]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/journal/journald.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
journalctl: complain if unprivileged users attempt to access the journal and persista...
[thirdparty/systemd.git] / src / journal / journald.c
CommitLineData
87d2c1ff
LP		 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3/***
4 This file is part of systemd.
5
6 Copyright 2011 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
87d2c1ff
LP		 11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 16 Lesser General Public License for more details.
87d2c1ff 17
5430f7f2 18 You should have received a copy of the GNU Lesser General Public License
87d2c1ff
LP		 19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
22#include <sys/epoll.h>
23#include <sys/socket.h>
24#include <errno.h>
25#include <sys/signalfd.h>
26#include <unistd.h>
27#include <fcntl.h>
7f3e6257
LP		 28#include <stddef.h>
29#include <sys/ioctl.h>
30#include <linux/sockios.h>
6e409ce1 31#include <sys/statvfs.h>
cee5e9a7 32#include <sys/mman.h>
87d2c1ff 33
bdfb9e7f 34#include <libudev.h>
81527be1 35#include <systemd/sd-journal.h>
81527be1
LP		 36#include <systemd/sd-messages.h>
37#include <systemd/sd-daemon.h>
38
ba1261bc
LP		 39#ifdef HAVE_LOGIND
40#include <systemd/sd-login.h>
41#endif
42
49e942b2 43#include "mkdir.h"
87d2c1ff 44#include "hashmap.h"
cec736d2 45#include "journal-file.h"
87d2c1ff 46#include "socket-util.h"
69e5d42d 47#include "cgroup-util.h"
fe652127 48#include "list.h"
35e2e347
LP		 49#include "virt.h"
50#include "missing.h"
51#include "conf-parser.h"
cf244689 52#include "journal-internal.h"
0284adc6 53#include "journal-vacuum.h"
89fef990 54#include "journal-authenticate.h"
e6960940 55#include "journald.h"
d2bd7630 56#include "journald-rate-limit.h"
ef63833d 57#include "journald-kmsg.h"
35e2e347 58#include "journald-syslog.h"
a45b9fca 59#include "journald-stream.h"
3b7124a8 60#include "journald-console.h"
0153028a 61#include "journald-native.h"
87d2c1ff 62
e6520a0f
LP		 63#ifdef HAVE_ACL
64#include <sys/acl.h>
65#include <acl/libacl.h>
79c07722 66#include "acl-util.h"
e6520a0f
LP		 67#endif
68
8a0f04e6
LP		 69#ifdef HAVE_SELINUX
70#include <selinux/selinux.h>
71#endif
72
cab8ac60 73#define USER_JOURNALS_MAX 1024
fe652127 74
de97b26a
LP		 75#define DEFAULT_RATE_LIMIT_INTERVAL (10*USEC_PER_SEC)
76#define DEFAULT_RATE_LIMIT_BURST 200
77
9cfb57c9
LP		 78#define RECHECK_AVAILABLE_SPACE_USEC (30*USEC_PER_SEC)
79
e156d769
LP		 80static const char* const storage_table[] = {
81 [STORAGE_AUTO] = "auto",
82 [STORAGE_VOLATILE] = "volatile",
205c4d1d 83 [STORAGE_PERSISTENT] = "persistent",
e156d769
LP		 84 [STORAGE_NONE] = "none"
85};
86
87DEFINE_STRING_TABLE_LOOKUP(storage, Storage);
88DEFINE_CONFIG_PARSE_ENUM(config_parse_storage, storage, Storage, "Failed to parse storage setting");
89
6e409ce1 90static uint64_t available_space(Server *s) {
babfc091 91 char ids[33], *p;
6e409ce1 92 const char *f;
babfc091 93 sd_id128_t machine;
6e409ce1
LP		 94 struct statvfs ss;
95 uint64_t sum = 0, avail = 0, ss_avail = 0;
96 int r;
97 DIR *d;
babfc091
LP		 98 usec_t ts;
99 JournalMetrics *m;
100
101 ts = now(CLOCK_MONOTONIC);
9cfb57c9
LP		 102
103 if (s->cached_available_space_timestamp + RECHECK_AVAILABLE_SPACE_USEC > ts)
104 return s->cached_available_space;
6e409ce1
LP		 105
106 r = sd_id128_get_machine(&machine);
107 if (r < 0)
108 return 0;
109
babfc091 110 if (s->system_journal) {
6e409ce1 111 f = "/var/log/journal/";
babfc091
LP		 112 m = &s->system_metrics;
113 } else {
6e409ce1 114 f = "/run/log/journal/";
babfc091
LP		 115 m = &s->runtime_metrics;
116 }
117
118 assert(m);
6e409ce1
LP		 119
120 p = strappend(f, sd_id128_to_string(machine, ids));
121 if (!p)
122 return 0;
123
124 d = opendir(p);
125 free(p);
126
127 if (!d)
128 return 0;
129
130 if (fstatvfs(dirfd(d), &ss) < 0)
131 goto finish;
132
133 for (;;) {
134 struct stat st;
135 struct dirent buf, *de;
6e409ce1 136
34a35ece
LP		 137 r = readdir_r(d, &buf, &de);
138 if (r != 0)
139 break;
6e409ce1
LP		 140
141 if (!de)
142 break;
143
c0421793
LP		 144 if (!endswith(de->d_name, ".journal") &&
145 !endswith(de->d_name, ".journal~"))
6e409ce1
LP		 146 continue;
147
148 if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0)
149 continue;
150
a3a52c0f
LP		 151 if (!S_ISREG(st.st_mode))
152 continue;
153
154 sum += (uint64_t) st.st_blocks * 512UL;
6e409ce1
LP		 155 }
156
babfc091 157 avail = sum >= m->max_use ? 0 : m->max_use - sum;
6e409ce1
LP		 158
159 ss_avail = ss.f_bsize * ss.f_bavail;
160
babfc091 161 ss_avail = ss_avail < m->keep_free ? 0 : ss_avail - m->keep_free;
6e409ce1
LP		 162
163 if (ss_avail < avail)
164 avail = ss_avail;
165
9cfb57c9
LP		 166 s->cached_available_space = avail;
167 s->cached_available_space_timestamp = ts;
168
6e409ce1
LP		 169finish:
170 closedir(d);
171
172 return avail;
173}
174
5e41cfec
LP		 175static void server_read_file_gid(Server *s) {
176 const char *adm = "adm";
177 int r;
178
179 assert(s);
180
181 if (s->file_gid_valid)
182 return;
183
184 r = get_group_creds(&adm, &s->file_gid);
185 if (r < 0)
186 log_warning("Failed to resolve 'adm' group: %s", strerror(-r));
187
188 /* if we couldn't read the gid, then it will be 0, but that's
189 * fine and we shouldn't try to resolve the group again, so
190 * let's just pretend it worked right-away. */
191 s->file_gid_valid = true;
192}
193
194static void server_fix_perms(Server *s, JournalFile *f, uid_t uid) {
e6520a0f
LP		 195 int r;
196#ifdef HAVE_ACL
f4b47811
LP		 197 acl_t acl;
198 acl_entry_t entry;
199 acl_permset_t permset;
e6520a0f 200#endif
f4b47811
LP		 201
202 assert(f);
203
5e41cfec
LP		 204 server_read_file_gid(s);
205
206 r = fchmod_and_fchown(f->fd, 0640, 0, s->file_gid);
f4b47811
LP		 207 if (r < 0)
208 log_warning("Failed to fix access mode/rights on %s, ignoring: %s", f->path, strerror(-r));
209
e6520a0f 210#ifdef HAVE_ACL
f4b47811
LP		 211 if (uid <= 0)
212 return;
213
214 acl = acl_get_fd(f->fd);
215 if (!acl) {
216 log_warning("Failed to read ACL on %s, ignoring: %m", f->path);
217 return;
218 }
219
220 r = acl_find_uid(acl, uid, &entry);
221 if (r <= 0) {
222
223 if (acl_create_entry(&acl, &entry) < 0 ||
224 acl_set_tag_type(entry, ACL_USER) < 0 ||
225 acl_set_qualifier(entry, &uid) < 0) {
226 log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
227 goto finish;
228 }
229 }
230
231 if (acl_get_permset(entry, &permset) < 0 ||
232 acl_add_perm(permset, ACL_READ) < 0 ||
233 acl_calc_mask(&acl) < 0) {
234 log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
235 goto finish;
236 }
237
238 if (acl_set_fd(f->fd, acl) < 0)
239 log_warning("Failed to set ACL on %s, ignoring: %m", f->path);
240
241finish:
242 acl_free(acl);
e6520a0f 243#endif
f4b47811
LP		 244}
245
246static JournalFile* find_journal(Server *s, uid_t uid) {
247 char *p;
248 int r;
249 JournalFile *f;
3fbf9cbb 250 sd_id128_t machine;
f4b47811
LP		 251
252 assert(s);
253
cf244689
LP		 254 /* We split up user logs only on /var, not on /run. If the
255 * runtime file is open, we write to it exclusively, in order
256 * to guarantee proper order as soon as we flush /run to
257 * /var and close the runtime file. */
258
259 if (s->runtime_journal)
f4b47811
LP		 260 return s->runtime_journal;
261
262 if (uid <= 0)
263 return s->system_journal;
264
3fbf9cbb
LP		 265 r = sd_id128_get_machine(&machine);
266 if (r < 0)
267 return s->system_journal;
268
f4b47811
LP		 269 f = hashmap_get(s->user_journals, UINT32_TO_PTR(uid));
270 if (f)
271 return f;
272
7560fffc
LP		 273 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/user-%lu.journal",
274 SD_ID128_FORMAT_VAL(machine), (unsigned long) uid) < 0)
f4b47811
LP		 275 return s->system_journal;
276
cab8ac60
LP		 277 while (hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
278 /* Too many open? Then let's close one */
279 f = hashmap_steal_first(s->user_journals);
280 assert(f);
281 journal_file_close(f);
282 }
283
eb53b74f 284 r = journal_file_open_reliably(p, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, s->system_journal, &f);
f4b47811
LP		 285 free(p);
286
287 if (r < 0)
288 return s->system_journal;
289
5e41cfec 290 server_fix_perms(s, f, uid);
f4b47811
LP		 291
292 r = hashmap_put(s->user_journals, UINT32_TO_PTR(uid), f);
293 if (r < 0) {
294 journal_file_close(f);
295 return s->system_journal;
296 }
297
298 return f;
299}
300
b1a0ab71
LP		 301static void server_rotate(Server *s) {
302 JournalFile *f;
bc85bfee 303 void *k;
b1a0ab71 304 Iterator i;
bc85bfee 305 int r;
bc85bfee
LP		 306
307 log_info("Rotating...");
308
309 if (s->runtime_journal) {
7560fffc 310 r = journal_file_rotate(&s->runtime_journal, s->compress, false);
bc85bfee 311 if (r < 0)
499fb215
SS		 312 if (s->runtime_journal)
313 log_error("Failed to rotate %s: %s", s->runtime_journal->path, strerror(-r));
314 else
315 log_error("Failed to create new runtime journal: %s", strerror(-r));
5e62067d
LP		 316 else
317 server_fix_perms(s, s->runtime_journal, 0);
bc85bfee
LP		 318 }
319
320 if (s->system_journal) {
eb53b74f 321 r = journal_file_rotate(&s->system_journal, s->compress, s->seal);
bc85bfee 322 if (r < 0)
499fb215
SS		 323 if (s->system_journal)
324 log_error("Failed to rotate %s: %s", s->system_journal->path, strerror(-r));
325 else
326 log_error("Failed to create new system journal: %s", strerror(-r));
327
5e62067d
LP		 328 else
329 server_fix_perms(s, s->system_journal, 0);
bc85bfee
LP		 330 }
331
332 HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
eb53b74f 333 r = journal_file_rotate(&f, s->compress, s->seal);
bc85bfee 334 if (r < 0)
499fb215
SS		 335 if (f->path)
336 log_error("Failed to rotate %s: %s", f->path, strerror(-r));
337 else
338 log_error("Failed to create user journal: %s", strerror(-r));
5e62067d 339 else {
bc85bfee 340 hashmap_replace(s->user_journals, k, f);
5e62067d
LP		 341 server_fix_perms(s, s->system_journal, PTR_TO_UINT32(k));
342 }
bc85bfee 343 }
b1a0ab71
LP		 344}
345
346static void server_vacuum(Server *s) {
347 char *p;
348 char ids[33];
349 sd_id128_t machine;
350 int r;
bc85bfee
LP		 351
352 log_info("Vacuuming...");
353
354 r = sd_id128_get_machine(&machine);
355 if (r < 0) {
356 log_error("Failed to get machine ID: %s", strerror(-r));
357 return;
358 }
359
babfc091 360 sd_id128_to_string(machine, ids);
bc85bfee 361
babfc091 362 if (s->system_journal) {
99add6fd
LP		 363 p = strappend("/var/log/journal/", ids);
364 if (!p) {
0d0f0c50 365 log_oom();
babfc091
LP		 366 return;
367 }
bc85bfee 368
babfc091
LP		 369 r = journal_directory_vacuum(p, s->system_metrics.max_use, s->system_metrics.keep_free);
370 if (r < 0 && r != -ENOENT)
371 log_error("Failed to vacuum %s: %s", p, strerror(-r));
372 free(p);
bc85bfee
LP		 373 }
374
babfc091 375 if (s->runtime_journal) {
99add6fd
LP		 376 p = strappend("/run/log/journal/", ids);
377 if (!p) {
0d0f0c50 378 log_oom();
babfc091
LP		 379 return;
380 }
381
382 r = journal_directory_vacuum(p, s->runtime_metrics.max_use, s->runtime_metrics.keep_free);
383 if (r < 0 && r != -ENOENT)
384 log_error("Failed to vacuum %s: %s", p, strerror(-r));
385 free(p);
386 }
9cfb57c9
LP		 387
388 s->cached_available_space_timestamp = 0;
bc85bfee
LP		 389}
390
6e409ce1
LP		 391static char *shortened_cgroup_path(pid_t pid) {
392 int r;
393 char *process_path, *init_path, *path;
394
395 assert(pid > 0);
396
397 r = cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, pid, &process_path);
398 if (r < 0)
399 return NULL;
400
401 r = cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, 1, &init_path);
402 if (r < 0) {
403 free(process_path);
404 return NULL;
405 }
406
bad75c27
LP		 407 if (endswith(init_path, "/system"))
408 init_path[strlen(init_path) - 7] = 0;
409 else if (streq(init_path, "/"))
6e409ce1
LP		 410 init_path[0] = 0;
411
783d2675
LP		 412 if (startswith(process_path, init_path)) {
413 char *p;
414
415 p = strdup(process_path + strlen(init_path));
416 if (!p) {
417 free(process_path);
418 free(init_path);
419 return NULL;
420 }
421 path = p;
422 } else {
6e409ce1 423 path = process_path;
783d2675
LP		 424 process_path = NULL;
425 }
6e409ce1 426
783d2675 427 free(process_path);
6e409ce1
LP		 428 free(init_path);
429
430 return path;
431}
432
dca6219e
LP		 433static void write_to_journal(Server *s, uid_t uid, struct iovec *iovec, unsigned n) {
434 JournalFile *f;
435 bool vacuumed = false;
436 int r;
437
438 assert(s);
439 assert(iovec);
440 assert(n > 0);
441
442 f = find_journal(s, uid);
443 if (!f)
444 return;
445
446 if (journal_file_rotate_suggested(f)) {
447 log_info("Journal header limits reached or header out-of-date, rotating.");
448 server_rotate(s);
449 server_vacuum(s);
450 vacuumed = true;
c2a623d8
LP		 451
452 f = find_journal(s, uid);
453 if (!f)
454 return;
dca6219e
LP		 455 }
456
457 for (;;) {
458 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
459 if (r >= 0)
460 return;
461
462 if (vacuumed ||
463 (r != -E2BIG && /* hit limit */
464 r != -EFBIG && /* hit fs limit */
465 r != -EDQUOT && /* quota hit */
466 r != -ENOSPC && /* disk full */
467 r != -EBADMSG && /* corrupted */
468 r != -ENODATA && /* truncated */
469 r != -EHOSTDOWN && /* other machine */
71fa6f00
LP		 470 r != -EPROTONOSUPPORT && /* unsupported feature */
471 r != -EBUSY && /* unclean shutdown */
472 r != -ESHUTDOWN /* already archived */)) {
dca6219e
LP		 473 log_error("Failed to write entry, ignoring: %s", strerror(-r));
474 return;
475 }
476
477 if (r == -E2BIG || r == -EFBIG || r == EDQUOT || r == ENOSPC)
478 log_info("Allocation limit reached, rotating.");
479 else if (r == -EHOSTDOWN)
480 log_info("Journal file from other machine, rotating.");
71fa6f00
LP		 481 else if (r == -EBUSY)
482 log_info("Unlcean shutdown, rotating.");
dca6219e
LP		 483 else
484 log_warning("Journal file corrupted, rotating.");
485
486 server_rotate(s);
487 server_vacuum(s);
488 vacuumed = true;
489
32fca2d5
LP		 490 f = find_journal(s, uid);
491 if (!f)
492 return;
493
dca6219e
LP		 494 log_info("Retrying write.");
495 }
496}
497
7f2c63cb
LP		 498static void dispatch_message_real(
499 Server *s,
500 struct iovec *iovec, unsigned n, unsigned m,
501 struct ucred *ucred,
502 struct timeval *tv,
8b38f3cc
LP		 503 const char *label, size_t label_len,
504 const char *unit_id) {
6e409ce1 505
7f3e6257 506 char *pid = NULL, *uid = NULL, *gid = NULL,
87d2c1ff
LP		 507 *source_time = NULL, *boot_id = NULL, *machine_id = NULL,
508 *comm = NULL, *cmdline = NULL, *hostname = NULL,
509 *audit_session = NULL, *audit_loginuid = NULL,
85d83bf4 510 *exe = NULL, *cgroup = NULL, *session = NULL,
8a0f04e6 511 *owner_uid = NULL, *unit = NULL, *selinux_context = NULL;
7f3e6257 512
87d2c1ff
LP		 513 char idbuf[33];
514 sd_id128_t id;
515 int r;
516 char *t;
de190aef 517 uid_t loginuid = 0, realuid = 0;
87d2c1ff 518
7f3e6257 519 assert(s);
6e409ce1
LP		 520 assert(iovec);
521 assert(n > 0);
224f2ee2 522 assert(n + N_IOVEC_META_FIELDS <= m);
87d2c1ff
LP		 523
524 if (ucred) {
85d83bf4 525 uint32_t audit;
ba1261bc 526#ifdef HAVE_LOGIND
85d83bf4 527 uid_t owner;
ba1261bc 528#endif
87d2c1ff 529
de190aef
LP		 530 realuid = ucred->uid;
531
532 if (asprintf(&pid, "_PID=%lu", (unsigned long) ucred->pid) >= 0)
87d2c1ff
LP		 533 IOVEC_SET_STRING(iovec[n++], pid);
534
de190aef 535 if (asprintf(&uid, "_UID=%lu", (unsigned long) ucred->uid) >= 0)
87d2c1ff
LP		 536 IOVEC_SET_STRING(iovec[n++], uid);
537
de190aef 538 if (asprintf(&gid, "_GID=%lu", (unsigned long) ucred->gid) >= 0)
87d2c1ff
LP		 539 IOVEC_SET_STRING(iovec[n++], gid);
540
541 r = get_process_comm(ucred->pid, &t);
542 if (r >= 0) {
de190aef 543 comm = strappend("_COMM=", t);
85d83bf4
LP		 544 free(t);
545
87d2c1ff
LP		 546 if (comm)
547 IOVEC_SET_STRING(iovec[n++], comm);
87d2c1ff
LP		 548 }
549
550 r = get_process_exe(ucred->pid, &t);
551 if (r >= 0) {
de190aef 552 exe = strappend("_EXE=", t);
85d83bf4
LP		 553 free(t);
554
5c3759bf 555 if (exe)
87d2c1ff 556 IOVEC_SET_STRING(iovec[n++], exe);
87d2c1ff
LP		 557 }
558
559 r = get_process_cmdline(ucred->pid, LINE_MAX, false, &t);
560 if (r >= 0) {
de190aef 561 cmdline = strappend("_CMDLINE=", t);
85d83bf4
LP		 562 free(t);
563
87d2c1ff
LP		 564 if (cmdline)
565 IOVEC_SET_STRING(iovec[n++], cmdline);
87d2c1ff
LP		 566 }
567
85d83bf4 568 r = audit_session_from_pid(ucred->pid, &audit);
87d2c1ff 569 if (r >= 0)
85d83bf4 570 if (asprintf(&audit_session, "_AUDIT_SESSION=%lu", (unsigned long) audit) >= 0)
87d2c1ff
LP		 571 IOVEC_SET_STRING(iovec[n++], audit_session);
572
573 r = audit_loginuid_from_pid(ucred->pid, &loginuid);
574 if (r >= 0)
de190aef 575 if (asprintf(&audit_loginuid, "_AUDIT_LOGINUID=%lu", (unsigned long) loginuid) >= 0)
87d2c1ff 576 IOVEC_SET_STRING(iovec[n++], audit_loginuid);
69e5d42d 577
85d83bf4
LP		 578 t = shortened_cgroup_path(ucred->pid);
579 if (t) {
580 cgroup = strappend("_SYSTEMD_CGROUP=", t);
581 free(t);
582
69e5d42d
LP		 583 if (cgroup)
584 IOVEC_SET_STRING(iovec[n++], cgroup);
85d83bf4
LP		 585 }
586
ba1261bc 587#ifdef HAVE_LOGIND
85d83bf4
LP		 588 if (sd_pid_get_session(ucred->pid, &t) >= 0) {
589 session = strappend("_SYSTEMD_SESSION=", t);
590 free(t);
591
592 if (session)
593 IOVEC_SET_STRING(iovec[n++], session);
594 }
6e409ce1 595
ba1261bc
LP		 596 if (sd_pid_get_owner_uid(ucred->uid, &owner) >= 0)
597 if (asprintf(&owner_uid, "_SYSTEMD_OWNER_UID=%lu", (unsigned long) owner) >= 0)
598 IOVEC_SET_STRING(iovec[n++], owner_uid);
599#endif
600
601 if (cg_pid_get_unit(ucred->pid, &t) >= 0) {
94fb446e 602 unit = strappend("_SYSTEMD_UNIT=", t);
85d83bf4 603 free(t);
62bca2c6
ED		 604 } else if (unit_id)
605 unit = strappend("_SYSTEMD_UNIT=", unit_id);
85d83bf4 606
62bca2c6
ED		 607 if (unit)
608 IOVEC_SET_STRING(iovec[n++], unit);
85d83bf4 609
8a0f04e6 610#ifdef HAVE_SELINUX
7f2c63cb
LP		 611 if (label) {
612 selinux_context = malloc(sizeof("_SELINUX_CONTEXT=") + label_len);
613 if (selinux_context) {
614 memcpy(selinux_context, "_SELINUX_CONTEXT=", sizeof("_SELINUX_CONTEXT=")-1);
615 memcpy(selinux_context+sizeof("_SELINUX_CONTEXT=")-1, label, label_len);
616 selinux_context[sizeof("_SELINUX_CONTEXT=")-1+label_len] = 0;
8a0f04e6 617 IOVEC_SET_STRING(iovec[n++], selinux_context);
7f2c63cb
LP		 618 }
619 } else {
620 security_context_t con;
621
622 if (getpidcon(ucred->pid, &con) >= 0) {
623 selinux_context = strappend("_SELINUX_CONTEXT=", con);
624 if (selinux_context)
625 IOVEC_SET_STRING(iovec[n++], selinux_context);
8a0f04e6 626
7f2c63cb
LP		 627 freecon(con);
628 }
8a0f04e6
LP		 629 }
630#endif
87d2c1ff
LP		 631 }
632
633 if (tv) {
de190aef 634 if (asprintf(&source_time, "_SOURCE_REALTIME_TIMESTAMP=%llu",
87d2c1ff
LP		 635 (unsigned long long) timeval_load(tv)) >= 0)
636 IOVEC_SET_STRING(iovec[n++], source_time);
637 }
638
ed49ef3f
LP		 639 /* Note that strictly speaking storing the boot id here is
640 * redundant since the entry includes this in-line
641 * anyway. However, we need this indexed, too. */
87d2c1ff
LP		 642 r = sd_id128_get_boot(&id);
643 if (r >= 0)
de190aef 644 if (asprintf(&boot_id, "_BOOT_ID=%s", sd_id128_to_string(id, idbuf)) >= 0)
87d2c1ff
LP		 645 IOVEC_SET_STRING(iovec[n++], boot_id);
646
647 r = sd_id128_get_machine(&id);
648 if (r >= 0)
de190aef 649 if (asprintf(&machine_id, "_MACHINE_ID=%s", sd_id128_to_string(id, idbuf)) >= 0)
87d2c1ff
LP		 650 IOVEC_SET_STRING(iovec[n++], machine_id);
651
652 t = gethostname_malloc();
653 if (t) {
de190aef 654 hostname = strappend("_HOSTNAME=", t);
85d83bf4 655 free(t);
87d2c1ff
LP		 656 if (hostname)
657 IOVEC_SET_STRING(iovec[n++], hostname);
87d2c1ff
LP		 658 }
659
7f3e6257
LP		 660 assert(n <= m);
661
dca6219e 662 write_to_journal(s, realuid == 0 ? 0 : loginuid, iovec, n);
87d2c1ff 663
87d2c1ff
LP		 664 free(pid);
665 free(uid);
666 free(gid);
667 free(comm);
69e5d42d 668 free(exe);
87d2c1ff
LP		 669 free(cmdline);
670 free(source_time);
671 free(boot_id);
672 free(machine_id);
673 free(hostname);
674 free(audit_session);
675 free(audit_loginuid);
7f3e6257 676 free(cgroup);
85d83bf4
LP		 677 free(session);
678 free(owner_uid);
94fb446e 679 free(unit);
8a0f04e6 680 free(selinux_context);
7f3e6257
LP		 681}
682
ef63833d 683void server_driver_message(Server *s, sd_id128_t message_id, const char *format, ...) {
224f2ee2
LP		 684 char mid[11 + 32 + 1];
685 char buffer[16 + LINE_MAX + 1];
33eb8abf 686 struct iovec iovec[N_IOVEC_META_FIELDS + 4];
224f2ee2
LP		 687 int n = 0;
688 va_list ap;
689 struct ucred ucred;
690
691 assert(s);
692 assert(format);
693
c51742d0 694 IOVEC_SET_STRING(iovec[n++], "PRIORITY=6");
33eb8abf 695 IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=driver");
224f2ee2
LP		 696
697 memcpy(buffer, "MESSAGE=", 8);
698 va_start(ap, format);
699 vsnprintf(buffer + 8, sizeof(buffer) - 8, format, ap);
700 va_end(ap);
701 char_array_0(buffer);
702 IOVEC_SET_STRING(iovec[n++], buffer);
703
704 snprintf(mid, sizeof(mid), "MESSAGE_ID=" SD_ID128_FORMAT_STR, SD_ID128_FORMAT_VAL(message_id));
705 char_array_0(mid);
706 IOVEC_SET_STRING(iovec[n++], mid);
707
708 zero(ucred);
709 ucred.pid = getpid();
710 ucred.uid = getuid();
711 ucred.gid = getgid();
712
62bca2c6 713 dispatch_message_real(s, iovec, n, ELEMENTSOF(iovec), &ucred, NULL, NULL, 0, NULL);
224f2ee2
LP		 714}
715
ef63833d
LP		 716void server_dispatch_message(
717 Server *s,
718 struct iovec *iovec, unsigned n, unsigned m,
719 struct ucred *ucred,
720 struct timeval *tv,
721 const char *label, size_t label_len,
722 const char *unit_id,
723 int priority) {
724
6e409ce1 725 int rl;
783d2675 726 char *path = NULL, *c;
6e409ce1
LP		 727
728 assert(s);
729 assert(iovec || n == 0);
730
731 if (n == 0)
732 return;
733
213ba152
LP		 734 if (LOG_PRI(priority) > s->max_level_store)
735 return;
736
6e409ce1
LP		 737 if (!ucred)
738 goto finish;
739
740 path = shortened_cgroup_path(ucred->pid);
741 if (!path)
742 goto finish;
743
744 /* example: /user/lennart/3/foobar
745 * /system/dbus.service/foobar
746 *
747 * So let's cut of everything past the third /, since that is
748 * wher user directories start */
749
750 c = strchr(path, '/');
751 if (c) {
752 c = strchr(c+1, '/');
753 if (c) {
754 c = strchr(c+1, '/');
755 if (c)
756 *c = 0;
757 }
758 }
759
224f2ee2 760 rl = journal_rate_limit_test(s->rate_limit, path, priority & LOG_PRIMASK, available_space(s));
6e409ce1
LP		 761
762 if (rl == 0) {
763 free(path);
764 return;
765 }
766
224f2ee2
LP		 767 /* Write a suppression message if we suppressed something */
768 if (rl > 1)
ef63833d 769 server_driver_message(s, SD_MESSAGE_JOURNAL_DROPPED, "Suppressed %u messages from %s", rl - 1, path);
224f2ee2
LP		 770
771 free(path);
772
773finish:
62bca2c6 774 dispatch_message_real(s, iovec, n, m, ucred, tv, label, label_len, unit_id);
224f2ee2
LP		 775}
776
0dad12c1 777
cf244689
LP		 778static int system_journal_open(Server *s) {
779 int r;
780 char *fn;
781 sd_id128_t machine;
782 char ids[33];
783
784 r = sd_id128_get_machine(&machine);
785 if (r < 0)
786 return r;
787
788 sd_id128_to_string(machine, ids);
789
e156d769 790 if (!s->system_journal &&
b8156be0
LP		 791 (s->storage == STORAGE_PERSISTENT || s->storage == STORAGE_AUTO) &&
792 access("/run/systemd/journal/flushed", F_OK) >= 0) {
e156d769
LP		 793
794 /* If in auto mode: first try to create the machine
795 * path, but not the prefix.
796 *
205c4d1d 797 * If in persistent mode: create /var/log/journal and
e156d769
LP		 798 * the machine path */
799
b8156be0 800 if (s->storage == STORAGE_PERSISTENT)
e156d769 801 (void) mkdir("/var/log/journal/", 0755);
cf244689 802
cf244689
LP		 803 fn = strappend("/var/log/journal/", ids);
804 if (!fn)
805 return -ENOMEM;
e156d769 806
cf244689
LP		 807 (void) mkdir(fn, 0755);
808 free(fn);
809
b7def684 810 fn = strjoin("/var/log/journal/", ids, "/system.journal", NULL);
cf244689
LP		 811 if (!fn)
812 return -ENOMEM;
813
eb53b74f 814 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &s->system_journal);
cf244689
LP		 815 free(fn);
816
7560fffc 817 if (r >= 0)
5e41cfec 818 server_fix_perms(s, s->system_journal, 0);
7560fffc 819 else if (r < 0) {
cf244689 820
adf7d506
LP		 821 if (r != -ENOENT && r != -EROFS)
822 log_warning("Failed to open system journal: %s", strerror(-r));
823
824 r = 0;
cf244689
LP		 825 }
826 }
827
e156d769
LP		 828 if (!s->runtime_journal &&
829 (s->storage != STORAGE_NONE)) {
cf244689 830
b7def684 831 fn = strjoin("/run/log/journal/", ids, "/system.journal", NULL);
cf244689
LP		 832 if (!fn)
833 return -ENOMEM;
834
835 if (s->system_journal) {
836
837 /* Try to open the runtime journal, but only
838 * if it already exists, so that we can flush
839 * it into the system journal */
840
16e9f408 841 r = journal_file_open(fn, O_RDWR, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
cf244689
LP		 842 free(fn);
843
844 if (r < 0) {
adf7d506
LP		 845 if (r != -ENOENT)
846 log_warning("Failed to open runtime journal: %s", strerror(-r));
cf244689 847
adf7d506 848 r = 0;
cf244689
LP		 849 }
850
851 } else {
852
853 /* OK, we really need the runtime journal, so create
854 * it if necessary. */
855
b8156be0 856 (void) mkdir_parents(fn, 0755);
16e9f408 857 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
cf244689
LP		 858 free(fn);
859
860 if (r < 0) {
861 log_error("Failed to open runtime journal: %s", strerror(-r));
862 return r;
863 }
864 }
865
7560fffc 866 if (s->runtime_journal)
5e41cfec 867 server_fix_perms(s, s->runtime_journal, 0);
cf244689
LP		 868 }
869
870 return r;
871}
872
873static int server_flush_to_var(Server *s) {
cf244689
LP		 874 Object *o = NULL;
875 int r;
876 sd_id128_t machine;
877 sd_journal *j;
878
879 assert(s);
880
e156d769 881 if (s->storage != STORAGE_AUTO &&
205c4d1d 882 s->storage != STORAGE_PERSISTENT)
e156d769
LP		 883 return 0;
884
54a7b863
LP		 885 if (!s->runtime_journal)
886 return 0;
887
cf244689
LP		 888 system_journal_open(s);
889
54a7b863 890 if (!s->system_journal)
cf244689
LP		 891 return 0;
892
6c1e6b98
LP		 893 log_info("Flushing to /var...");
894
cf244689
LP		 895 r = sd_id128_get_machine(&machine);
896 if (r < 0) {
897 log_error("Failed to get machine id: %s", strerror(-r));
898 return r;
899 }
900
901 r = sd_journal_open(&j, SD_JOURNAL_RUNTIME_ONLY);
902 if (r < 0) {
903 log_error("Failed to read runtime journal: %s", strerror(-r));
904 return r;
905 }
906
907 SD_JOURNAL_FOREACH(j) {
908 JournalFile *f;
909
910 f = j->current_file;
911 assert(f && f->current_offset > 0);
912
913 r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
914 if (r < 0) {
915 log_error("Can't read entry: %s", strerror(-r));
916 goto finish;
917 }
918
919 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
920 if (r == -E2BIG) {
921 log_info("Allocation limit reached.");
922
923 journal_file_post_change(s->system_journal);
b1a0ab71 924 server_rotate(s);
cf244689
LP		 925 server_vacuum(s);
926
927 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
928 }
929
930 if (r < 0) {
931 log_error("Can't write entry: %s", strerror(-r));
932 goto finish;
933 }
934 }
935
936finish:
937 journal_file_post_change(s->system_journal);
938
939 journal_file_close(s->runtime_journal);
940 s->runtime_journal = NULL;
941
4a299a7a
LP		 942 if (r >= 0)
943 rm_rf("/run/log/journal", false, true, false);
cf244689
LP		 944
945 return r;
946}
947
fe652127
LP		 948static int process_event(Server *s, struct epoll_event *ev) {
949 assert(s);
ba6b3039 950 assert(ev);
fe652127 951
87d2c1ff
LP		 952 if (ev->data.fd == s->signal_fd) {
953 struct signalfd_siginfo sfsi;
954 ssize_t n;
955
fe652127
LP		 956 if (ev->events != EPOLLIN) {
957 log_info("Got invalid event from epoll.");
958 return -EIO;
959 }
960
87d2c1ff
LP		 961 n = read(s->signal_fd, &sfsi, sizeof(sfsi));
962 if (n != sizeof(sfsi)) {
963
964 if (n >= 0)
965 return -EIO;
966
967 if (errno == EINTR || errno == EAGAIN)
6c1e6b98 968 return 1;
87d2c1ff
LP		 969
970 return -errno;
971 }
972
3146a302
LP		 973 log_info("Received SIG%s", signal_to_string(sfsi.ssi_signo));
974
cf244689 975 if (sfsi.ssi_signo == SIGUSR1) {
b8156be0 976 touch("/run/systemd/journal/flushed");
cf244689 977 server_flush_to_var(s);
ba6b3039
LP		 978 return 1;
979 }
980
981 if (sfsi.ssi_signo == SIGUSR2) {
982 server_rotate(s);
983 server_vacuum(s);
984 return 1;
cf244689
LP		 985 }
986
87d2c1ff
LP		 987 return 0;
988
51abe64c 989 } else if (ev->data.fd == s->dev_kmsg_fd) {
6c1e6b98
LP		 990 int r;
991
992 if (ev->events != EPOLLIN) {
993 log_info("Got invalid event from epoll.");
994 return -EIO;
995 }
996
51abe64c 997 r = server_read_dev_kmsg(s);
6c1e6b98
LP		 998 if (r < 0)
999 return r;
1000
1001 return 1;
1002
fe652127
LP		 1003 } else if (ev->data.fd == s->native_fd ||
1004 ev->data.fd == s->syslog_fd) {
1005
1006 if (ev->events != EPOLLIN) {
1007 log_info("Got invalid event from epoll.");
1008 return -EIO;
1009 }
cec736d2 1010
87d2c1ff 1011 for (;;) {
87d2c1ff
LP		 1012 struct msghdr msghdr;
1013 struct iovec iovec;
1014 struct ucred *ucred = NULL;
1015 struct timeval *tv = NULL;
1016 struct cmsghdr *cmsg;
7f2c63cb
LP		 1017 char *label = NULL;
1018 size_t label_len = 0;
87d2c1ff
LP		 1019 union {
1020 struct cmsghdr cmsghdr;
7264278f
LP		 1021
1022 /* We use NAME_MAX space for the
1023 * SELinux label here. The kernel
1024 * currently enforces no limit, but
1025 * according to suggestions from the
1026 * SELinux people this will change and
1027 * it will probably be identical to
1028 * NAME_MAX. For now we use that, but
1029 * this should be updated one day when
1030 * the final limit is known.*/
87d2c1ff 1031 uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
0dad12c1 1032 CMSG_SPACE(sizeof(struct timeval)) +
7264278f
LP		 1033 CMSG_SPACE(sizeof(int)) + /* fd */
1034 CMSG_SPACE(NAME_MAX)]; /* selinux label */
87d2c1ff
LP		 1035 } control;
1036 ssize_t n;
7f3e6257 1037 int v;
0dad12c1
LP		 1038 int *fds = NULL;
1039 unsigned n_fds = 0;
7f3e6257
LP		 1040
1041 if (ioctl(ev->data.fd, SIOCINQ, &v) < 0) {
1042 log_error("SIOCINQ failed: %m");
1043 return -errno;
1044 }
1045
7f3e6257
LP		 1046 if (s->buffer_size < (size_t) v) {
1047 void *b;
1048 size_t l;
1049
1050 l = MAX(LINE_MAX + (size_t) v, s->buffer_size * 2);
1051 b = realloc(s->buffer, l+1);
1052
1053 if (!b) {
1054 log_error("Couldn't increase buffer.");
1055 return -ENOMEM;
1056 }
1057
1058 s->buffer_size = l;
1059 s->buffer = b;
1060 }
87d2c1ff
LP		 1061
1062 zero(iovec);
7f3e6257
LP		 1063 iovec.iov_base = s->buffer;
1064 iovec.iov_len = s->buffer_size;
87d2c1ff
LP		 1065
1066 zero(control);
1067 zero(msghdr);
1068 msghdr.msg_iov = &iovec;
1069 msghdr.msg_iovlen = 1;
1070 msghdr.msg_control = &control;
1071 msghdr.msg_controllen = sizeof(control);
1072
0dad12c1 1073 n = recvmsg(ev->data.fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
87d2c1ff
LP		 1074 if (n < 0) {
1075
1076 if (errno == EINTR || errno == EAGAIN)
1077 return 1;
1078
1079 log_error("recvmsg() failed: %m");
1080 return -errno;
1081 }
1082
1083 for (cmsg = CMSG_FIRSTHDR(&msghdr); cmsg; cmsg = CMSG_NXTHDR(&msghdr, cmsg)) {
1084
1085 if (cmsg->cmsg_level == SOL_SOCKET &&
1086 cmsg->cmsg_type == SCM_CREDENTIALS &&
1087 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
1088 ucred = (struct ucred*) CMSG_DATA(cmsg);
1089 else if (cmsg->cmsg_level == SOL_SOCKET &&
7f2c63cb
LP		 1090 cmsg->cmsg_type == SCM_SECURITY) {
1091 label = (char*) CMSG_DATA(cmsg);
1092 label_len = cmsg->cmsg_len - CMSG_LEN(0);
1093 } else if (cmsg->cmsg_level == SOL_SOCKET &&
87d2c1ff
LP		 1094 cmsg->cmsg_type == SO_TIMESTAMP &&
1095 cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval)))
1096 tv = (struct timeval*) CMSG_DATA(cmsg);
0dad12c1
LP		 1097 else if (cmsg->cmsg_level == SOL_SOCKET &&
1098 cmsg->cmsg_type == SCM_RIGHTS) {
1099 fds = (int*) CMSG_DATA(cmsg);
1100 n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
1101 }
87d2c1ff
LP		 1102 }
1103
7f3e6257
LP		 1104 if (ev->data.fd == s->syslog_fd) {
1105 char *e;
1106
0dad12c1
LP		 1107 if (n > 0 && n_fds == 0) {
1108 e = memchr(s->buffer, '\n', n);
1109 if (e)
1110 *e = 0;
1111 else
1112 s->buffer[n] = 0;
1113
35e2e347 1114 server_process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len);
0dad12c1
LP		 1115 } else if (n_fds > 0)
1116 log_warning("Got file descriptors via syslog socket. Ignoring.");
1117
1118 } else {
1119 if (n > 0 && n_fds == 0)
0153028a 1120 server_process_native_message(s, s->buffer, n, ucred, tv, label, label_len);
0dad12c1 1121 else if (n == 0 && n_fds == 1)
0153028a 1122 server_process_native_file(s, fds[0], ucred, tv, label, label_len);
0dad12c1
LP		 1123 else if (n_fds > 0)
1124 log_warning("Got too many file descriptors via native socket. Ignoring.");
1125 }
87d2c1ff 1126
0dad12c1 1127 close_many(fds, n_fds);
87d2c1ff 1128 }
cec736d2
LP		 1129
1130 return 1;
fe652127
LP		 1131
1132 } else if (ev->data.fd == s->stdout_fd) {
1133
1134 if (ev->events != EPOLLIN) {
1135 log_info("Got invalid event from epoll.");
1136 return -EIO;
1137 }
1138
1139 stdout_stream_new(s);
1140 return 1;
1141
1142 } else {
1143 StdoutStream *stream;
1144
1145 if ((ev->events|EPOLLIN|EPOLLHUP) != (EPOLLIN|EPOLLHUP)) {
1146 log_info("Got invalid event from epoll.");
1147 return -EIO;
1148 }
1149
1150 /* If it is none of the well-known fds, it must be an
1151 * stdout stream fd. Note that this is a bit ugly here
1152 * (since we rely that none of the well-known fds
1153 * could be interpreted as pointer), but nonetheless
1154 * safe, since the well-known fds would never get an
1155 * fd > 4096, i.e. beyond the first memory page */
1156
1157 stream = ev->data.ptr;
1158
1159 if (stdout_stream_process(stream) <= 0)
1160 stdout_stream_free(stream);
1161
1162 return 1;
87d2c1ff
LP		 1163 }
1164
cec736d2
LP		 1165 log_error("Unknown event.");
1166 return 0;
87d2c1ff
LP		 1167}
1168
fe652127 1169static int open_signalfd(Server *s) {
7f3e6257 1170 sigset_t mask;
fe652127
LP		 1171 struct epoll_event ev;
1172
1173 assert(s);
1174
1175 assert_se(sigemptyset(&mask) == 0);
ba6b3039 1176 sigset_add_many(&mask, SIGINT, SIGTERM, SIGUSR1, SIGUSR2, -1);
fe652127
LP		 1177 assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);
1178
1179 s->signal_fd = signalfd(-1, &mask, SFD_NONBLOCK|SFD_CLOEXEC);
1180 if (s->signal_fd < 0) {
1181 log_error("signalfd(): %m");
1182 return -errno;
1183 }
1184
1185 zero(ev);
1186 ev.events = EPOLLIN;
1187 ev.data.fd = s->signal_fd;
1188
1189 if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->signal_fd, &ev) < 0) {
1190 log_error("epoll_ctl(): %m");
1191 return -errno;
1192 }
1193
1194 return 0;
1195}
1196
effb1102
LP		 1197static int server_parse_proc_cmdline(Server *s) {
1198 char *line, *w, *state;
1199 int r;
1200 size_t l;
1201
1202 if (detect_container(NULL) > 0)
1203 return 0;
1204
1205 r = read_one_line_file("/proc/cmdline", &line);
1206 if (r < 0) {
1207 log_warning("Failed to read /proc/cmdline, ignoring: %s", strerror(-r));
1208 return 0;
1209 }
1210
1211 FOREACH_WORD_QUOTED(w, l, line, state) {
1212 char *word;
1213
1214 word = strndup(w, l);
1215 if (!word) {
1216 r = -ENOMEM;
1217 goto finish;
1218 }
1219
c66e7bc7 1220 if (startswith(word, "systemd.journald.forward_to_syslog=")) {
effb1102
LP		 1221 r = parse_boolean(word + 35);
1222 if (r < 0)
1223 log_warning("Failed to parse forward to syslog switch %s. Ignoring.", word + 35);
1224 else
1225 s->forward_to_syslog = r;
c66e7bc7 1226 } else if (startswith(word, "systemd.journald.forward_to_kmsg=")) {
effb1102
LP		 1227 r = parse_boolean(word + 33);
1228 if (r < 0)
1229 log_warning("Failed to parse forward to kmsg switch %s. Ignoring.", word + 33);
1230 else
1231 s->forward_to_kmsg = r;
c66e7bc7 1232 } else if (startswith(word, "systemd.journald.forward_to_console=")) {
effb1102
LP		 1233 r = parse_boolean(word + 36);
1234 if (r < 0)
1235 log_warning("Failed to parse forward to console switch %s. Ignoring.", word + 36);
1236 else
1237 s->forward_to_console = r;
66a78c2b
LP		 1238 } else if (startswith(word, "systemd.journald"))
1239 log_warning("Invalid systemd.journald parameter. Ignoring.");
effb1102
LP		 1240
1241 free(word);
1242 }
1243
1244 r = 0;
1245
1246finish:
1247 free(line);
1248 return r;
1249}
1250
e6960940
LP		 1251static int server_parse_config_file(Server *s) {
1252 FILE *f;
1253 const char *fn;
1254 int r;
1255
1256 assert(s);
1257
18b754d3 1258 fn = "/etc/systemd/journald.conf";
e6960940
LP		 1259 f = fopen(fn, "re");
1260 if (!f) {
1261 if (errno == ENOENT)
1262 return 0;
1263
1264 log_warning("Failed to open configuration file %s: %m", fn);
1265 return -errno;
1266 }
1267
1268 r = config_parse(fn, f, "Journal\0", config_item_perf_lookup, (void*) journald_gperf_lookup, false, s);
1269 if (r < 0)
1270 log_warning("Failed to parse configuration file: %s", strerror(-r));
1271
1272 fclose(f);
1273
1274 return r;
1275}
1276
fe652127
LP		 1277static int server_init(Server *s) {
1278 int n, r, fd;
7f3e6257
LP		 1279
1280 assert(s);
1281
1282 zero(*s);
51abe64c 1283 s->syslog_fd = s->native_fd = s->stdout_fd = s->signal_fd = s->epoll_fd = s->dev_kmsg_fd = -1;
807e17f0 1284 s->compress = true;
eb53b74f 1285 s->seal = true;
7f3e6257 1286
e6960940
LP		 1287 s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL;
1288 s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST;
1289
224f2ee2
LP		 1290 s->forward_to_syslog = true;
1291
213ba152
LP		 1292 s->max_level_store = LOG_DEBUG;
1293 s->max_level_syslog = LOG_DEBUG;
1294 s->max_level_kmsg = LOG_NOTICE;
1295 s->max_level_console = LOG_INFO;
1296
babfc091
LP		 1297 memset(&s->system_metrics, 0xFF, sizeof(s->system_metrics));
1298 memset(&s->runtime_metrics, 0xFF, sizeof(s->runtime_metrics));
1299
e6960940 1300 server_parse_config_file(s);
effb1102 1301 server_parse_proc_cmdline(s);
e6960940 1302
cee5e9a7
LP		 1303 mkdir_p("/run/systemd/journal", 0755);
1304
fe652127 1305 s->user_journals = hashmap_new(trivial_hash_func, trivial_compare_func);
0d0f0c50
SL		 1306 if (!s->user_journals)
1307 return log_oom();
fe652127 1308
84168d80 1309 s->mmap = mmap_cache_new();
16e9f408
LP		 1310 if (!s->mmap)
1311 return log_oom();
1312
7f3e6257
LP		 1313 s->epoll_fd = epoll_create1(EPOLL_CLOEXEC);
1314 if (s->epoll_fd < 0) {
1315 log_error("Failed to create epoll object: %m");
1316 return -errno;
1317 }
1318
1319 n = sd_listen_fds(true);
1320 if (n < 0) {
1321 log_error("Failed to read listening file descriptors from environment: %s", strerror(-n));
1322 return n;
1323 }
1324
1325 for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
1326
259d2e76 1327 if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/socket", 0) > 0) {
7f3e6257 1328
fe652127
LP		 1329 if (s->native_fd >= 0) {
1330 log_error("Too many native sockets passed.");
7f3e6257
LP		 1331 return -EINVAL;
1332 }
1333
fe652127 1334 s->native_fd = fd;
7f3e6257 1335
259d2e76 1336 } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, "/run/systemd/journal/stdout", 0) > 0) {
7f3e6257 1337
fe652127
LP		 1338 if (s->stdout_fd >= 0) {
1339 log_error("Too many stdout sockets passed.");
7f3e6257
LP		 1340 return -EINVAL;
1341 }
1342
fe652127
LP		 1343 s->stdout_fd = fd;
1344
1345 } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0) {
1346
1347 if (s->syslog_fd >= 0) {
1348 log_error("Too many /dev/log sockets passed.");
1349 return -EINVAL;
1350 }
1351
1352 s->syslog_fd = fd;
1353
7f3e6257
LP		 1354 } else {
1355 log_error("Unknown socket passed.");
1356 return -EINVAL;
1357 }
1358 }
1359
35e2e347 1360 r = server_open_syslog_socket(s);
7f3e6257
LP		 1361 if (r < 0)
1362 return r;
1363
0153028a 1364 r = server_open_native_socket(s);
7f3e6257
LP		 1365 if (r < 0)
1366 return r;
1367
a45b9fca 1368 r = server_open_stdout_socket(s);
fe652127
LP		 1369 if (r < 0)
1370 return r;
87d2c1ff 1371
ef63833d 1372 r = server_open_dev_kmsg(s);
6c1e6b98
LP		 1373 if (r < 0)
1374 return r;
1375
ef63833d 1376 r = server_open_kernel_seqnum(s);
cee5e9a7
LP		 1377 if (r < 0)
1378 return r;
1379
fe652127
LP		 1380 r = open_signalfd(s);
1381 if (r < 0)
1382 return r;
87d2c1ff 1383
bdfb9e7f
LP		 1384 s->udev = udev_new();
1385 if (!s->udev)
1386 return -ENOMEM;
1387
e6960940 1388 s->rate_limit = journal_rate_limit_new(s->rate_limit_interval, s->rate_limit_burst);
6e409ce1
LP		 1389 if (!s->rate_limit)
1390 return -ENOMEM;
1391
9447a7f1
LP		 1392 r = system_journal_open(s);
1393 if (r < 0)
1394 return r;
1395
87d2c1ff
LP		 1396 return 0;
1397}
1398
99add6fd 1399static void server_maybe_append_tags(Server *s) {
671e021c
LP		 1400#ifdef HAVE_GCRYPT
1401 JournalFile *f;
1402 Iterator i;
1403 usec_t n;
1404
1405 n = now(CLOCK_REALTIME);
1406
1407 if (s->system_journal)
1408 journal_file_maybe_append_tag(s->system_journal, n);
1409
1410 HASHMAP_FOREACH(f, s->user_journals, i)
1411 journal_file_maybe_append_tag(f, n);
1412#endif
1413}
1414
87d2c1ff
LP		 1415static void server_done(Server *s) {
1416 JournalFile *f;
1417 assert(s);
1418
fe652127
LP		 1419 while (s->stdout_streams)
1420 stdout_stream_free(s->stdout_streams);
1421
87d2c1ff
LP		 1422 if (s->system_journal)
1423 journal_file_close(s->system_journal);
1424
f4b47811
LP		 1425 if (s->runtime_journal)
1426 journal_file_close(s->runtime_journal);
1427
87d2c1ff
LP		 1428 while ((f = hashmap_steal_first(s->user_journals)))
1429 journal_file_close(f);
1430
1431 hashmap_free(s->user_journals);
1432
1433 if (s->epoll_fd >= 0)
1434 close_nointr_nofail(s->epoll_fd);
1435
1436 if (s->signal_fd >= 0)
1437 close_nointr_nofail(s->signal_fd);
1438
1439 if (s->syslog_fd >= 0)
1440 close_nointr_nofail(s->syslog_fd);
7f3e6257
LP		 1441
1442 if (s->native_fd >= 0)
1443 close_nointr_nofail(s->native_fd);
fe652127
LP		 1444
1445 if (s->stdout_fd >= 0)
1446 close_nointr_nofail(s->stdout_fd);
6e409ce1 1447
51abe64c
LP		 1448 if (s->dev_kmsg_fd >= 0)
1449 close_nointr_nofail(s->dev_kmsg_fd);
6c1e6b98 1450
6e409ce1
LP		 1451 if (s->rate_limit)
1452 journal_rate_limit_free(s->rate_limit);
783d2675 1453
cee5e9a7
LP		 1454 if (s->kernel_seqnum)
1455 munmap(s->kernel_seqnum, sizeof(uint64_t));
1456
783d2675 1457 free(s->buffer);
0d9243f0 1458 free(s->tty_path);
16e9f408
LP		 1459
1460 if (s->mmap)
1461 mmap_cache_unref(s->mmap);
bdfb9e7f
LP		 1462
1463 if (s->udev)
1464 udev_unref(s->udev);
87d2c1ff
LP		 1465}
1466
1467int main(int argc, char *argv[]) {
1468 Server server;
1469 int r;
1470
1471 /* if (getppid() != 1) { */
1472 /* log_error("This program should be invoked by init only."); */
1473 /* return EXIT_FAILURE; */
1474 /* } */
1475
1476 if (argc > 1) {
1477 log_error("This program does not take arguments.");
1478 return EXIT_FAILURE;
1479 }
1480
a6903061 1481 log_set_target(LOG_TARGET_SAFE);
3eff4208 1482 log_set_facility(LOG_SYSLOG);
f65425cb 1483 log_set_max_level(LOG_DEBUG);
87d2c1ff
LP		 1484 log_parse_environment();
1485 log_open();
1486
1487 umask(0022);
1488
1489 r = server_init(&server);
1490 if (r < 0)
1491 goto finish;
1492
e6960940
LP		 1493 server_vacuum(&server);
1494 server_flush_to_var(&server);
51abe64c 1495 server_flush_dev_kmsg(&server);
e6960940 1496
87d2c1ff 1497 log_debug("systemd-journald running as pid %lu", (unsigned long) getpid());
ef63833d 1498 server_driver_message(&server, SD_MESSAGE_JOURNAL_START, "Journal started");
87d2c1ff
LP		 1499
1500 sd_notify(false,
1501 "READY=1\n"
fe652127 1502 "STATUS=Processing requests...");
50f20cfd 1503
87d2c1ff
LP		 1504 for (;;) {
1505 struct epoll_event event;
89fef990 1506 int t;
87d2c1ff 1507
89fef990
LP		 1508#ifdef HAVE_GCRYPT
1509 usec_t u;
1510
1511 if (server.system_journal &&
1512 journal_file_next_evolve_usec(server.system_journal, &u)) {
1513 usec_t n;
1514
671e021c 1515 n = now(CLOCK_REALTIME);
89fef990
LP		 1516
1517 if (n >= u)
1518 t = 0;
1519 else
1520 t = (int) ((u - n + USEC_PER_MSEC - 1) / USEC_PER_MSEC);
1521 } else
1522#endif
1523 t = -1;
1524
1525 r = epoll_wait(server.epoll_fd, &event, 1, t);
87d2c1ff
LP		 1526 if (r < 0) {
1527
1528 if (errno == EINTR)
1529 continue;
1530
1531 log_error("epoll_wait() failed: %m");
1532 r = -errno;
1533 goto finish;
89fef990 1534 }
87d2c1ff 1535
89fef990
LP		 1536 if (r > 0) {
1537 r = process_event(&server, &event);
1538 if (r < 0)
1539 goto finish;
1540 else if (r == 0)
1541 break;
1542 }
1543
99add6fd 1544 server_maybe_append_tags(&server);
87d2c1ff
LP		 1545 }
1546
fe652127 1547 log_debug("systemd-journald stopped as pid %lu", (unsigned long) getpid());
ef63833d 1548 server_driver_message(&server, SD_MESSAGE_JOURNAL_STOP, "Journal stopped");
fe652127 1549
87d2c1ff
LP		 1550finish:
1551 sd_notify(false,
1552 "STATUS=Shutting down...");
1553
1554 server_done(&server);
1555
1556 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
1557}
Unnamed repository; edit this file 'description' to name the repository.