD_ID128_FORMAT_VAL(machine), (unsigned long) uid) < 0)
274 return s->system_journal;
275
276 while (hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
277 /* Too many open? Then let's close one */
278 f = hashmap_steal_first(s->user_journals);
279 assert(f);
280 journal_file_close(f);
281 }
282
cbd67177 283 r = journal_file_open_reliably(p, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &f);
d025f1e4
ZJS		 284 if (r < 0)
285 return s->system_journal;
286
287 server_fix_perms(s, f, uid);
288
289 r = hashmap_put(s->user_journals, UINT32_TO_PTR(uid), f);
290 if (r < 0) {
291 journal_file_close(f);
292 return s->system_journal;
293 }
294
295 return f;
296}
297
fc55baee
ZJS		 298static int do_rotate(Server *s, JournalFile **f, const char* name,
299 bool seal, uint32_t uid) {
300 int r;
301 assert(s);
302
303 if (!*f)
304 return -EINVAL;
305
306 r = journal_file_rotate(f, s->compress, seal);
307 if (r < 0)
308 if (*f)
309 log_error("Failed to rotate %s: %s",
310 (*f)->path, strerror(-r));
311 else
312 log_error("Failed to create new %s journal: %s",
313 name, strerror(-r));
314 else
315 server_fix_perms(s, *f, uid);
316 return r;
317}
318
d025f1e4
ZJS		 319void server_rotate(Server *s) {
320 JournalFile *f;
321 void *k;
322 Iterator i;
323 int r;
324
325 log_debug("Rotating...");
326
fc55baee
ZJS		 327 do_rotate(s, &s->runtime_journal, "runtime", false, 0);
328 do_rotate(s, &s->system_journal, "system", s->seal, 0);
d025f1e4
ZJS		 329
330 HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
fc55baee
ZJS		 331 r = do_rotate(s, &f, "user", s->seal, PTR_TO_UINT32(k));
332 if (r >= 0)
d025f1e4 333 hashmap_replace(s->user_journals, k, f);
fc55baee
ZJS		 334 else if (!f)
335 /* Old file has been closed and deallocated */
336 hashmap_remove(s->user_journals, k);
d025f1e4
ZJS		 337 }
338}
339
26687bf8
OS		 340void server_sync(Server *s) {
341 JournalFile *f;
342 void *k;
343 Iterator i;
344 int r;
345
26687bf8
OS		 346 if (s->system_journal) {
347 r = journal_file_set_offline(s->system_journal);
348 if (r < 0)
349 log_error("Failed to sync system journal: %s", strerror(-r));
350 }
351
352 HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
353 r = journal_file_set_offline(f);
354 if (r < 0)
355 log_error("Failed to sync user journal: %s", strerror(-r));
356 }
357
f9a810be
LP		 358 if (s->sync_event_source) {
359 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_OFF);
360 if (r < 0)
361 log_error("Failed to disable sync timer source: %s", strerror(-r));
362 }
26687bf8
OS		 363
364 s->sync_scheduled = false;
365}
366
63c8666b
ZJS		 367static void do_vacuum(Server *s, char *ids, JournalFile *f, const char* path,
368 JournalMetrics *metrics) {
369 char *p;
370 int r;
371
372 if (!f)
373 return;
374
375 p = strappenda(path, ids);
376 r = journal_directory_vacuum(p, metrics->max_use, s->max_retention_usec, &s->oldest_file_usec);
377 if (r < 0 && r != -ENOENT)
378 log_error("Failed to vacuum %s: %s", p, strerror(-r));
379}
380
d025f1e4 381void server_vacuum(Server *s) {
d025f1e4
ZJS		 382 char ids[33];
383 sd_id128_t machine;
384 int r;
385
386 log_debug("Vacuuming...");
387
388 s->oldest_file_usec = 0;
389
390 r = sd_id128_get_machine(&machine);
391 if (r < 0) {
392 log_error("Failed to get machine ID: %s", strerror(-r));
393 return;
394 }
d025f1e4
ZJS		 395 sd_id128_to_string(machine, ids);
396
63c8666b
ZJS		 397 do_vacuum(s, ids, s->system_journal, "/var/log/journal/", &s->system_metrics);
398 do_vacuum(s, ids, s->runtime_journal, "/run/log/journal/", &s->runtime_metrics);
d025f1e4
ZJS		 399
400 s->cached_available_space_timestamp = 0;
401}
402
0c24bb23
LP		 403static void server_cache_machine_id(Server *s) {
404 sd_id128_t id;
405 int r;
406
407 assert(s);
408
409 r = sd_id128_get_machine(&id);
410 if (r < 0)
411 return;
412
413 sd_id128_to_string(id, stpcpy(s->machine_id_field, "_MACHINE_ID="));
414}
415
416static void server_cache_boot_id(Server *s) {
417 sd_id128_t id;
418 int r;
419
420 assert(s);
421
422 r = sd_id128_get_boot(&id);
423 if (r < 0)
424 return;
425
426 sd_id128_to_string(id, stpcpy(s->boot_id_field, "_BOOT_ID="));
427}
428
429static void server_cache_hostname(Server *s) {
430 _cleanup_free_ char *t = NULL;
431 char *x;
432
433 assert(s);
434
435 t = gethostname_malloc();
436 if (!t)
437 return;
438
439 x = strappend("_HOSTNAME=", t);
440 if (!x)
441 return;
442
443 free(s->hostname_field);
444 s->hostname_field = x;
445}
446
d025f1e4
ZJS		 447bool shall_try_append_again(JournalFile *f, int r) {
448
449 /* -E2BIG Hit configured limit
450 -EFBIG Hit fs limit
451 -EDQUOT Quota limit hit
452 -ENOSPC Disk full
453 -EHOSTDOWN Other machine
454 -EBUSY Unclean shutdown
455 -EPROTONOSUPPORT Unsupported feature
456 -EBADMSG Corrupted
457 -ENODATA Truncated
458 -ESHUTDOWN Already archived */
459
460 if (r == -E2BIG || r == -EFBIG || r == -EDQUOT || r == -ENOSPC)
461 log_debug("%s: Allocation limit reached, rotating.", f->path);
462 else if (r == -EHOSTDOWN)
463 log_info("%s: Journal file from other machine, rotating.", f->path);
464 else if (r == -EBUSY)
465 log_info("%s: Unclean shutdown, rotating.", f->path);
466 else if (r == -EPROTONOSUPPORT)
467 log_info("%s: Unsupported feature, rotating.", f->path);
468 else if (r == -EBADMSG || r == -ENODATA || r == ESHUTDOWN)
469 log_warning("%s: Journal file corrupted, rotating.", f->path);
470 else
471 return false;
472
473 return true;
474}
475
d07f7b9e 476static void write_to_journal(Server *s, uid_t uid, struct iovec *iovec, unsigned n, int priority) {
d025f1e4
ZJS		 477 JournalFile *f;
478 bool vacuumed = false;
479 int r;
480
481 assert(s);
482 assert(iovec);
483 assert(n > 0);
484
485 f = find_journal(s, uid);
486 if (!f)
487 return;
488
489 if (journal_file_rotate_suggested(f, s->max_file_usec)) {
490 log_debug("%s: Journal header limits reached or header out-of-date, rotating.", f->path);
491 server_rotate(s);
492 server_vacuum(s);
493 vacuumed = true;
494
495 f = find_journal(s, uid);
496 if (!f)
497 return;
498 }
499
500 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
26687bf8 501 if (r >= 0) {
d07f7b9e 502 server_schedule_sync(s, priority);
d025f1e4 503 return;
26687bf8 504 }
d025f1e4
ZJS		 505
506 if (vacuumed || !shall_try_append_again(f, r)) {
e40ec7ae
ZJS		 507 size_t size = 0;
508 unsigned i;
509 for (i = 0; i < n; i++)
510 size += iovec[i].iov_len;
511
512 log_error("Failed to write entry (%d items, %zu bytes), ignoring: %s", n, size, strerror(-r));
d025f1e4
ZJS		 513 return;
514 }
515
516 server_rotate(s);
517 server_vacuum(s);
518
519 f = find_journal(s, uid);
520 if (!f)
521 return;
522
523 log_debug("Retrying write.");
524 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
e40ec7ae
ZJS		 525 if (r < 0) {
526 size_t size = 0;
527 unsigned i;
528 for (i = 0; i < n; i++)
529 size += iovec[i].iov_len;
530
531 log_error("Failed to write entry (%d items, %zu bytes) despite vacuuming, ignoring: %s", n, size, strerror(-r));
d07f7b9e
LP		 532 } else
533 server_schedule_sync(s, priority);
d025f1e4
ZJS		 534}
535
536static void dispatch_message_real(
537 Server *s,
538 struct iovec *iovec, unsigned n, unsigned m,
539 struct ucred *ucred,
540 struct timeval *tv,
541 const char *label, size_t label_len,
968f3196 542 const char *unit_id,
d07f7b9e 543 int priority,
968f3196 544 pid_t object_pid) {
d025f1e4 545
968f3196 546 char pid[sizeof("_PID=") + DECIMAL_STR_MAX(pid_t)],
ae018d9b
LP		 547 uid[sizeof("_UID=") + DECIMAL_STR_MAX(uid_t)],
548 gid[sizeof("_GID=") + DECIMAL_STR_MAX(gid_t)],
549 owner_uid[sizeof("_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)],
d3789917 550 source_time[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)],
968f3196
ZJS		 551 o_uid[sizeof("OBJECT_UID=") + DECIMAL_STR_MAX(uid_t)],
552 o_gid[sizeof("OBJECT_GID=") + DECIMAL_STR_MAX(gid_t)],
553 o_owner_uid[sizeof("OBJECT_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)];
554 uid_t object_uid;
555 gid_t object_gid;
968f3196 556 char *x;
d025f1e4 557 int r;
ae018d9b 558 char *t, *c;
82499507
LP		 559 uid_t realuid = 0, owner = 0, journal_uid;
560 bool owner_valid = false;
ae018d9b 561#ifdef HAVE_AUDIT
968f3196
ZJS		 562 char audit_session[sizeof("_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
563 audit_loginuid[sizeof("_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)],
564 o_audit_session[sizeof("OBJECT_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
565 o_audit_loginuid[sizeof("OBJECT_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)];
ae018d9b
LP		 566
567 uint32_t audit;
568 uid_t loginuid;
569#endif
d025f1e4
ZJS		 570
571 assert(s);
572 assert(iovec);
573 assert(n > 0);
968f3196 574 assert(n + N_IOVEC_META_FIELDS + (object_pid ? N_IOVEC_OBJECT_FIELDS : 0) <= m);
d025f1e4
ZJS		 575
576 if (ucred) {
d025f1e4
ZJS		 577 realuid = ucred->uid;
578
ae018d9b 579 sprintf(pid, "_PID=%lu", (unsigned long) ucred->pid);
c2457105 580 IOVEC_SET_STRING(iovec[n++], pid);
d025f1e4 581
ae018d9b 582 sprintf(uid, "_UID=%lu", (unsigned long) ucred->uid);
c2457105 583 IOVEC_SET_STRING(iovec[n++], uid);
d025f1e4 584
ae018d9b 585 sprintf(gid, "_GID=%lu", (unsigned long) ucred->gid);
c2457105 586 IOVEC_SET_STRING(iovec[n++], gid);
d025f1e4
ZJS		 587
588 r = get_process_comm(ucred->pid, &t);
589 if (r >= 0) {
968f3196 590 x = strappenda("_COMM=", t);
d025f1e4 591 free(t);
968f3196 592 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4
ZJS		 593 }
594
595 r = get_process_exe(ucred->pid, &t);
596 if (r >= 0) {
968f3196 597 x = strappenda("_EXE=", t);
d025f1e4 598 free(t);
968f3196 599 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4
ZJS		 600 }
601
9bdbc2e2 602 r = get_process_cmdline(ucred->pid, 0, false, &t);
d025f1e4 603 if (r >= 0) {
968f3196 604 x = strappenda("_CMDLINE=", t);
d025f1e4 605 free(t);
3a832116
SL		 606 IOVEC_SET_STRING(iovec[n++], x);
607 }
608
609 r = get_process_capeff(ucred->pid, &t);
610 if (r >= 0) {
611 x = strappenda("_CAP_EFFECTIVE=", t);
612 free(t);
968f3196 613 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4
ZJS		 614 }
615
0a20e3c1 616#ifdef HAVE_AUDIT
d025f1e4 617 r = audit_session_from_pid(ucred->pid, &audit);
ae018d9b
LP		 618 if (r >= 0) {
619 sprintf(audit_session, "_AUDIT_SESSION=%lu", (unsigned long) audit);
620 IOVEC_SET_STRING(iovec[n++], audit_session);
621 }
d025f1e4
ZJS		 622
623 r = audit_loginuid_from_pid(ucred->pid, &loginuid);
7027ff61 624 if (r >= 0) {
ae018d9b
LP		 625 sprintf(audit_loginuid, "_AUDIT_LOGINUID=%lu", (unsigned long) loginuid);
626 IOVEC_SET_STRING(iovec[n++], audit_loginuid);
d025f1e4 627 }
ae018d9b 628#endif
d025f1e4 629
e9174f29 630 r = cg_pid_get_path_shifted(ucred->pid, s->cgroup_root, &c);
7027ff61 631 if (r >= 0) {
968f3196
ZJS		 632 char *session = NULL;
633
634 x = strappenda("_SYSTEMD_CGROUP=", c);
635 IOVEC_SET_STRING(iovec[n++], x);
d025f1e4 636
ae018d9b
LP		 637 r = cg_path_get_session(c, &t);
638 if (r >= 0) {
639 session = strappenda("_SYSTEMD_SESSION=", t);
640 free(t);
d025f1e4 641 IOVEC_SET_STRING(iovec[n++], session);
ae018d9b
LP		 642 }
643
644 if (cg_path_get_owner_uid(c, &owner) >= 0) {
645 owner_valid = true;
d025f1e4 646
ae018d9b 647 sprintf(owner_uid, "_SYSTEMD_OWNER_UID=%lu", (unsigned long) owner);
d025f1e4 648 IOVEC_SET_STRING(iovec[n++], owner_uid);
ae018d9b 649 }
d025f1e4 650
ae018d9b 651 if (cg_path_get_unit(c, &t) >= 0) {
968f3196 652 x = strappenda("_SYSTEMD_UNIT=", t);
ae018d9b 653 free(t);
19cace37
LP		 654 IOVEC_SET_STRING(iovec[n++], x);
655 } else if (unit_id && !session) {
656 x = strappenda("_SYSTEMD_UNIT=", unit_id);
657 IOVEC_SET_STRING(iovec[n++], x);
658 }
659
660 if (cg_path_get_user_unit(c, &t) >= 0) {
968f3196 661 x = strappenda("_SYSTEMD_USER_UNIT=", t);
ae018d9b 662 free(t);
968f3196 663 IOVEC_SET_STRING(iovec[n++], x);
19cace37
LP		 664 } else if (unit_id && session) {
665 x = strappenda("_SYSTEMD_USER_UNIT=", unit_id);
666 IOVEC_SET_STRING(iovec[n++], x);
667 }
ae018d9b 668
0a244b8e
LP		 669 if (cg_path_get_slice(c, &t) >= 0) {
670 x = strappenda("_SYSTEMD_SLICE=", t);
671 free(t);
672 IOVEC_SET_STRING(iovec[n++], x);
673 }
674
ae018d9b 675 free(c);
2d43b190
DM		 676 } else if (unit_id) {
677 x = strappenda("_SYSTEMD_UNIT=", unit_id);
678 IOVEC_SET_STRING(iovec[n++], x);
ef1673d1 679 }
d025f1e4 680
d025f1e4 681#ifdef HAVE_SELINUX
d682b3a7
LP		 682 if (use_selinux()) {
683 if (label) {
f8294e41 684 x = alloca(strlen("_SELINUX_CONTEXT=") + label_len + 1);
ae018d9b 685
d682b3a7
LP		 686 *((char*) mempcpy(stpcpy(x, "_SELINUX_CONTEXT="), label, label_len)) = 0;
687 IOVEC_SET_STRING(iovec[n++], x);
688 } else {
689 security_context_t con;
d025f1e4 690
d682b3a7
LP		 691 if (getpidcon(ucred->pid, &con) >= 0) {
692 x = strappenda("_SELINUX_CONTEXT=", con);
e7ff4e7f 693
d682b3a7
LP		 694 freecon(con);
695 IOVEC_SET_STRING(iovec[n++], x);
696 }
d025f1e4
ZJS		 697 }
698 }
699#endif
700 }
968f3196
ZJS		 701 assert(n <= m);
702
703 if (object_pid) {
704 r = get_process_uid(object_pid, &object_uid);
705 if (r >= 0) {
706 sprintf(o_uid, "OBJECT_UID=%lu", (unsigned long) object_uid);
707 IOVEC_SET_STRING(iovec[n++], o_uid);
708 }
709
710 r = get_process_gid(object_pid, &object_gid);
711 if (r >= 0) {
712 sprintf(o_gid, "OBJECT_GID=%lu", (unsigned long) object_gid);
713 IOVEC_SET_STRING(iovec[n++], o_gid);
714 }
715
716 r = get_process_comm(object_pid, &t);
717 if (r >= 0) {
718 x = strappenda("OBJECT_COMM=", t);
719 free(t);
720 IOVEC_SET_STRING(iovec[n++], x);
721 }
722
723 r = get_process_exe(object_pid, &t);
724 if (r >= 0) {
725 x = strappenda("OBJECT_EXE=", t);
726 free(t);
727 IOVEC_SET_STRING(iovec[n++], x);
728 }
729
730 r = get_process_cmdline(object_pid, 0, false, &t);
731 if (r >= 0) {
732 x = strappenda("OBJECT_CMDLINE=", t);
733 free(t);
734 IOVEC_SET_STRING(iovec[n++], x);
735 }
736
737#ifdef HAVE_AUDIT
738 r = audit_session_from_pid(object_pid, &audit);
739 if (r >= 0) {
740 sprintf(o_audit_session, "OBJECT_AUDIT_SESSION=%lu", (unsigned long) audit);
741 IOVEC_SET_STRING(iovec[n++], o_audit_session);
742 }
743
744 r = audit_loginuid_from_pid(object_pid, &loginuid);
745 if (r >= 0) {
746 sprintf(o_audit_loginuid, "OBJECT_AUDIT_LOGINUID=%lu", (unsigned long) loginuid);
747 IOVEC_SET_STRING(iovec[n++], o_audit_loginuid);
748 }
749#endif
750
e9174f29 751 r = cg_pid_get_path_shifted(object_pid, s->cgroup_root, &c);
968f3196
ZJS		 752 if (r >= 0) {
753 x = strappenda("OBJECT_SYSTEMD_CGROUP=", c);
754 IOVEC_SET_STRING(iovec[n++], x);
755
756 r = cg_path_get_session(c, &t);
757 if (r >= 0) {
758 x = strappenda("OBJECT_SYSTEMD_SESSION=", t);
759 free(t);
760 IOVEC_SET_STRING(iovec[n++], x);
761 }
762
763 if (cg_path_get_owner_uid(c, &owner) >= 0) {
764 sprintf(o_owner_uid, "OBJECT_SYSTEMD_OWNER_UID=%lu", (unsigned long) owner);
765 IOVEC_SET_STRING(iovec[n++], o_owner_uid);
766 }
767
768 if (cg_path_get_unit(c, &t) >= 0) {
769 x = strappenda("OBJECT_SYSTEMD_UNIT=", t);
770 free(t);
19cace37
LP		 771 IOVEC_SET_STRING(iovec[n++], x);
772 }
773
774 if (cg_path_get_user_unit(c, &t) >= 0) {
968f3196
ZJS		 775 x = strappenda("OBJECT_SYSTEMD_USER_UNIT=", t);
776 free(t);
968f3196 777 IOVEC_SET_STRING(iovec[n++], x);
19cace37 778 }
968f3196
ZJS		 779
780 free(c);
781 }
782 }
783 assert(n <= m);
d025f1e4
ZJS		 784
785 if (tv) {
ae018d9b 786 sprintf(source_time, "_SOURCE_REALTIME_TIMESTAMP=%llu", (unsigned long long) timeval_load(tv));
a5693989 787 IOVEC_SET_STRING(iovec[n++], source_time);
d025f1e4
ZJS		 788 }
789
790 /* Note that strictly speaking storing the boot id here is
791 * redundant since the entry includes this in-line
792 * anyway. However, we need this indexed, too. */
0c24bb23
LP		 793 if (!isempty(s->boot_id_field))
794 IOVEC_SET_STRING(iovec[n++], s->boot_id_field);
d025f1e4 795
0c24bb23
LP		 796 if (!isempty(s->machine_id_field))
797 IOVEC_SET_STRING(iovec[n++], s->machine_id_field);
d025f1e4 798
0c24bb23
LP		 799 if (!isempty(s->hostname_field))
800 IOVEC_SET_STRING(iovec[n++], s->hostname_field);
d025f1e4
ZJS		 801
802 assert(n <= m);
803
da499392 804 if (s->split_mode == SPLIT_UID && realuid > 0)
40adcda8 805 /* Split up strictly by any UID */
759c945a 806 journal_uid = realuid;
82499507 807 else if (s->split_mode == SPLIT_LOGIN && realuid > 0 && owner_valid && owner > 0)
40adcda8
LP		 808 /* Split up by login UIDs, this avoids creation of
809 * individual journals for system UIDs. We do this
810 * only if the realuid is not root, in order not to
82499507
LP		 811 * accidentally leak privileged information to the
812 * user that is logged by a privileged process that is
813 * part of an unprivileged session.*/
8a0889df 814 journal_uid = owner;
da499392
KS		 815 else
816 journal_uid = 0;
759c945a 817
d07f7b9e 818 write_to_journal(s, journal_uid, iovec, n, priority);
d025f1e4
ZJS		 819}
820
821void server_driver_message(Server *s, sd_id128_t message_id, const char *format, ...) {
822 char mid[11 + 32 + 1];
823 char buffer[16 + LINE_MAX + 1];
824 struct iovec iovec[N_IOVEC_META_FIELDS + 4];
825 int n = 0;
826 va_list ap;
b92bea5d 827 struct ucred ucred = {};
d025f1e4
ZJS		 828
829 assert(s);
830 assert(format);
831
832 IOVEC_SET_STRING(iovec[n++], "PRIORITY=6");
833 IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=driver");
834
835 memcpy(buffer, "MESSAGE=", 8);
836 va_start(ap, format);
837 vsnprintf(buffer + 8, sizeof(buffer) - 8, format, ap);
838 va_end(ap);
839 char_array_0(buffer);
840 IOVEC_SET_STRING(iovec[n++], buffer);
841
842 if (!sd_id128_equal(message_id, SD_ID128_NULL)) {
843 snprintf(mid, sizeof(mid), MESSAGE_ID(message_id));
844 char_array_0(mid);
845 IOVEC_SET_STRING(iovec[n++], mid);
846 }
847
d025f1e4
ZJS		 848 ucred.pid = getpid();
849 ucred.uid = getuid();
850 ucred.gid = getgid();
851
d07f7b9e 852 dispatch_message_real(s, iovec, n, ELEMENTSOF(iovec), &ucred, NULL, NULL, 0, NULL, LOG_INFO, 0);
d025f1e4
ZJS		 853}
854
855void server_dispatch_message(
856 Server *s,
857 struct iovec *iovec, unsigned n, unsigned m,
858 struct ucred *ucred,
859 struct timeval *tv,
860 const char *label, size_t label_len,
861 const char *unit_id,
968f3196
ZJS		 862 int priority,
863 pid_t object_pid) {
d025f1e4 864
7027ff61 865 int rl, r;
7fd1b19b 866 _cleanup_free_ char *path = NULL;
db91ea32 867 char *c;
d025f1e4
ZJS		 868
869 assert(s);
870 assert(iovec || n == 0);
871
872 if (n == 0)
873 return;
874
875 if (LOG_PRI(priority) > s->max_level_store)
876 return;
877
2f5df74a
HHPF		 878 /* Stop early in case the information will not be stored
879 * in a journal. */
880 if (s->storage == STORAGE_NONE)
881 return;
882
d025f1e4
ZJS		 883 if (!ucred)
884 goto finish;
885
e9174f29 886 r = cg_pid_get_path_shifted(ucred->pid, s->cgroup_root, &path);
7027ff61 887 if (r < 0)
d025f1e4
ZJS		 888 goto finish;
889
890 /* example: /user/lennart/3/foobar
891 * /system/dbus.service/foobar
892 *
893 * So let's cut of everything past the third /, since that is
894 * where user directories start */
895
896 c = strchr(path, '/');
897 if (c) {
898 c = strchr(c+1, '/');
899 if (c) {
900 c = strchr(c+1, '/');
901 if (c)
902 *c = 0;
903 }
904 }
905
db91ea32 906 rl = journal_rate_limit_test(s->rate_limit, path,
670b110c 907 priority & LOG_PRIMASK, available_space(s, false));
d025f1e4 908
db91ea32 909 if (rl == 0)
d025f1e4 910 return;
d025f1e4
ZJS		 911
912 /* Write a suppression message if we suppressed something */
913 if (rl > 1)
db91ea32
ZJS		 914 server_driver_message(s, SD_MESSAGE_JOURNAL_DROPPED,
915 "Suppressed %u messages from %s", rl - 1, path);
d025f1e4
ZJS		 916
917finish:
d07f7b9e 918 dispatch_message_real(s, iovec, n, m, ucred, tv, label, label_len, unit_id, priority, object_pid);
d025f1e4
ZJS		 919}
920
921
922static int system_journal_open(Server *s) {
923 int r;
924 char *fn;
925 sd_id128_t machine;
926 char ids[33];
927
928 r = sd_id128_get_machine(&machine);
00a16861
OB		 929 if (r < 0) {
930 log_error("Failed to get machine id: %s", strerror(-r));
d025f1e4 931 return r;
00a16861 932 }
d025f1e4
ZJS		 933
934 sd_id128_to_string(machine, ids);
935
936 if (!s->system_journal &&
937 (s->storage == STORAGE_PERSISTENT || s->storage == STORAGE_AUTO) &&
938 access("/run/systemd/journal/flushed", F_OK) >= 0) {
939
940 /* If in auto mode: first try to create the machine
941 * path, but not the prefix.
942 *
943 * If in persistent mode: create /var/log/journal and
944 * the machine path */
945
946 if (s->storage == STORAGE_PERSISTENT)
947 (void) mkdir("/var/log/journal/", 0755);
948
e40ec7ae 949 fn = strappenda("/var/log/journal/", ids);
d025f1e4 950 (void) mkdir(fn, 0755);
d025f1e4 951
e40ec7ae 952 fn = strappenda(fn, "/system.journal");
d025f1e4 953 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &s->system_journal);
d025f1e4 954
670b110c 955 if (r >= 0)
d025f1e4 956 server_fix_perms(s, s->system_journal, 0);
433dd100
LN		 957 else if (r < 0) {
958 if (r != -ENOENT && r != -EROFS)
959 log_warning("Failed to open system journal: %s", strerror(-r));
e40ec7ae 960
433dd100
LN		 961 r = 0;
962 }
d025f1e4
ZJS		 963 }
964
965 if (!s->runtime_journal &&
966 (s->storage != STORAGE_NONE)) {
967
968 fn = strjoin("/run/log/journal/", ids, "/system.journal", NULL);
969 if (!fn)
970 return -ENOMEM;
971
972 if (s->system_journal) {
973
974 /* Try to open the runtime journal, but only
975 * if it already exists, so that we can flush
976 * it into the system journal */
977
978 r = journal_file_open(fn, O_RDWR, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
979 free(fn);
980
981 if (r < 0) {
982 if (r != -ENOENT)
983 log_warning("Failed to open runtime journal: %s", strerror(-r));
984
985 r = 0;
986 }
987
988 } else {
989
990 /* OK, we really need the runtime journal, so create
991 * it if necessary. */
992
993 (void) mkdir_parents(fn, 0755);
994 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
995 free(fn);
996
997 if (r < 0) {
998 log_error("Failed to open runtime journal: %s", strerror(-r));
999 return r;
1000 }
1001 }
1002
670b110c 1003 if (s->runtime_journal)
d025f1e4 1004 server_fix_perms(s, s->runtime_journal, 0);
d025f1e4
ZJS		 1005 }
1006
670b110c
ZJS		 1007 available_space(s, true);
1008
d025f1e4
ZJS		 1009 return r;
1010}
1011
1012int server_flush_to_var(Server *s) {
d025f1e4
ZJS		 1013 sd_id128_t machine;
1014 sd_journal *j = NULL;
fbb63411
LP		 1015 char ts[FORMAT_TIMESPAN_MAX];
1016 usec_t start;
1017 unsigned n = 0;
1018 int r;
d025f1e4
ZJS		 1019
1020 assert(s);
1021
1022 if (s->storage != STORAGE_AUTO &&
1023 s->storage != STORAGE_PERSISTENT)
1024 return 0;
1025
1026 if (!s->runtime_journal)
1027 return 0;
1028
1029 system_journal_open(s);
1030
1031 if (!s->system_journal)
1032 return 0;
1033
1034 log_debug("Flushing to /var...");
1035
fbb63411
LP		 1036 start = now(CLOCK_MONOTONIC);
1037
d025f1e4 1038 r = sd_id128_get_machine(&machine);
00a16861 1039 if (r < 0)
d025f1e4 1040 return r;
d025f1e4
ZJS		 1041
1042 r = sd_journal_open(&j, SD_JOURNAL_RUNTIME_ONLY);
1043 if (r < 0) {
1044 log_error("Failed to read runtime journal: %s", strerror(-r));
1045 return r;
1046 }
1047
93b73b06
LP		 1048 sd_journal_set_data_threshold(j, 0);
1049
d025f1e4
ZJS		 1050 SD_JOURNAL_FOREACH(j) {
1051 Object *o = NULL;
1052 JournalFile *f;
1053
1054 f = j->current_file;
1055 assert(f && f->current_offset > 0);
1056
fbb63411
LP		 1057 n++;
1058
d025f1e4
ZJS		 1059 r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
1060 if (r < 0) {
1061 log_error("Can't read entry: %s", strerror(-r));
1062 goto finish;
1063 }
1064
1065 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
1066 if (r >= 0)
1067 continue;
1068
1069 if (!shall_try_append_again(s->system_journal, r)) {
1070 log_error("Can't write entry: %s", strerror(-r));
1071 goto finish;
1072 }
1073
1074 server_rotate(s);
1075 server_vacuum(s);
1076
253f59df
LP		 1077 if (!s->system_journal) {
1078 log_notice("Didn't flush runtime journal since rotation of system journal wasn't successful.");
1079 r = -EIO;
1080 goto finish;
1081 }
1082
d025f1e4
ZJS		 1083 log_debug("Retrying write.");
1084 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
1085 if (r < 0) {
1086 log_error("Can't write entry: %s", strerror(-r));
1087 goto finish;
1088 }
1089 }
1090
1091finish:
1092 journal_file_post_change(s->system_journal);
1093
1094 journal_file_close(s->runtime_journal);
1095 s->runtime_journal = NULL;
1096
1097 if (r >= 0)
1098 rm_rf("/run/log/journal", false, true, false);
1099
763c7aa2 1100 sd_journal_close(j);
d025f1e4 1101
fbb63411
LP		 1102 server_driver_message(s, SD_ID128_NULL, "Time spent on flushing to /var is %s for %u entries.", format_timespan(ts, sizeof(ts), now(CLOCK_MONOTONIC) - start, 0), n);
1103
d025f1e4
ZJS		 1104 return r;
1105}
1106
f9a810be
LP		 1107int process_datagram(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
1108 Server *s = userdata;
1109
d025f1e4 1110 assert(s);
f9a810be
LP		 1111 assert(fd == s->native_fd || fd == s->syslog_fd);
1112
1113 if (revents != EPOLLIN) {
1114 log_error("Got invalid event from epoll for datagram fd: %"PRIx32, revents);
1115 return -EIO;
1116 }
1117
1118 for (;;) {
1119 struct ucred *ucred = NULL;
1120 struct timeval *tv = NULL;
1121 struct cmsghdr *cmsg;
1122 char *label = NULL;
1123 size_t label_len = 0;
1124 struct iovec iovec;
1125
1126 union {
1127 struct cmsghdr cmsghdr;
1128
bdd13f6b
ZJS		 1129 /* We use NAME_MAX space for the SELinux label
1130 * here. The kernel currently enforces no
1131 * limit, but according to suggestions from
1132 * the SELinux people this will change and it
1133 * will probably be identical to NAME_MAX. For
1134 * now we use that, but this should be updated
1135 * one day when the final limit is known.*/
f9a810be
LP		 1136 uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
1137 CMSG_SPACE(sizeof(struct timeval)) +
1138 CMSG_SPACE(sizeof(int)) + /* fd */
1139 CMSG_SPACE(NAME_MAX)]; /* selinux label */
1140 } control = {};
1141 struct msghdr msghdr = {
1142 .msg_iov = &iovec,
1143 .msg_iovlen = 1,
1144 .msg_control = &control,
1145 .msg_controllen = sizeof(control),
1146 };
d025f1e4 1147
d025f1e4 1148 ssize_t n;
f9a810be
LP		 1149 int v;
1150 int *fds = NULL;
1151 unsigned n_fds = 0;
d025f1e4 1152
f9a810be
LP		 1153 if (ioctl(fd, SIOCINQ, &v) < 0) {
1154 log_error("SIOCINQ failed: %m");
1155 return -errno;
d025f1e4
ZJS		 1156 }
1157
f9a810be
LP		 1158 if (!GREEDY_REALLOC(s->buffer, s->buffer_size, LINE_MAX + (size_t) v))
1159 return log_oom();
d025f1e4 1160
f9a810be
LP		 1161 iovec.iov_base = s->buffer;
1162 iovec.iov_len = s->buffer_size;
d025f1e4 1163
f9a810be
LP		 1164 n = recvmsg(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
1165 if (n < 0) {
d025f1e4 1166 if (errno == EINTR || errno == EAGAIN)
f9a810be 1167 return 0;
d025f1e4 1168
f9a810be 1169 log_error("recvmsg() failed: %m");
d025f1e4
ZJS		 1170 return -errno;
1171 }
1172
f9a810be
LP		 1173 for (cmsg = CMSG_FIRSTHDR(&msghdr); cmsg; cmsg = CMSG_NXTHDR(&msghdr, cmsg)) {
1174
1175 if (cmsg->cmsg_level == SOL_SOCKET &&
1176 cmsg->cmsg_type == SCM_CREDENTIALS &&
1177 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
1178 ucred = (struct ucred*) CMSG_DATA(cmsg);
1179 else if (cmsg->cmsg_level == SOL_SOCKET &&
1180 cmsg->cmsg_type == SCM_SECURITY) {
1181 label = (char*) CMSG_DATA(cmsg);
1182 label_len = cmsg->cmsg_len - CMSG_LEN(0);
1183 } else if (cmsg->cmsg_level == SOL_SOCKET &&
1184 cmsg->cmsg_type == SO_TIMESTAMP &&
1185 cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval)))
1186 tv = (struct timeval*) CMSG_DATA(cmsg);
1187 else if (cmsg->cmsg_level == SOL_SOCKET &&
1188 cmsg->cmsg_type == SCM_RIGHTS) {
1189 fds = (int*) CMSG_DATA(cmsg);
1190 n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
1191 }
d025f1e4
ZJS		 1192 }
1193
f9a810be
LP		 1194 if (fd == s->syslog_fd) {
1195 if (n > 0 && n_fds == 0) {
1196 s->buffer[n] = 0;
1197 server_process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len);
1198 } else if (n_fds > 0)
1199 log_warning("Got file descriptors via syslog socket. Ignoring.");
d025f1e4 1200
f9a810be
LP		 1201 } else {
1202 if (n > 0 && n_fds == 0)
1203 server_process_native_message(s, s->buffer, n, ucred, tv, label, label_len);
1204 else if (n == 0 && n_fds == 1)
1205 server_process_native_file(s, fds[0], ucred, tv, label, label_len);
1206 else if (n_fds > 0)
1207 log_warning("Got too many file descriptors via native socket. Ignoring.");
d025f1e4
ZJS		 1208 }
1209
f9a810be
LP		 1210 close_many(fds, n_fds);
1211 }
f9a810be 1212}
d025f1e4 1213
f9a810be
LP		 1214static int dispatch_sigusr1(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1215 Server *s = userdata;
d025f1e4 1216
f9a810be 1217 assert(s);
d025f1e4 1218
f9a810be 1219 log_info("Received request to flush runtime journal from PID %"PRIu32, si->ssi_pid);
d025f1e4 1220
f9a810be
LP		 1221 touch("/run/systemd/journal/flushed");
1222 server_flush_to_var(s);
1223 server_sync(s);
d025f1e4 1224
f9a810be
LP		 1225 return 0;
1226}
d025f1e4 1227
f9a810be
LP		 1228static int dispatch_sigusr2(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1229 Server *s = userdata;
d025f1e4 1230
f9a810be 1231 assert(s);
d025f1e4 1232
f9a810be
LP		 1233 log_info("Received request to rotate journal from PID %"PRIu32, si->ssi_pid);
1234 server_rotate(s);
1235 server_vacuum(s);
d025f1e4 1236
f9a810be
LP		 1237 return 0;
1238}
d025f1e4 1239
f9a810be
LP		 1240static int dispatch_sigterm(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1241 Server *s = userdata;
d025f1e4 1242
f9a810be 1243 assert(s);
d025f1e4 1244
4daf54a8 1245 log_received_signal(LOG_INFO, si);
d025f1e4 1246
6203e07a 1247 sd_event_exit(s->event, 0);
d025f1e4
ZJS		 1248 return 0;
1249}
1250
f9a810be 1251static int setup_signals(Server *s) {
d025f1e4 1252 sigset_t mask;
f9a810be 1253 int r;
d025f1e4
ZJS		 1254
1255 assert(s);
1256
1257 assert_se(sigemptyset(&mask) == 0);
1258 sigset_add_many(&mask, SIGINT, SIGTERM, SIGUSR1, SIGUSR2, -1);
1259 assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);
1260
151b9b96 1261 r = sd_event_add_signal(s->event, &s->sigusr1_event_source, SIGUSR1, dispatch_sigusr1, s);
f9a810be
LP		 1262 if (r < 0)
1263 return r;
1264
151b9b96 1265 r = sd_event_add_signal(s->event, &s->sigusr2_event_source, SIGUSR2, dispatch_sigusr2, s);
f9a810be
LP		 1266 if (r < 0)
1267 return r;
d025f1e4 1268
151b9b96 1269 r = sd_event_add_signal(s->event, &s->sigterm_event_source, SIGTERM, dispatch_sigterm, s);
f9a810be
LP		 1270 if (r < 0)
1271 return r;
d025f1e4 1272
151b9b96 1273 r = sd_event_add_signal(s->event, &s->sigint_event_source, SIGINT, dispatch_sigterm, s);
f9a810be
LP		 1274 if (r < 0)
1275 return r;
d025f1e4
ZJS		 1276
1277 return 0;
1278}
1279
1280static int server_parse_proc_cmdline(Server *s) {
7fd1b19b 1281 _cleanup_free_ char *line = NULL;
db91ea32 1282 char *w, *state;
d025f1e4 1283 size_t l;
74df0fca 1284 int r;
d025f1e4 1285
74df0fca
LP		 1286 r = proc_cmdline(&line);
1287 if (r < 0)
d025f1e4 1288 log_warning("Failed to read /proc/cmdline, ignoring: %s", strerror(-r));
74df0fca 1289 if (r <= 0)
d025f1e4 1290 return 0;
d025f1e4
ZJS		 1291
1292 FOREACH_WORD_QUOTED(w, l, line, state) {
7fd1b19b 1293 _cleanup_free_ char *word;
d025f1e4
ZJS		 1294
1295 word = strndup(w, l);
db91ea32
ZJS		 1296 if (!word)
1297 return -ENOMEM;
d025f1e4
ZJS		 1298
1299 if (startswith(word, "systemd.journald.forward_to_syslog=")) {
1300 r = parse_boolean(word + 35);
1301 if (r < 0)
1302 log_warning("Failed to parse forward to syslog switch %s. Ignoring.", word + 35);
1303 else
1304 s->forward_to_syslog = r;
1305 } else if (startswith(word, "systemd.journald.forward_to_kmsg=")) {
1306 r = parse_boolean(word + 33);
1307 if (r < 0)
1308 log_warning("Failed to parse forward to kmsg switch %s. Ignoring.", word + 33);
1309 else
1310 s->forward_to_kmsg = r;
1311 } else if (startswith(word, "systemd.journald.forward_to_console=")) {
1312 r = parse_boolean(word + 36);
1313 if (r < 0)
1314 log_warning("Failed to parse forward to console switch %s. Ignoring.", word + 36);
1315 else
1316 s->forward_to_console = r;
40b71e89
ST		 1317 } else if (startswith(word, "systemd.journald.forward_to_wall=")) {
1318 r = parse_boolean(word + 33);
1319 if (r < 0)
1320 log_warning("Failed to parse forward to wall switch %s. Ignoring.", word + 33);
1321 else
1322 s->forward_to_wall = r;
d025f1e4
ZJS		 1323 } else if (startswith(word, "systemd.journald"))
1324 log_warning("Invalid systemd.journald parameter. Ignoring.");
d025f1e4
ZJS		 1325 }
1326
db91ea32 1327 return 0;
d025f1e4
ZJS		 1328}
1329
1330static int server_parse_config_file(Server *s) {
db5c0122 1331 static const char fn[] = "/etc/systemd/journald.conf";
7fd1b19b 1332 _cleanup_fclose_ FILE *f = NULL;
d025f1e4
ZJS		 1333 int r;
1334
1335 assert(s);
1336
d025f1e4
ZJS		 1337 f = fopen(fn, "re");
1338 if (!f) {
1339 if (errno == ENOENT)
1340 return 0;
1341
1342 log_warning("Failed to open configuration file %s: %m", fn);
1343 return -errno;
1344 }
1345
e8e581bf 1346 r = config_parse(NULL, fn, f, "Journal\0", config_item_perf_lookup,
db5c0122 1347 (void*) journald_gperf_lookup, false, false, s);
d025f1e4
ZJS		 1348 if (r < 0)
1349 log_warning("Failed to parse configuration file: %s", strerror(-r));
1350
d025f1e4
ZJS		 1351 return r;
1352}
1353
f9a810be
LP		 1354static int server_dispatch_sync(sd_event_source *es, usec_t t, void *userdata) {
1355 Server *s = userdata;
26687bf8
OS		 1356
1357 assert(s);
1358
f9a810be 1359 server_sync(s);
26687bf8
OS		 1360 return 0;
1361}
1362
d07f7b9e 1363int server_schedule_sync(Server *s, int priority) {
26687bf8
OS		 1364 int r;
1365
26687bf8
OS		 1366 assert(s);
1367
d07f7b9e
LP		 1368 if (priority <= LOG_CRIT) {
1369 /* Immediately sync to disk when this is of priority CRIT, ALERT, EMERG */
1370 server_sync(s);
1371 return 0;
1372 }
1373
26687bf8
OS		 1374 if (s->sync_scheduled)
1375 return 0;
1376
f9a810be
LP		 1377 if (s->sync_interval_usec > 0) {
1378 usec_t when;
ca267016 1379
f9a810be
LP		 1380 r = sd_event_get_now_monotonic(s->event, &when);
1381 if (r < 0)
1382 return r;
26687bf8 1383
f9a810be
LP		 1384 when += s->sync_interval_usec;
1385
1386 if (!s->sync_event_source) {
151b9b96 1387 r = sd_event_add_monotonic(s->event, &s->sync_event_source, when, 0, server_dispatch_sync, s);
f9a810be
LP		 1388 if (r < 0)
1389 return r;
1390
1391 r = sd_event_source_set_priority(s->sync_event_source, SD_EVENT_PRIORITY_IMPORTANT);
1392 } else {
1393 r = sd_event_source_set_time(s->sync_event_source, when);
1394 if (r < 0)
1395 return r;
1396
1397 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_ONESHOT);
1398 }
26687bf8 1399 if (r < 0)
f9a810be 1400 return r;
26687bf8 1401
f9a810be
LP		 1402 s->sync_scheduled = true;
1403 }
26687bf8
OS		 1404
1405 return 0;
1406}
1407
0c24bb23
LP		 1408static int dispatch_hostname_change(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
1409 Server *s = userdata;
1410
1411 assert(s);
1412
1413 server_cache_hostname(s);
1414 return 0;
1415}
1416
1417static int server_open_hostname(Server *s) {
1418 int r;
1419
1420 assert(s);
1421
1422 s->hostname_fd = open("/proc/sys/kernel/hostname", O_RDONLY|O_CLOEXEC|O_NDELAY|O_NOCTTY);
1423 if (s->hostname_fd < 0) {
1424 log_error("Failed to open /proc/sys/kernel/hostname: %m");
1425 return -errno;
1426 }
1427
151b9b96 1428 r = sd_event_add_io(s->event, &s->hostname_event_source, s->hostname_fd, 0, dispatch_hostname_change, s);
0c24bb23 1429 if (r < 0) {
28def94c
DR		 1430 /* kernels prior to 3.2 don't support polling this file. Ignore
1431 * the failure. */
1432 if (r == -EPERM) {
1433 log_warning("Failed to register hostname fd in event loop: %s. Ignoring.",
1434 strerror(-r));
03e334a1 1435 s->hostname_fd = safe_close(s->hostname_fd);
28def94c
DR		 1436 return 0;
1437 }
1438
0c24bb23
LP		 1439 log_error("Failed to register hostname fd in event loop: %s", strerror(-r));
1440 return r;
1441 }
1442
1443 r = sd_event_source_set_priority(s->hostname_event_source, SD_EVENT_PRIORITY_IMPORTANT-10);
1444 if (r < 0) {
1445 log_error("Failed to adjust priority of host name event source: %s", strerror(-r));
1446 return r;
1447 }
1448
1449 return 0;
1450}
1451
d025f1e4
ZJS		 1452int server_init(Server *s) {
1453 int n, r, fd;
1454
1455 assert(s);
1456
1457 zero(*s);
0c24bb23 1458 s->syslog_fd = s->native_fd = s->stdout_fd = s->dev_kmsg_fd = s->hostname_fd = -1;
d025f1e4
ZJS		 1459 s->compress = true;
1460 s->seal = true;
1461
26687bf8
OS		 1462 s->sync_interval_usec = DEFAULT_SYNC_INTERVAL_USEC;
1463 s->sync_scheduled = false;
1464
d025f1e4
ZJS		 1465 s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL;
1466 s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST;
1467
1468 s->forward_to_syslog = true;
40b71e89 1469 s->forward_to_wall = true;
d025f1e4
ZJS		 1470
1471 s->max_level_store = LOG_DEBUG;
1472 s->max_level_syslog = LOG_DEBUG;
1473 s->max_level_kmsg = LOG_NOTICE;
1474 s->max_level_console = LOG_INFO;
40b71e89 1475 s->max_level_wall = LOG_EMERG;
d025f1e4
ZJS		 1476
1477 memset(&s->system_metrics, 0xFF, sizeof(s->system_metrics));
1478 memset(&s->runtime_metrics, 0xFF, sizeof(s->runtime_metrics));
1479
1480 server_parse_config_file(s);
1481 server_parse_proc_cmdline(s);
d288f79f
ZJS		 1482 if (!!s->rate_limit_interval ^ !!s->rate_limit_burst) {
1483 log_debug("Setting both rate limit interval and burst from %llu,%u to 0,0",
1484 (long long unsigned) s->rate_limit_interval,
1485 s->rate_limit_burst);
1486 s->rate_limit_interval = s->rate_limit_burst = 0;
1487 }
d025f1e4
ZJS		 1488
1489 mkdir_p("/run/systemd/journal", 0755);
1490
1491 s->user_journals = hashmap_new(trivial_hash_func, trivial_compare_func);
1492 if (!s->user_journals)
1493 return log_oom();
1494
1495 s->mmap = mmap_cache_new();
1496 if (!s->mmap)
1497 return log_oom();
1498
f9a810be
LP		 1499 r = sd_event_default(&s->event);
1500 if (r < 0) {
1501 log_error("Failed to create event loop: %s", strerror(-r));
1502 return r;
d025f1e4
ZJS		 1503 }
1504
f9a810be
LP		 1505 sd_event_set_watchdog(s->event, true);
1506
d025f1e4
ZJS		 1507 n = sd_listen_fds(true);
1508 if (n < 0) {
1509 log_error("Failed to read listening file descriptors from environment: %s", strerror(-n));
1510 return n;
1511 }
1512
1513 for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
1514
1515 if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/socket", 0) > 0) {
1516
1517 if (s->native_fd >= 0) {
1518 log_error("Too many native sockets passed.");
1519 return -EINVAL;
1520 }
1521
1522 s->native_fd = fd;
1523
1524 } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, "/run/systemd/journal/stdout", 0) > 0) {
1525
1526 if (s->stdout_fd >= 0) {
1527 log_error("Too many stdout sockets passed.");
1528 return -EINVAL;
1529 }
1530
1531 s->stdout_fd = fd;
1532
1533 } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0) {
1534
1535 if (s->syslog_fd >= 0) {
1536 log_error("Too many /dev/log sockets passed.");
1537 return -EINVAL;
1538 }
1539
1540 s->syslog_fd = fd;
1541
1542 } else {
1543 log_error("Unknown socket passed.");
1544 return -EINVAL;
1545 }
1546 }
1547
1548 r = server_open_syslog_socket(s);
1549 if (r < 0)
1550 return r;
1551
1552 r = server_open_native_socket(s);
1553 if (r < 0)
1554 return r;
1555
1556 r = server_open_stdout_socket(s);
1557 if (r < 0)
1558 return r;
1559
1560 r = server_open_dev_kmsg(s);
1561 if (r < 0)
1562 return r;
1563
1564 r = server_open_kernel_seqnum(s);
1565 if (r < 0)
1566 return r;
1567
0c24bb23
LP		 1568 r = server_open_hostname(s);
1569 if (r < 0)
1570 return r;
1571
f9a810be 1572 r = setup_signals(s);
d025f1e4
ZJS		 1573 if (r < 0)
1574 return r;
1575
1576 s->udev = udev_new();
1577 if (!s->udev)
1578 return -ENOMEM;
1579
f9a810be 1580 s->rate_limit = journal_rate_limit_new(s->rate_limit_interval, s->rate_limit_burst);
d025f1e4
ZJS		 1581 if (!s->rate_limit)
1582 return -ENOMEM;
1583
e9174f29
LP		 1584 r = cg_get_root_path(&s->cgroup_root);
1585 if (r < 0)
1586 return r;
1587
0c24bb23
LP		 1588 server_cache_hostname(s);
1589 server_cache_boot_id(s);
1590 server_cache_machine_id(s);
1591
d025f1e4
ZJS		 1592 r = system_journal_open(s);
1593 if (r < 0)
1594 return r;
1595
1596 return 0;
1597}
1598
1599void server_maybe_append_tags(Server *s) {
1600#ifdef HAVE_GCRYPT
1601 JournalFile *f;
1602 Iterator i;
1603 usec_t n;
1604
1605 n = now(CLOCK_REALTIME);
1606
1607 if (s->system_journal)
1608 journal_file_maybe_append_tag(s->system_journal, n);
1609
1610 HASHMAP_FOREACH(f, s->user_journals, i)
1611 journal_file_maybe_append_tag(f, n);
1612#endif
1613}
1614
1615void server_done(Server *s) {
1616 JournalFile *f;
1617 assert(s);
1618
1619 while (s->stdout_streams)
1620 stdout_stream_free(s->stdout_streams);
1621
1622 if (s->system_journal)
1623 journal_file_close(s->system_journal);
1624
1625 if (s->runtime_journal)
1626 journal_file_close(s->runtime_journal);
1627
1628 while ((f = hashmap_steal_first(s->user_journals)))
1629 journal_file_close(f);
1630
1631 hashmap_free(s->user_journals);
1632
f9a810be
LP		 1633 sd_event_source_unref(s->syslog_event_source);
1634 sd_event_source_unref(s->native_event_source);
1635 sd_event_source_unref(s->stdout_event_source);
1636 sd_event_source_unref(s->dev_kmsg_event_source);
1637 sd_event_source_unref(s->sync_event_source);
1638 sd_event_source_unref(s->sigusr1_event_source);
1639 sd_event_source_unref(s->sigusr2_event_source);
1640 sd_event_source_unref(s->sigterm_event_source);
1641 sd_event_source_unref(s->sigint_event_source);
0c24bb23 1642 sd_event_source_unref(s->hostname_event_source);
f9a810be 1643 sd_event_unref(s->event);
d025f1e4 1644
03e334a1
LP		 1645 safe_close(s->syslog_fd);
1646 safe_close(s->native_fd);
1647 safe_close(s->stdout_fd);
1648 safe_close(s->dev_kmsg_fd);
1649 safe_close(s->hostname_fd);
0c24bb23 1650
d025f1e4
ZJS		 1651 if (s->rate_limit)
1652 journal_rate_limit_free(s->rate_limit);
1653
1654 if (s->kernel_seqnum)
1655 munmap(s->kernel_seqnum, sizeof(uint64_t));
1656
1657 free(s->buffer);
1658 free(s->tty_path);
e9174f29 1659 free(s->cgroup_root);
d025f1e4
ZJS		 1660
1661 if (s->mmap)
1662 mmap_cache_unref(s->mmap);
1663
1664 if (s->udev)
1665 udev_unref(s->udev);
1666}
Unnamed repository; edit this file 'description' to name the repository.