1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2011 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 #include <sys/signalfd.h>
23 #include <sys/ioctl.h>
24 #include <linux/sockios.h>
25 #include <sys/statvfs.h>
30 #include "sd-journal.h"
31 #include "sd-messages.h"
32 #include "sd-daemon.h"
36 #include "journal-file.h"
37 #include "socket-util.h"
38 #include "cgroup-util.h"
40 #include "conf-parser.h"
41 #include "selinux-util.h"
42 #include "journal-internal.h"
43 #include "journal-vacuum.h"
44 #include "journal-authenticate.h"
45 #include "journald-rate-limit.h"
46 #include "journald-kmsg.h"
47 #include "journald-syslog.h"
48 #include "journald-stream.h"
49 #include "journald-native.h"
50 #include "journald-audit.h"
51 #include "journald-server.h"
53 #include "formats-util.h"
54 #include "process-util.h"
57 #include <selinux/selinux.h>
60 #define USER_JOURNALS_MAX 1024
62 #define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
63 #define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC)
64 #define DEFAULT_RATE_LIMIT_BURST 1000
65 #define DEFAULT_MAX_FILE_USEC USEC_PER_MONTH
67 #define RECHECK_AVAILABLE_SPACE_USEC (30*USEC_PER_SEC)
69 static const char* const storage_table
[_STORAGE_MAX
] = {
70 [STORAGE_AUTO
] = "auto",
71 [STORAGE_VOLATILE
] = "volatile",
72 [STORAGE_PERSISTENT
] = "persistent",
73 [STORAGE_NONE
] = "none"
76 DEFINE_STRING_TABLE_LOOKUP(storage
, Storage
);
77 DEFINE_CONFIG_PARSE_ENUM(config_parse_storage
, storage
, Storage
, "Failed to parse storage setting");
79 static const char* const split_mode_table
[_SPLIT_MAX
] = {
80 [SPLIT_LOGIN
] = "login",
82 [SPLIT_NONE
] = "none",
85 DEFINE_STRING_TABLE_LOOKUP(split_mode
, SplitMode
);
86 DEFINE_CONFIG_PARSE_ENUM(config_parse_split_mode
, split_mode
, SplitMode
, "Failed to parse split mode setting");
88 static uint64_t available_space(Server
*s
, bool verbose
) {
90 _cleanup_free_
char *p
= NULL
;
93 uint64_t sum
= 0, ss_avail
= 0, avail
= 0;
95 _cleanup_closedir_
DIR *d
= NULL
;
100 ts
= now(CLOCK_MONOTONIC
);
102 if (s
->cached_available_space_timestamp
+ RECHECK_AVAILABLE_SPACE_USEC
> ts
104 return s
->cached_available_space
;
106 r
= sd_id128_get_machine(&machine
);
110 if (s
->system_journal
) {
111 f
= "/var/log/journal/";
112 m
= &s
->system_metrics
;
114 f
= "/run/log/journal/";
115 m
= &s
->runtime_metrics
;
120 p
= strappend(f
, sd_id128_to_string(machine
, ids
));
128 if (fstatvfs(dirfd(d
), &ss
) < 0)
137 if (!de
&& errno
!= 0)
143 if (!endswith(de
->d_name
, ".journal") &&
144 !endswith(de
->d_name
, ".journal~"))
147 if (fstatat(dirfd(d
), de
->d_name
, &st
, AT_SYMLINK_NOFOLLOW
) < 0)
150 if (!S_ISREG(st
.st_mode
))
153 sum
+= (uint64_t) st
.st_blocks
* 512UL;
156 ss_avail
= ss
.f_bsize
* ss
.f_bavail
;
158 /* If we reached a high mark, we will always allow this much
159 * again, unless usage goes above max_use. This watermark
160 * value is cached so that we don't give up space on pressure,
161 * but hover below the maximum usage. */
166 avail
= LESS_BY(ss_avail
, m
->keep_free
);
168 s
->cached_available_space
= LESS_BY(MIN(m
->max_use
, avail
), sum
);
169 s
->cached_available_space_timestamp
= ts
;
172 char fb1
[FORMAT_BYTES_MAX
], fb2
[FORMAT_BYTES_MAX
], fb3
[FORMAT_BYTES_MAX
],
173 fb4
[FORMAT_BYTES_MAX
], fb5
[FORMAT_BYTES_MAX
];
175 server_driver_message(s
, SD_MESSAGE_JOURNAL_USAGE
,
176 "%s journal is using %s (max allowed %s, "
177 "trying to leave %s free of %s available → current limit %s).",
178 s
->system_journal
? "Permanent" : "Runtime",
179 format_bytes(fb1
, sizeof(fb1
), sum
),
180 format_bytes(fb2
, sizeof(fb2
), m
->max_use
),
181 format_bytes(fb3
, sizeof(fb3
), m
->keep_free
),
182 format_bytes(fb4
, sizeof(fb4
), ss_avail
),
183 format_bytes(fb5
, sizeof(fb5
), s
->cached_available_space
+ sum
));
186 return s
->cached_available_space
;
189 void server_fix_perms(Server
*s
, JournalFile
*f
, uid_t uid
) {
194 acl_permset_t permset
;
199 r
= fchmod(f
->fd
, 0640);
201 log_warning_errno(r
, "Failed to fix access mode on %s, ignoring: %m", f
->path
);
204 if (uid
<= SYSTEM_UID_MAX
)
207 acl
= acl_get_fd(f
->fd
);
209 log_warning_errno(errno
, "Failed to read ACL on %s, ignoring: %m", f
->path
);
213 r
= acl_find_uid(acl
, uid
, &entry
);
216 if (acl_create_entry(&acl
, &entry
) < 0 ||
217 acl_set_tag_type(entry
, ACL_USER
) < 0 ||
218 acl_set_qualifier(entry
, &uid
) < 0) {
219 log_warning_errno(errno
, "Failed to patch ACL on %s, ignoring: %m", f
->path
);
224 /* We do not recalculate the mask unconditionally here,
225 * so that the fchmod() mask above stays intact. */
226 if (acl_get_permset(entry
, &permset
) < 0 ||
227 acl_add_perm(permset
, ACL_READ
) < 0 ||
228 calc_acl_mask_if_needed(&acl
) < 0) {
229 log_warning_errno(errno
, "Failed to patch ACL on %s, ignoring: %m", f
->path
);
233 if (acl_set_fd(f
->fd
, acl
) < 0)
234 log_warning_errno(errno
, "Failed to set ACL on %s, ignoring: %m", f
->path
);
241 static JournalFile
* find_journal(Server
*s
, uid_t uid
) {
242 _cleanup_free_
char *p
= NULL
;
249 /* We split up user logs only on /var, not on /run. If the
250 * runtime file is open, we write to it exclusively, in order
251 * to guarantee proper order as soon as we flush /run to
252 * /var and close the runtime file. */
254 if (s
->runtime_journal
)
255 return s
->runtime_journal
;
257 if (uid
<= SYSTEM_UID_MAX
)
258 return s
->system_journal
;
260 r
= sd_id128_get_machine(&machine
);
262 return s
->system_journal
;
264 f
= ordered_hashmap_get(s
->user_journals
, UINT32_TO_PTR(uid
));
268 if (asprintf(&p
, "/var/log/journal/" SD_ID128_FORMAT_STR
"/user-"UID_FMT
".journal",
269 SD_ID128_FORMAT_VAL(machine
), uid
) < 0)
270 return s
->system_journal
;
272 while (ordered_hashmap_size(s
->user_journals
) >= USER_JOURNALS_MAX
) {
273 /* Too many open? Then let's close one */
274 f
= ordered_hashmap_steal_first(s
->user_journals
);
276 journal_file_close(f
);
279 r
= journal_file_open_reliably(p
, O_RDWR
|O_CREAT
, 0640, s
->compress
, s
->seal
, &s
->system_metrics
, s
->mmap
, NULL
, &f
);
281 return s
->system_journal
;
283 server_fix_perms(s
, f
, uid
);
285 r
= ordered_hashmap_put(s
->user_journals
, UINT32_TO_PTR(uid
), f
);
287 journal_file_close(f
);
288 return s
->system_journal
;
294 static int do_rotate(
307 r
= journal_file_rotate(f
, s
->compress
, seal
);
310 log_error_errno(r
, "Failed to rotate %s: %m", (*f
)->path
);
312 log_error_errno(r
, "Failed to create new %s journal: %m", name
);
314 server_fix_perms(s
, *f
, uid
);
319 void server_rotate(Server
*s
) {
325 log_debug("Rotating...");
327 do_rotate(s
, &s
->runtime_journal
, "runtime", false, 0);
328 do_rotate(s
, &s
->system_journal
, "system", s
->seal
, 0);
330 ORDERED_HASHMAP_FOREACH_KEY(f
, k
, s
->user_journals
, i
) {
331 r
= do_rotate(s
, &f
, "user", s
->seal
, PTR_TO_UINT32(k
));
333 ordered_hashmap_replace(s
->user_journals
, k
, f
);
335 /* Old file has been closed and deallocated */
336 ordered_hashmap_remove(s
->user_journals
, k
);
340 void server_sync(Server
*s
) {
346 if (s
->system_journal
) {
347 r
= journal_file_set_offline(s
->system_journal
);
349 log_error_errno(r
, "Failed to sync system journal: %m");
352 ORDERED_HASHMAP_FOREACH_KEY(f
, k
, s
->user_journals
, i
) {
353 r
= journal_file_set_offline(f
);
355 log_error_errno(r
, "Failed to sync user journal: %m");
358 if (s
->sync_event_source
) {
359 r
= sd_event_source_set_enabled(s
->sync_event_source
, SD_EVENT_OFF
);
361 log_error_errno(r
, "Failed to disable sync timer source: %m");
364 s
->sync_scheduled
= false;
367 static void do_vacuum(
372 JournalMetrics
*metrics
) {
380 p
= strjoina(path
, id
);
381 r
= journal_directory_vacuum(p
, metrics
->max_use
, s
->max_retention_usec
, &s
->oldest_file_usec
, false);
382 if (r
< 0 && r
!= -ENOENT
)
383 log_error_errno(r
, "Failed to vacuum %s: %m", p
);
386 void server_vacuum(Server
*s
) {
391 log_debug("Vacuuming...");
393 s
->oldest_file_usec
= 0;
395 r
= sd_id128_get_machine(&machine
);
397 log_error_errno(r
, "Failed to get machine ID: %m");
400 sd_id128_to_string(machine
, ids
);
402 do_vacuum(s
, ids
, s
->system_journal
, "/var/log/journal/", &s
->system_metrics
);
403 do_vacuum(s
, ids
, s
->runtime_journal
, "/run/log/journal/", &s
->runtime_metrics
);
405 s
->cached_available_space_timestamp
= 0;
408 static void server_cache_machine_id(Server
*s
) {
414 r
= sd_id128_get_machine(&id
);
418 sd_id128_to_string(id
, stpcpy(s
->machine_id_field
, "_MACHINE_ID="));
421 static void server_cache_boot_id(Server
*s
) {
427 r
= sd_id128_get_boot(&id
);
431 sd_id128_to_string(id
, stpcpy(s
->boot_id_field
, "_BOOT_ID="));
434 static void server_cache_hostname(Server
*s
) {
435 _cleanup_free_
char *t
= NULL
;
440 t
= gethostname_malloc();
444 x
= strappend("_HOSTNAME=", t
);
448 free(s
->hostname_field
);
449 s
->hostname_field
= x
;
452 static bool shall_try_append_again(JournalFile
*f
, int r
) {
454 /* -E2BIG Hit configured limit
456 -EDQUOT Quota limit hit
458 -EIO I/O error of some kind (mmap)
459 -EHOSTDOWN Other machine
460 -EBUSY Unclean shutdown
461 -EPROTONOSUPPORT Unsupported feature
464 -ESHUTDOWN Already archived
465 -EIDRM Journal file has been deleted */
467 if (r
== -E2BIG
|| r
== -EFBIG
|| r
== -EDQUOT
|| r
== -ENOSPC
)
468 log_debug("%s: Allocation limit reached, rotating.", f
->path
);
469 else if (r
== -EHOSTDOWN
)
470 log_info("%s: Journal file from other machine, rotating.", f
->path
);
471 else if (r
== -EBUSY
)
472 log_info("%s: Unclean shutdown, rotating.", f
->path
);
473 else if (r
== -EPROTONOSUPPORT
)
474 log_info("%s: Unsupported feature, rotating.", f
->path
);
475 else if (r
== -EBADMSG
|| r
== -ENODATA
|| r
== ESHUTDOWN
)
476 log_warning("%s: Journal file corrupted, rotating.", f
->path
);
478 log_warning("%s: IO error, rotating.", f
->path
);
479 else if (r
== -EIDRM
)
480 log_warning("%s: Journal file has been deleted, rotating.", f
->path
);
487 static void write_to_journal(Server
*s
, uid_t uid
, struct iovec
*iovec
, unsigned n
, int priority
) {
489 bool vacuumed
= false;
496 f
= find_journal(s
, uid
);
500 if (journal_file_rotate_suggested(f
, s
->max_file_usec
)) {
501 log_debug("%s: Journal header limits reached or header out-of-date, rotating.", f
->path
);
506 f
= find_journal(s
, uid
);
511 r
= journal_file_append_entry(f
, NULL
, iovec
, n
, &s
->seqnum
, NULL
, NULL
);
513 server_schedule_sync(s
, priority
);
517 if (vacuumed
|| !shall_try_append_again(f
, r
)) {
518 log_error_errno(r
, "Failed to write entry (%d items, %zu bytes), ignoring: %m", n
, IOVEC_TOTAL_SIZE(iovec
, n
));
525 f
= find_journal(s
, uid
);
529 log_debug("Retrying write.");
530 r
= journal_file_append_entry(f
, NULL
, iovec
, n
, &s
->seqnum
, NULL
, NULL
);
532 log_error_errno(r
, "Failed to write entry (%d items, %zu bytes) despite vacuuming, ignoring: %m", n
, IOVEC_TOTAL_SIZE(iovec
, n
));
534 server_schedule_sync(s
, priority
);
537 static void dispatch_message_real(
539 struct iovec
*iovec
, unsigned n
, unsigned m
,
540 const struct ucred
*ucred
,
541 const struct timeval
*tv
,
542 const char *label
, size_t label_len
,
547 char pid
[sizeof("_PID=") + DECIMAL_STR_MAX(pid_t
)],
548 uid
[sizeof("_UID=") + DECIMAL_STR_MAX(uid_t
)],
549 gid
[sizeof("_GID=") + DECIMAL_STR_MAX(gid_t
)],
550 owner_uid
[sizeof("_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t
)],
551 source_time
[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t
)],
552 o_uid
[sizeof("OBJECT_UID=") + DECIMAL_STR_MAX(uid_t
)],
553 o_gid
[sizeof("OBJECT_GID=") + DECIMAL_STR_MAX(gid_t
)],
554 o_owner_uid
[sizeof("OBJECT_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t
)];
560 uid_t realuid
= 0, owner
= 0, journal_uid
;
561 bool owner_valid
= false;
563 char audit_session
[sizeof("_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
564 audit_loginuid
[sizeof("_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t
)],
565 o_audit_session
[sizeof("OBJECT_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
566 o_audit_loginuid
[sizeof("OBJECT_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t
)];
575 assert(n
+ N_IOVEC_META_FIELDS
+ (object_pid
? N_IOVEC_OBJECT_FIELDS
: 0) <= m
);
578 realuid
= ucred
->uid
;
580 sprintf(pid
, "_PID="PID_FMT
, ucred
->pid
);
581 IOVEC_SET_STRING(iovec
[n
++], pid
);
583 sprintf(uid
, "_UID="UID_FMT
, ucred
->uid
);
584 IOVEC_SET_STRING(iovec
[n
++], uid
);
586 sprintf(gid
, "_GID="GID_FMT
, ucred
->gid
);
587 IOVEC_SET_STRING(iovec
[n
++], gid
);
589 r
= get_process_comm(ucred
->pid
, &t
);
591 x
= strjoina("_COMM=", t
);
593 IOVEC_SET_STRING(iovec
[n
++], x
);
596 r
= get_process_exe(ucred
->pid
, &t
);
598 x
= strjoina("_EXE=", t
);
600 IOVEC_SET_STRING(iovec
[n
++], x
);
603 r
= get_process_cmdline(ucred
->pid
, 0, false, &t
);
605 x
= strjoina("_CMDLINE=", t
);
607 IOVEC_SET_STRING(iovec
[n
++], x
);
610 r
= get_process_capeff(ucred
->pid
, &t
);
612 x
= strjoina("_CAP_EFFECTIVE=", t
);
614 IOVEC_SET_STRING(iovec
[n
++], x
);
618 r
= audit_session_from_pid(ucred
->pid
, &audit
);
620 sprintf(audit_session
, "_AUDIT_SESSION=%"PRIu32
, audit
);
621 IOVEC_SET_STRING(iovec
[n
++], audit_session
);
624 r
= audit_loginuid_from_pid(ucred
->pid
, &loginuid
);
626 sprintf(audit_loginuid
, "_AUDIT_LOGINUID="UID_FMT
, loginuid
);
627 IOVEC_SET_STRING(iovec
[n
++], audit_loginuid
);
631 r
= cg_pid_get_path_shifted(ucred
->pid
, s
->cgroup_root
, &c
);
633 char *session
= NULL
;
635 x
= strjoina("_SYSTEMD_CGROUP=", c
);
636 IOVEC_SET_STRING(iovec
[n
++], x
);
638 r
= cg_path_get_session(c
, &t
);
640 session
= strjoina("_SYSTEMD_SESSION=", t
);
642 IOVEC_SET_STRING(iovec
[n
++], session
);
645 if (cg_path_get_owner_uid(c
, &owner
) >= 0) {
648 sprintf(owner_uid
, "_SYSTEMD_OWNER_UID="UID_FMT
, owner
);
649 IOVEC_SET_STRING(iovec
[n
++], owner_uid
);
652 if (cg_path_get_unit(c
, &t
) >= 0) {
653 x
= strjoina("_SYSTEMD_UNIT=", t
);
655 IOVEC_SET_STRING(iovec
[n
++], x
);
656 } else if (unit_id
&& !session
) {
657 x
= strjoina("_SYSTEMD_UNIT=", unit_id
);
658 IOVEC_SET_STRING(iovec
[n
++], x
);
661 if (cg_path_get_user_unit(c
, &t
) >= 0) {
662 x
= strjoina("_SYSTEMD_USER_UNIT=", t
);
664 IOVEC_SET_STRING(iovec
[n
++], x
);
665 } else if (unit_id
&& session
) {
666 x
= strjoina("_SYSTEMD_USER_UNIT=", unit_id
);
667 IOVEC_SET_STRING(iovec
[n
++], x
);
670 if (cg_path_get_slice(c
, &t
) >= 0) {
671 x
= strjoina("_SYSTEMD_SLICE=", t
);
673 IOVEC_SET_STRING(iovec
[n
++], x
);
677 } else if (unit_id
) {
678 x
= strjoina("_SYSTEMD_UNIT=", unit_id
);
679 IOVEC_SET_STRING(iovec
[n
++], x
);
683 if (mac_selinux_use()) {
685 x
= alloca(strlen("_SELINUX_CONTEXT=") + label_len
+ 1);
687 *((char*) mempcpy(stpcpy(x
, "_SELINUX_CONTEXT="), label
, label_len
)) = 0;
688 IOVEC_SET_STRING(iovec
[n
++], x
);
690 security_context_t con
;
692 if (getpidcon(ucred
->pid
, &con
) >= 0) {
693 x
= strjoina("_SELINUX_CONTEXT=", con
);
696 IOVEC_SET_STRING(iovec
[n
++], x
);
705 r
= get_process_uid(object_pid
, &object_uid
);
707 sprintf(o_uid
, "OBJECT_UID="UID_FMT
, object_uid
);
708 IOVEC_SET_STRING(iovec
[n
++], o_uid
);
711 r
= get_process_gid(object_pid
, &object_gid
);
713 sprintf(o_gid
, "OBJECT_GID="GID_FMT
, object_gid
);
714 IOVEC_SET_STRING(iovec
[n
++], o_gid
);
717 r
= get_process_comm(object_pid
, &t
);
719 x
= strjoina("OBJECT_COMM=", t
);
721 IOVEC_SET_STRING(iovec
[n
++], x
);
724 r
= get_process_exe(object_pid
, &t
);
726 x
= strjoina("OBJECT_EXE=", t
);
728 IOVEC_SET_STRING(iovec
[n
++], x
);
731 r
= get_process_cmdline(object_pid
, 0, false, &t
);
733 x
= strjoina("OBJECT_CMDLINE=", t
);
735 IOVEC_SET_STRING(iovec
[n
++], x
);
739 r
= audit_session_from_pid(object_pid
, &audit
);
741 sprintf(o_audit_session
, "OBJECT_AUDIT_SESSION=%"PRIu32
, audit
);
742 IOVEC_SET_STRING(iovec
[n
++], o_audit_session
);
745 r
= audit_loginuid_from_pid(object_pid
, &loginuid
);
747 sprintf(o_audit_loginuid
, "OBJECT_AUDIT_LOGINUID="UID_FMT
, loginuid
);
748 IOVEC_SET_STRING(iovec
[n
++], o_audit_loginuid
);
752 r
= cg_pid_get_path_shifted(object_pid
, s
->cgroup_root
, &c
);
754 x
= strjoina("OBJECT_SYSTEMD_CGROUP=", c
);
755 IOVEC_SET_STRING(iovec
[n
++], x
);
757 r
= cg_path_get_session(c
, &t
);
759 x
= strjoina("OBJECT_SYSTEMD_SESSION=", t
);
761 IOVEC_SET_STRING(iovec
[n
++], x
);
764 if (cg_path_get_owner_uid(c
, &owner
) >= 0) {
765 sprintf(o_owner_uid
, "OBJECT_SYSTEMD_OWNER_UID="UID_FMT
, owner
);
766 IOVEC_SET_STRING(iovec
[n
++], o_owner_uid
);
769 if (cg_path_get_unit(c
, &t
) >= 0) {
770 x
= strjoina("OBJECT_SYSTEMD_UNIT=", t
);
772 IOVEC_SET_STRING(iovec
[n
++], x
);
775 if (cg_path_get_user_unit(c
, &t
) >= 0) {
776 x
= strjoina("OBJECT_SYSTEMD_USER_UNIT=", t
);
778 IOVEC_SET_STRING(iovec
[n
++], x
);
787 sprintf(source_time
, "_SOURCE_REALTIME_TIMESTAMP=%llu", (unsigned long long) timeval_load(tv
));
788 IOVEC_SET_STRING(iovec
[n
++], source_time
);
791 /* Note that strictly speaking storing the boot id here is
792 * redundant since the entry includes this in-line
793 * anyway. However, we need this indexed, too. */
794 if (!isempty(s
->boot_id_field
))
795 IOVEC_SET_STRING(iovec
[n
++], s
->boot_id_field
);
797 if (!isempty(s
->machine_id_field
))
798 IOVEC_SET_STRING(iovec
[n
++], s
->machine_id_field
);
800 if (!isempty(s
->hostname_field
))
801 IOVEC_SET_STRING(iovec
[n
++], s
->hostname_field
);
805 if (s
->split_mode
== SPLIT_UID
&& realuid
> 0)
806 /* Split up strictly by any UID */
807 journal_uid
= realuid
;
808 else if (s
->split_mode
== SPLIT_LOGIN
&& realuid
> 0 && owner_valid
&& owner
> 0)
809 /* Split up by login UIDs. We do this only if the
810 * realuid is not root, in order not to accidentally
811 * leak privileged information to the user that is
812 * logged by a privileged process that is part of an
813 * unprivileged session. */
818 write_to_journal(s
, journal_uid
, iovec
, n
, priority
);
821 void server_driver_message(Server
*s
, sd_id128_t message_id
, const char *format
, ...) {
822 char mid
[11 + 32 + 1];
823 char buffer
[16 + LINE_MAX
+ 1];
824 struct iovec iovec
[N_IOVEC_META_FIELDS
+ 4];
827 struct ucred ucred
= {};
832 IOVEC_SET_STRING(iovec
[n
++], "PRIORITY=6");
833 IOVEC_SET_STRING(iovec
[n
++], "_TRANSPORT=driver");
835 memcpy(buffer
, "MESSAGE=", 8);
836 va_start(ap
, format
);
837 vsnprintf(buffer
+ 8, sizeof(buffer
) - 8, format
, ap
);
839 IOVEC_SET_STRING(iovec
[n
++], buffer
);
841 if (!sd_id128_equal(message_id
, SD_ID128_NULL
)) {
842 snprintf(mid
, sizeof(mid
), LOG_MESSAGE_ID(message_id
));
843 IOVEC_SET_STRING(iovec
[n
++], mid
);
846 ucred
.pid
= getpid();
847 ucred
.uid
= getuid();
848 ucred
.gid
= getgid();
850 dispatch_message_real(s
, iovec
, n
, ELEMENTSOF(iovec
), &ucred
, NULL
, NULL
, 0, NULL
, LOG_INFO
, 0);
853 void server_dispatch_message(
855 struct iovec
*iovec
, unsigned n
, unsigned m
,
856 const struct ucred
*ucred
,
857 const struct timeval
*tv
,
858 const char *label
, size_t label_len
,
864 _cleanup_free_
char *path
= NULL
;
868 assert(iovec
|| n
== 0);
873 if (LOG_PRI(priority
) > s
->max_level_store
)
876 /* Stop early in case the information will not be stored
878 if (s
->storage
== STORAGE_NONE
)
884 r
= cg_pid_get_path_shifted(ucred
->pid
, s
->cgroup_root
, &path
);
888 /* example: /user/lennart/3/foobar
889 * /system/dbus.service/foobar
891 * So let's cut of everything past the third /, since that is
892 * where user directories start */
894 c
= strchr(path
, '/');
896 c
= strchr(c
+1, '/');
898 c
= strchr(c
+1, '/');
904 rl
= journal_rate_limit_test(s
->rate_limit
, path
,
905 priority
& LOG_PRIMASK
, available_space(s
, false));
910 /* Write a suppression message if we suppressed something */
912 server_driver_message(s
, SD_MESSAGE_JOURNAL_DROPPED
,
913 "Suppressed %u messages from %s", rl
- 1, path
);
916 dispatch_message_real(s
, iovec
, n
, m
, ucred
, tv
, label
, label_len
, unit_id
, priority
, object_pid
);
920 static int system_journal_open(Server
*s
, bool flush_requested
) {
926 r
= sd_id128_get_machine(&machine
);
928 return log_error_errno(r
, "Failed to get machine id: %m");
930 sd_id128_to_string(machine
, ids
);
932 if (!s
->system_journal
&&
933 (s
->storage
== STORAGE_PERSISTENT
|| s
->storage
== STORAGE_AUTO
) &&
935 || access("/run/systemd/journal/flushed", F_OK
) >= 0)) {
937 /* If in auto mode: first try to create the machine
938 * path, but not the prefix.
940 * If in persistent mode: create /var/log/journal and
941 * the machine path */
943 if (s
->storage
== STORAGE_PERSISTENT
)
944 (void) mkdir("/var/log/journal/", 0755);
946 fn
= strjoina("/var/log/journal/", ids
);
947 (void) mkdir(fn
, 0755);
949 fn
= strjoina(fn
, "/system.journal");
950 r
= journal_file_open_reliably(fn
, O_RDWR
|O_CREAT
, 0640, s
->compress
, s
->seal
, &s
->system_metrics
, s
->mmap
, NULL
, &s
->system_journal
);
953 server_fix_perms(s
, s
->system_journal
, 0);
955 if (r
!= -ENOENT
&& r
!= -EROFS
)
956 log_warning_errno(r
, "Failed to open system journal: %m");
962 if (!s
->runtime_journal
&&
963 (s
->storage
!= STORAGE_NONE
)) {
965 fn
= strjoin("/run/log/journal/", ids
, "/system.journal", NULL
);
969 if (s
->system_journal
) {
971 /* Try to open the runtime journal, but only
972 * if it already exists, so that we can flush
973 * it into the system journal */
975 r
= journal_file_open(fn
, O_RDWR
, 0640, s
->compress
, false, &s
->runtime_metrics
, s
->mmap
, NULL
, &s
->runtime_journal
);
980 log_warning_errno(r
, "Failed to open runtime journal: %m");
987 /* OK, we really need the runtime journal, so create
988 * it if necessary. */
990 (void) mkdir("/run/log", 0755);
991 (void) mkdir("/run/log/journal", 0755);
992 (void) mkdir_parents(fn
, 0750);
994 r
= journal_file_open_reliably(fn
, O_RDWR
|O_CREAT
, 0640, s
->compress
, false, &s
->runtime_metrics
, s
->mmap
, NULL
, &s
->runtime_journal
);
998 return log_error_errno(r
, "Failed to open runtime journal: %m");
1001 if (s
->runtime_journal
)
1002 server_fix_perms(s
, s
->runtime_journal
, 0);
1005 available_space(s
, true);
1010 int server_flush_to_var(Server
*s
) {
1012 sd_journal
*j
= NULL
;
1013 char ts
[FORMAT_TIMESPAN_MAX
];
1020 if (s
->storage
!= STORAGE_AUTO
&&
1021 s
->storage
!= STORAGE_PERSISTENT
)
1024 if (!s
->runtime_journal
)
1027 system_journal_open(s
, true);
1029 if (!s
->system_journal
)
1032 log_debug("Flushing to /var...");
1034 start
= now(CLOCK_MONOTONIC
);
1036 r
= sd_id128_get_machine(&machine
);
1040 r
= sd_journal_open(&j
, SD_JOURNAL_RUNTIME_ONLY
);
1042 return log_error_errno(r
, "Failed to read runtime journal: %m");
1044 sd_journal_set_data_threshold(j
, 0);
1046 SD_JOURNAL_FOREACH(j
) {
1050 f
= j
->current_file
;
1051 assert(f
&& f
->current_offset
> 0);
1055 r
= journal_file_move_to_object(f
, OBJECT_ENTRY
, f
->current_offset
, &o
);
1057 log_error_errno(r
, "Can't read entry: %m");
1061 r
= journal_file_copy_entry(f
, s
->system_journal
, o
, f
->current_offset
, NULL
, NULL
, NULL
);
1065 if (!shall_try_append_again(s
->system_journal
, r
)) {
1066 log_error_errno(r
, "Can't write entry: %m");
1073 if (!s
->system_journal
) {
1074 log_notice("Didn't flush runtime journal since rotation of system journal wasn't successful.");
1079 log_debug("Retrying write.");
1080 r
= journal_file_copy_entry(f
, s
->system_journal
, o
, f
->current_offset
, NULL
, NULL
, NULL
);
1082 log_error_errno(r
, "Can't write entry: %m");
1088 journal_file_post_change(s
->system_journal
);
1090 journal_file_close(s
->runtime_journal
);
1091 s
->runtime_journal
= NULL
;
1094 (void) rm_rf("/run/log/journal", REMOVE_ROOT
);
1096 sd_journal_close(j
);
1098 server_driver_message(s
, SD_ID128_NULL
, "Time spent on flushing to /var is %s for %u entries.", format_timespan(ts
, sizeof(ts
), now(CLOCK_MONOTONIC
) - start
, 0), n
);
1103 int server_process_datagram(sd_event_source
*es
, int fd
, uint32_t revents
, void *userdata
) {
1104 Server
*s
= userdata
;
1107 assert(fd
== s
->native_fd
|| fd
== s
->syslog_fd
|| fd
== s
->audit_fd
);
1109 if (revents
!= EPOLLIN
) {
1110 log_error("Got invalid event from epoll for datagram fd: %"PRIx32
, revents
);
1115 struct ucred
*ucred
= NULL
;
1116 struct timeval
*tv
= NULL
;
1117 struct cmsghdr
*cmsg
;
1119 size_t label_len
= 0;
1123 struct cmsghdr cmsghdr
;
1125 /* We use NAME_MAX space for the SELinux label
1126 * here. The kernel currently enforces no
1127 * limit, but according to suggestions from
1128 * the SELinux people this will change and it
1129 * will probably be identical to NAME_MAX. For
1130 * now we use that, but this should be updated
1131 * one day when the final limit is known. */
1132 uint8_t buf
[CMSG_SPACE(sizeof(struct ucred
)) +
1133 CMSG_SPACE(sizeof(struct timeval
)) +
1134 CMSG_SPACE(sizeof(int)) + /* fd */
1135 CMSG_SPACE(NAME_MAX
)]; /* selinux label */
1137 union sockaddr_union sa
= {};
1138 struct msghdr msghdr
= {
1141 .msg_control
= &control
,
1142 .msg_controllen
= sizeof(control
),
1144 .msg_namelen
= sizeof(sa
),
1153 /* Try to get the right size, if we can. (Not all
1154 * sockets support SIOCINQ, hence we just try, but
1155 * don't rely on it. */
1156 (void) ioctl(fd
, SIOCINQ
, &v
);
1158 /* Fix it up, if it is too small. We use the same fixed value as auditd here. Awful! */
1159 m
= PAGE_ALIGN(MAX3((size_t) v
+ 1,
1161 ALIGN(sizeof(struct nlmsghdr
)) + ALIGN((size_t) MAX_AUDIT_MESSAGE_LENGTH
)) + 1);
1163 if (!GREEDY_REALLOC(s
->buffer
, s
->buffer_size
, m
))
1166 iovec
.iov_base
= s
->buffer
;
1167 iovec
.iov_len
= s
->buffer_size
- 1; /* Leave room for trailing NUL we add later */
1169 n
= recvmsg(fd
, &msghdr
, MSG_DONTWAIT
|MSG_CMSG_CLOEXEC
);
1171 if (errno
== EINTR
|| errno
== EAGAIN
)
1174 log_error_errno(errno
, "recvmsg() failed: %m");
1178 for (cmsg
= CMSG_FIRSTHDR(&msghdr
); cmsg
; cmsg
= CMSG_NXTHDR(&msghdr
, cmsg
)) {
1180 if (cmsg
->cmsg_level
== SOL_SOCKET
&&
1181 cmsg
->cmsg_type
== SCM_CREDENTIALS
&&
1182 cmsg
->cmsg_len
== CMSG_LEN(sizeof(struct ucred
)))
1183 ucred
= (struct ucred
*) CMSG_DATA(cmsg
);
1184 else if (cmsg
->cmsg_level
== SOL_SOCKET
&&
1185 cmsg
->cmsg_type
== SCM_SECURITY
) {
1186 label
= (char*) CMSG_DATA(cmsg
);
1187 label_len
= cmsg
->cmsg_len
- CMSG_LEN(0);
1188 } else if (cmsg
->cmsg_level
== SOL_SOCKET
&&
1189 cmsg
->cmsg_type
== SO_TIMESTAMP
&&
1190 cmsg
->cmsg_len
== CMSG_LEN(sizeof(struct timeval
)))
1191 tv
= (struct timeval
*) CMSG_DATA(cmsg
);
1192 else if (cmsg
->cmsg_level
== SOL_SOCKET
&&
1193 cmsg
->cmsg_type
== SCM_RIGHTS
) {
1194 fds
= (int*) CMSG_DATA(cmsg
);
1195 n_fds
= (cmsg
->cmsg_len
- CMSG_LEN(0)) / sizeof(int);
1199 /* And a trailing NUL, just in case */
1202 if (fd
== s
->syslog_fd
) {
1203 if (n
> 0 && n_fds
== 0)
1204 server_process_syslog_message(s
, strstrip(s
->buffer
), ucred
, tv
, label
, label_len
);
1206 log_warning("Got file descriptors via syslog socket. Ignoring.");
1208 } else if (fd
== s
->native_fd
) {
1209 if (n
> 0 && n_fds
== 0)
1210 server_process_native_message(s
, s
->buffer
, n
, ucred
, tv
, label
, label_len
);
1211 else if (n
== 0 && n_fds
== 1)
1212 server_process_native_file(s
, fds
[0], ucred
, tv
, label
, label_len
);
1214 log_warning("Got too many file descriptors via native socket. Ignoring.");
1217 assert(fd
== s
->audit_fd
);
1219 if (n
> 0 && n_fds
== 0)
1220 server_process_audit_message(s
, s
->buffer
, n
, ucred
, &sa
, msghdr
.msg_namelen
);
1222 log_warning("Got file descriptors via audit socket. Ignoring.");
1225 close_many(fds
, n_fds
);
1229 static int dispatch_sigusr1(sd_event_source
*es
, const struct signalfd_siginfo
*si
, void *userdata
) {
1230 Server
*s
= userdata
;
1234 log_info("Received request to flush runtime journal from PID %"PRIu32
, si
->ssi_pid
);
1236 server_flush_to_var(s
);
1240 touch("/run/systemd/journal/flushed");
1245 static int dispatch_sigusr2(sd_event_source
*es
, const struct signalfd_siginfo
*si
, void *userdata
) {
1246 Server
*s
= userdata
;
1250 log_info("Received request to rotate journal from PID %"PRIu32
, si
->ssi_pid
);
1257 static int dispatch_sigterm(sd_event_source
*es
, const struct signalfd_siginfo
*si
, void *userdata
) {
1258 Server
*s
= userdata
;
1262 log_received_signal(LOG_INFO
, si
);
1264 sd_event_exit(s
->event
, 0);
1268 static int setup_signals(Server
*s
) {
1274 assert_se(sigemptyset(&mask
) == 0);
1275 sigset_add_many(&mask
, SIGINT
, SIGTERM
, SIGUSR1
, SIGUSR2
, -1);
1276 assert_se(sigprocmask(SIG_SETMASK
, &mask
, NULL
) == 0);
1278 r
= sd_event_add_signal(s
->event
, &s
->sigusr1_event_source
, SIGUSR1
, dispatch_sigusr1
, s
);
1282 r
= sd_event_add_signal(s
->event
, &s
->sigusr2_event_source
, SIGUSR2
, dispatch_sigusr2
, s
);
1286 r
= sd_event_add_signal(s
->event
, &s
->sigterm_event_source
, SIGTERM
, dispatch_sigterm
, s
);
1290 r
= sd_event_add_signal(s
->event
, &s
->sigint_event_source
, SIGINT
, dispatch_sigterm
, s
);
1297 static int server_parse_proc_cmdline(Server
*s
) {
1298 _cleanup_free_
char *line
= NULL
;
1299 const char *w
, *state
;
1303 r
= proc_cmdline(&line
);
1305 log_warning_errno(r
, "Failed to read /proc/cmdline, ignoring: %m");
1309 FOREACH_WORD_QUOTED(w
, l
, line
, state
) {
1310 _cleanup_free_
char *word
;
1312 word
= strndup(w
, l
);
1316 if (startswith(word
, "systemd.journald.forward_to_syslog=")) {
1317 r
= parse_boolean(word
+ 35);
1319 log_warning("Failed to parse forward to syslog switch %s. Ignoring.", word
+ 35);
1321 s
->forward_to_syslog
= r
;
1322 } else if (startswith(word
, "systemd.journald.forward_to_kmsg=")) {
1323 r
= parse_boolean(word
+ 33);
1325 log_warning("Failed to parse forward to kmsg switch %s. Ignoring.", word
+ 33);
1327 s
->forward_to_kmsg
= r
;
1328 } else if (startswith(word
, "systemd.journald.forward_to_console=")) {
1329 r
= parse_boolean(word
+ 36);
1331 log_warning("Failed to parse forward to console switch %s. Ignoring.", word
+ 36);
1333 s
->forward_to_console
= r
;
1334 } else if (startswith(word
, "systemd.journald.forward_to_wall=")) {
1335 r
= parse_boolean(word
+ 33);
1337 log_warning("Failed to parse forward to wall switch %s. Ignoring.", word
+ 33);
1339 s
->forward_to_wall
= r
;
1340 } else if (startswith(word
, "systemd.journald"))
1341 log_warning("Invalid systemd.journald parameter. Ignoring.");
1343 /* do not warn about state here, since probably systemd already did */
1348 static int server_parse_config_file(Server
*s
) {
1351 return config_parse_many("/etc/systemd/journald.conf",
1352 CONF_DIRS_NULSTR("systemd/journald.conf"),
1354 config_item_perf_lookup
, journald_gperf_lookup
,
1358 static int server_dispatch_sync(sd_event_source
*es
, usec_t t
, void *userdata
) {
1359 Server
*s
= userdata
;
1367 int server_schedule_sync(Server
*s
, int priority
) {
1372 if (priority
<= LOG_CRIT
) {
1373 /* Immediately sync to disk when this is of priority CRIT, ALERT, EMERG */
1378 if (s
->sync_scheduled
)
1381 if (s
->sync_interval_usec
> 0) {
1384 r
= sd_event_now(s
->event
, CLOCK_MONOTONIC
, &when
);
1388 when
+= s
->sync_interval_usec
;
1390 if (!s
->sync_event_source
) {
1391 r
= sd_event_add_time(
1393 &s
->sync_event_source
,
1396 server_dispatch_sync
, s
);
1400 r
= sd_event_source_set_priority(s
->sync_event_source
, SD_EVENT_PRIORITY_IMPORTANT
);
1402 r
= sd_event_source_set_time(s
->sync_event_source
, when
);
1406 r
= sd_event_source_set_enabled(s
->sync_event_source
, SD_EVENT_ONESHOT
);
1411 s
->sync_scheduled
= true;
1417 static int dispatch_hostname_change(sd_event_source
*es
, int fd
, uint32_t revents
, void *userdata
) {
1418 Server
*s
= userdata
;
1422 server_cache_hostname(s
);
1426 static int server_open_hostname(Server
*s
) {
1431 s
->hostname_fd
= open("/proc/sys/kernel/hostname", O_RDONLY
|O_CLOEXEC
|O_NDELAY
|O_NOCTTY
);
1432 if (s
->hostname_fd
< 0)
1433 return log_error_errno(errno
, "Failed to open /proc/sys/kernel/hostname: %m");
1435 r
= sd_event_add_io(s
->event
, &s
->hostname_event_source
, s
->hostname_fd
, 0, dispatch_hostname_change
, s
);
1437 /* kernels prior to 3.2 don't support polling this file. Ignore
1440 log_warning("Failed to register hostname fd in event loop: %s. Ignoring.",
1442 s
->hostname_fd
= safe_close(s
->hostname_fd
);
1446 return log_error_errno(r
, "Failed to register hostname fd in event loop: %m");
1449 r
= sd_event_source_set_priority(s
->hostname_event_source
, SD_EVENT_PRIORITY_IMPORTANT
-10);
1451 return log_error_errno(r
, "Failed to adjust priority of host name event source: %m");
1456 int server_init(Server
*s
) {
1457 _cleanup_fdset_free_ FDSet
*fds
= NULL
;
1463 s
->syslog_fd
= s
->native_fd
= s
->stdout_fd
= s
->dev_kmsg_fd
= s
->audit_fd
= s
->hostname_fd
= -1;
1467 s
->sync_interval_usec
= DEFAULT_SYNC_INTERVAL_USEC
;
1468 s
->sync_scheduled
= false;
1470 s
->rate_limit_interval
= DEFAULT_RATE_LIMIT_INTERVAL
;
1471 s
->rate_limit_burst
= DEFAULT_RATE_LIMIT_BURST
;
1473 s
->forward_to_wall
= true;
1475 s
->max_file_usec
= DEFAULT_MAX_FILE_USEC
;
1477 s
->max_level_store
= LOG_DEBUG
;
1478 s
->max_level_syslog
= LOG_DEBUG
;
1479 s
->max_level_kmsg
= LOG_NOTICE
;
1480 s
->max_level_console
= LOG_INFO
;
1481 s
->max_level_wall
= LOG_EMERG
;
1483 memset(&s
->system_metrics
, 0xFF, sizeof(s
->system_metrics
));
1484 memset(&s
->runtime_metrics
, 0xFF, sizeof(s
->runtime_metrics
));
1486 server_parse_config_file(s
);
1487 server_parse_proc_cmdline(s
);
1488 if (!!s
->rate_limit_interval
^ !!s
->rate_limit_burst
) {
1489 log_debug("Setting both rate limit interval and burst from "USEC_FMT
",%u to 0,0",
1490 s
->rate_limit_interval
, s
->rate_limit_burst
);
1491 s
->rate_limit_interval
= s
->rate_limit_burst
= 0;
1494 mkdir_p("/run/systemd/journal", 0755);
1496 s
->user_journals
= ordered_hashmap_new(NULL
);
1497 if (!s
->user_journals
)
1500 s
->mmap
= mmap_cache_new();
1504 r
= sd_event_default(&s
->event
);
1506 return log_error_errno(r
, "Failed to create event loop: %m");
1508 sd_event_set_watchdog(s
->event
, true);
1510 n
= sd_listen_fds(true);
1512 return log_error_errno(n
, "Failed to read listening file descriptors from environment: %m");
1514 for (fd
= SD_LISTEN_FDS_START
; fd
< SD_LISTEN_FDS_START
+ n
; fd
++) {
1516 if (sd_is_socket_unix(fd
, SOCK_DGRAM
, -1, "/run/systemd/journal/socket", 0) > 0) {
1518 if (s
->native_fd
>= 0) {
1519 log_error("Too many native sockets passed.");
1525 } else if (sd_is_socket_unix(fd
, SOCK_STREAM
, 1, "/run/systemd/journal/stdout", 0) > 0) {
1527 if (s
->stdout_fd
>= 0) {
1528 log_error("Too many stdout sockets passed.");
1534 } else if (sd_is_socket_unix(fd
, SOCK_DGRAM
, -1, "/dev/log", 0) > 0 ||
1535 sd_is_socket_unix(fd
, SOCK_DGRAM
, -1, "/run/systemd/journal/dev-log", 0) > 0) {
1537 if (s
->syslog_fd
>= 0) {
1538 log_error("Too many /dev/log sockets passed.");
1544 } else if (sd_is_socket(fd
, AF_NETLINK
, SOCK_RAW
, -1) > 0) {
1546 if (s
->audit_fd
>= 0) {
1547 log_error("Too many audit sockets passed.");
1561 r
= fdset_put(fds
, fd
);
1567 r
= server_open_stdout_socket(s
, fds
);
1571 if (fdset_size(fds
) > 0) {
1572 log_warning("%u unknown file descriptors passed, closing.", fdset_size(fds
));
1573 fds
= fdset_free(fds
);
1576 r
= server_open_syslog_socket(s
);
1580 r
= server_open_native_socket(s
);
1584 r
= server_open_dev_kmsg(s
);
1588 r
= server_open_audit(s
);
1592 r
= server_open_kernel_seqnum(s
);
1596 r
= server_open_hostname(s
);
1600 r
= setup_signals(s
);
1604 s
->udev
= udev_new();
1608 s
->rate_limit
= journal_rate_limit_new(s
->rate_limit_interval
, s
->rate_limit_burst
);
1612 r
= cg_get_root_path(&s
->cgroup_root
);
1616 server_cache_hostname(s
);
1617 server_cache_boot_id(s
);
1618 server_cache_machine_id(s
);
1620 r
= system_journal_open(s
, false);
1627 void server_maybe_append_tags(Server
*s
) {
1633 n
= now(CLOCK_REALTIME
);
1635 if (s
->system_journal
)
1636 journal_file_maybe_append_tag(s
->system_journal
, n
);
1638 ORDERED_HASHMAP_FOREACH(f
, s
->user_journals
, i
)
1639 journal_file_maybe_append_tag(f
, n
);
1643 void server_done(Server
*s
) {
1647 while (s
->stdout_streams
)
1648 stdout_stream_free(s
->stdout_streams
);
1650 if (s
->system_journal
)
1651 journal_file_close(s
->system_journal
);
1653 if (s
->runtime_journal
)
1654 journal_file_close(s
->runtime_journal
);
1656 while ((f
= ordered_hashmap_steal_first(s
->user_journals
)))
1657 journal_file_close(f
);
1659 ordered_hashmap_free(s
->user_journals
);
1661 sd_event_source_unref(s
->syslog_event_source
);
1662 sd_event_source_unref(s
->native_event_source
);
1663 sd_event_source_unref(s
->stdout_event_source
);
1664 sd_event_source_unref(s
->dev_kmsg_event_source
);
1665 sd_event_source_unref(s
->audit_event_source
);
1666 sd_event_source_unref(s
->sync_event_source
);
1667 sd_event_source_unref(s
->sigusr1_event_source
);
1668 sd_event_source_unref(s
->sigusr2_event_source
);
1669 sd_event_source_unref(s
->sigterm_event_source
);
1670 sd_event_source_unref(s
->sigint_event_source
);
1671 sd_event_source_unref(s
->hostname_event_source
);
1672 sd_event_unref(s
->event
);
1674 safe_close(s
->syslog_fd
);
1675 safe_close(s
->native_fd
);
1676 safe_close(s
->stdout_fd
);
1677 safe_close(s
->dev_kmsg_fd
);
1678 safe_close(s
->audit_fd
);
1679 safe_close(s
->hostname_fd
);
1682 journal_rate_limit_free(s
->rate_limit
);
1684 if (s
->kernel_seqnum
)
1685 munmap(s
->kernel_seqnum
, sizeof(uint64_t));
1689 free(s
->cgroup_root
);
1690 free(s
->hostname_field
);
1693 mmap_cache_unref(s
->mmap
);
1696 udev_unref(s
->udev
);