1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2011 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 #include <sys/signalfd.h>
23 #include <sys/ioctl.h>
24 #include <linux/sockios.h>
25 #include <sys/statvfs.h>
30 #include "sd-journal.h"
31 #include "sd-messages.h"
32 #include "sd-daemon.h"
36 #include "journal-file.h"
37 #include "socket-util.h"
38 #include "cgroup-util.h"
40 #include "conf-parser.h"
41 #include "selinux-util.h"
42 #include "journal-internal.h"
43 #include "journal-vacuum.h"
44 #include "journal-authenticate.h"
45 #include "journald-rate-limit.h"
46 #include "journald-kmsg.h"
47 #include "journald-syslog.h"
48 #include "journald-stream.h"
49 #include "journald-native.h"
50 #include "journald-audit.h"
51 #include "journald-server.h"
55 #include <selinux/selinux.h>
58 #define USER_JOURNALS_MAX 1024
60 #define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
61 #define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC)
62 #define DEFAULT_RATE_LIMIT_BURST 1000
63 #define DEFAULT_MAX_FILE_USEC USEC_PER_MONTH
65 #define RECHECK_AVAILABLE_SPACE_USEC (30*USEC_PER_SEC)
67 static const char* const storage_table
[_STORAGE_MAX
] = {
68 [STORAGE_AUTO
] = "auto",
69 [STORAGE_VOLATILE
] = "volatile",
70 [STORAGE_PERSISTENT
] = "persistent",
71 [STORAGE_NONE
] = "none"
74 DEFINE_STRING_TABLE_LOOKUP(storage
, Storage
);
75 DEFINE_CONFIG_PARSE_ENUM(config_parse_storage
, storage
, Storage
, "Failed to parse storage setting");
77 static const char* const split_mode_table
[_SPLIT_MAX
] = {
78 [SPLIT_LOGIN
] = "login",
80 [SPLIT_NONE
] = "none",
83 DEFINE_STRING_TABLE_LOOKUP(split_mode
, SplitMode
);
84 DEFINE_CONFIG_PARSE_ENUM(config_parse_split_mode
, split_mode
, SplitMode
, "Failed to parse split mode setting");
86 static uint64_t available_space(Server
*s
, bool verbose
) {
88 _cleanup_free_
char *p
= NULL
;
91 uint64_t sum
= 0, ss_avail
= 0, avail
= 0;
93 _cleanup_closedir_
DIR *d
= NULL
;
98 ts
= now(CLOCK_MONOTONIC
);
100 if (s
->cached_available_space_timestamp
+ RECHECK_AVAILABLE_SPACE_USEC
> ts
102 return s
->cached_available_space
;
104 r
= sd_id128_get_machine(&machine
);
108 if (s
->system_journal
) {
109 f
= "/var/log/journal/";
110 m
= &s
->system_metrics
;
112 f
= "/run/log/journal/";
113 m
= &s
->runtime_metrics
;
118 p
= strappend(f
, sd_id128_to_string(machine
, ids
));
126 if (fstatvfs(dirfd(d
), &ss
) < 0)
135 if (!de
&& errno
!= 0)
141 if (!endswith(de
->d_name
, ".journal") &&
142 !endswith(de
->d_name
, ".journal~"))
145 if (fstatat(dirfd(d
), de
->d_name
, &st
, AT_SYMLINK_NOFOLLOW
) < 0)
148 if (!S_ISREG(st
.st_mode
))
151 sum
+= (uint64_t) st
.st_blocks
* 512UL;
154 ss_avail
= ss
.f_bsize
* ss
.f_bavail
;
156 /* If we reached a high mark, we will always allow this much
157 * again, unless usage goes above max_use. This watermark
158 * value is cached so that we don't give up space on pressure,
159 * but hover below the maximum usage. */
164 avail
= LESS_BY(ss_avail
, m
->keep_free
);
166 s
->cached_available_space
= LESS_BY(MIN(m
->max_use
, avail
), sum
);
167 s
->cached_available_space_timestamp
= ts
;
170 char fb1
[FORMAT_BYTES_MAX
], fb2
[FORMAT_BYTES_MAX
], fb3
[FORMAT_BYTES_MAX
],
171 fb4
[FORMAT_BYTES_MAX
], fb5
[FORMAT_BYTES_MAX
];
173 server_driver_message(s
, SD_MESSAGE_JOURNAL_USAGE
,
174 "%s journal is using %s (max allowed %s, "
175 "trying to leave %s free of %s available → current limit %s).",
176 s
->system_journal
? "Permanent" : "Runtime",
177 format_bytes(fb1
, sizeof(fb1
), sum
),
178 format_bytes(fb2
, sizeof(fb2
), m
->max_use
),
179 format_bytes(fb3
, sizeof(fb3
), m
->keep_free
),
180 format_bytes(fb4
, sizeof(fb4
), ss_avail
),
181 format_bytes(fb5
, sizeof(fb5
), s
->cached_available_space
+ sum
));
184 return s
->cached_available_space
;
187 void server_fix_perms(Server
*s
, JournalFile
*f
, uid_t uid
) {
192 acl_permset_t permset
;
197 r
= fchmod(f
->fd
, 0640);
199 log_warning_errno(r
, "Failed to fix access mode on %s, ignoring: %m", f
->path
);
202 if (uid
<= SYSTEM_UID_MAX
)
205 acl
= acl_get_fd(f
->fd
);
207 log_warning_errno(errno
, "Failed to read ACL on %s, ignoring: %m", f
->path
);
211 r
= acl_find_uid(acl
, uid
, &entry
);
214 if (acl_create_entry(&acl
, &entry
) < 0 ||
215 acl_set_tag_type(entry
, ACL_USER
) < 0 ||
216 acl_set_qualifier(entry
, &uid
) < 0) {
217 log_warning_errno(errno
, "Failed to patch ACL on %s, ignoring: %m", f
->path
);
222 /* We do not recalculate the mask unconditionally here,
223 * so that the fchmod() mask above stays intact. */
224 if (acl_get_permset(entry
, &permset
) < 0 ||
225 acl_add_perm(permset
, ACL_READ
) < 0 ||
226 calc_acl_mask_if_needed(&acl
) < 0) {
227 log_warning_errno(errno
, "Failed to patch ACL on %s, ignoring: %m", f
->path
);
231 if (acl_set_fd(f
->fd
, acl
) < 0)
232 log_warning_errno(errno
, "Failed to set ACL on %s, ignoring: %m", f
->path
);
239 static JournalFile
* find_journal(Server
*s
, uid_t uid
) {
240 _cleanup_free_
char *p
= NULL
;
247 /* We split up user logs only on /var, not on /run. If the
248 * runtime file is open, we write to it exclusively, in order
249 * to guarantee proper order as soon as we flush /run to
250 * /var and close the runtime file. */
252 if (s
->runtime_journal
)
253 return s
->runtime_journal
;
255 if (uid
<= SYSTEM_UID_MAX
)
256 return s
->system_journal
;
258 r
= sd_id128_get_machine(&machine
);
260 return s
->system_journal
;
262 f
= ordered_hashmap_get(s
->user_journals
, UINT32_TO_PTR(uid
));
266 if (asprintf(&p
, "/var/log/journal/" SD_ID128_FORMAT_STR
"/user-"UID_FMT
".journal",
267 SD_ID128_FORMAT_VAL(machine
), uid
) < 0)
268 return s
->system_journal
;
270 while (ordered_hashmap_size(s
->user_journals
) >= USER_JOURNALS_MAX
) {
271 /* Too many open? Then let's close one */
272 f
= ordered_hashmap_steal_first(s
->user_journals
);
274 journal_file_close(f
);
277 r
= journal_file_open_reliably(p
, O_RDWR
|O_CREAT
, 0640, s
->compress
, s
->seal
, &s
->system_metrics
, s
->mmap
, NULL
, &f
);
279 return s
->system_journal
;
281 server_fix_perms(s
, f
, uid
);
283 r
= ordered_hashmap_put(s
->user_journals
, UINT32_TO_PTR(uid
), f
);
285 journal_file_close(f
);
286 return s
->system_journal
;
292 static int do_rotate(
305 r
= journal_file_rotate(f
, s
->compress
, seal
);
308 log_error_errno(r
, "Failed to rotate %s: %m", (*f
)->path
);
310 log_error_errno(r
, "Failed to create new %s journal: %m", name
);
312 server_fix_perms(s
, *f
, uid
);
317 void server_rotate(Server
*s
) {
323 log_debug("Rotating...");
325 do_rotate(s
, &s
->runtime_journal
, "runtime", false, 0);
326 do_rotate(s
, &s
->system_journal
, "system", s
->seal
, 0);
328 ORDERED_HASHMAP_FOREACH_KEY(f
, k
, s
->user_journals
, i
) {
329 r
= do_rotate(s
, &f
, "user", s
->seal
, PTR_TO_UINT32(k
));
331 ordered_hashmap_replace(s
->user_journals
, k
, f
);
333 /* Old file has been closed and deallocated */
334 ordered_hashmap_remove(s
->user_journals
, k
);
338 void server_sync(Server
*s
) {
344 if (s
->system_journal
) {
345 r
= journal_file_set_offline(s
->system_journal
);
347 log_error_errno(r
, "Failed to sync system journal: %m");
350 ORDERED_HASHMAP_FOREACH_KEY(f
, k
, s
->user_journals
, i
) {
351 r
= journal_file_set_offline(f
);
353 log_error_errno(r
, "Failed to sync user journal: %m");
356 if (s
->sync_event_source
) {
357 r
= sd_event_source_set_enabled(s
->sync_event_source
, SD_EVENT_OFF
);
359 log_error_errno(r
, "Failed to disable sync timer source: %m");
362 s
->sync_scheduled
= false;
365 static void do_vacuum(
370 JournalMetrics
*metrics
) {
378 p
= strjoina(path
, id
);
379 r
= journal_directory_vacuum(p
, metrics
->max_use
, s
->max_retention_usec
, &s
->oldest_file_usec
, false);
380 if (r
< 0 && r
!= -ENOENT
)
381 log_error_errno(r
, "Failed to vacuum %s: %m", p
);
384 void server_vacuum(Server
*s
) {
389 log_debug("Vacuuming...");
391 s
->oldest_file_usec
= 0;
393 r
= sd_id128_get_machine(&machine
);
395 log_error_errno(r
, "Failed to get machine ID: %m");
398 sd_id128_to_string(machine
, ids
);
400 do_vacuum(s
, ids
, s
->system_journal
, "/var/log/journal/", &s
->system_metrics
);
401 do_vacuum(s
, ids
, s
->runtime_journal
, "/run/log/journal/", &s
->runtime_metrics
);
403 s
->cached_available_space_timestamp
= 0;
406 static void server_cache_machine_id(Server
*s
) {
412 r
= sd_id128_get_machine(&id
);
416 sd_id128_to_string(id
, stpcpy(s
->machine_id_field
, "_MACHINE_ID="));
419 static void server_cache_boot_id(Server
*s
) {
425 r
= sd_id128_get_boot(&id
);
429 sd_id128_to_string(id
, stpcpy(s
->boot_id_field
, "_BOOT_ID="));
432 static void server_cache_hostname(Server
*s
) {
433 _cleanup_free_
char *t
= NULL
;
438 t
= gethostname_malloc();
442 x
= strappend("_HOSTNAME=", t
);
446 free(s
->hostname_field
);
447 s
->hostname_field
= x
;
450 static bool shall_try_append_again(JournalFile
*f
, int r
) {
452 /* -E2BIG Hit configured limit
454 -EDQUOT Quota limit hit
456 -EIO I/O error of some kind (mmap)
457 -EHOSTDOWN Other machine
458 -EBUSY Unclean shutdown
459 -EPROTONOSUPPORT Unsupported feature
462 -ESHUTDOWN Already archived
463 -EIDRM Journal file has been deleted */
465 if (r
== -E2BIG
|| r
== -EFBIG
|| r
== -EDQUOT
|| r
== -ENOSPC
)
466 log_debug("%s: Allocation limit reached, rotating.", f
->path
);
467 else if (r
== -EHOSTDOWN
)
468 log_info("%s: Journal file from other machine, rotating.", f
->path
);
469 else if (r
== -EBUSY
)
470 log_info("%s: Unclean shutdown, rotating.", f
->path
);
471 else if (r
== -EPROTONOSUPPORT
)
472 log_info("%s: Unsupported feature, rotating.", f
->path
);
473 else if (r
== -EBADMSG
|| r
== -ENODATA
|| r
== ESHUTDOWN
)
474 log_warning("%s: Journal file corrupted, rotating.", f
->path
);
476 log_warning("%s: IO error, rotating.", f
->path
);
477 else if (r
== -EIDRM
)
478 log_warning("%s: Journal file has been deleted, rotating.", f
->path
);
485 static void write_to_journal(Server
*s
, uid_t uid
, struct iovec
*iovec
, unsigned n
, int priority
) {
487 bool vacuumed
= false;
494 f
= find_journal(s
, uid
);
498 if (journal_file_rotate_suggested(f
, s
->max_file_usec
)) {
499 log_debug("%s: Journal header limits reached or header out-of-date, rotating.", f
->path
);
504 f
= find_journal(s
, uid
);
509 r
= journal_file_append_entry(f
, NULL
, iovec
, n
, &s
->seqnum
, NULL
, NULL
);
511 server_schedule_sync(s
, priority
);
515 if (vacuumed
|| !shall_try_append_again(f
, r
)) {
516 log_error_errno(r
, "Failed to write entry (%d items, %zu bytes), ignoring: %m", n
, IOVEC_TOTAL_SIZE(iovec
, n
));
523 f
= find_journal(s
, uid
);
527 log_debug("Retrying write.");
528 r
= journal_file_append_entry(f
, NULL
, iovec
, n
, &s
->seqnum
, NULL
, NULL
);
530 log_error_errno(r
, "Failed to write entry (%d items, %zu bytes) despite vacuuming, ignoring: %m", n
, IOVEC_TOTAL_SIZE(iovec
, n
));
532 server_schedule_sync(s
, priority
);
535 static void dispatch_message_real(
537 struct iovec
*iovec
, unsigned n
, unsigned m
,
538 const struct ucred
*ucred
,
539 const struct timeval
*tv
,
540 const char *label
, size_t label_len
,
545 char pid
[sizeof("_PID=") + DECIMAL_STR_MAX(pid_t
)],
546 uid
[sizeof("_UID=") + DECIMAL_STR_MAX(uid_t
)],
547 gid
[sizeof("_GID=") + DECIMAL_STR_MAX(gid_t
)],
548 owner_uid
[sizeof("_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t
)],
549 source_time
[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t
)],
550 o_uid
[sizeof("OBJECT_UID=") + DECIMAL_STR_MAX(uid_t
)],
551 o_gid
[sizeof("OBJECT_GID=") + DECIMAL_STR_MAX(gid_t
)],
552 o_owner_uid
[sizeof("OBJECT_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t
)];
558 uid_t realuid
= 0, owner
= 0, journal_uid
;
559 bool owner_valid
= false;
561 char audit_session
[sizeof("_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
562 audit_loginuid
[sizeof("_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t
)],
563 o_audit_session
[sizeof("OBJECT_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
564 o_audit_loginuid
[sizeof("OBJECT_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t
)];
573 assert(n
+ N_IOVEC_META_FIELDS
+ (object_pid
? N_IOVEC_OBJECT_FIELDS
: 0) <= m
);
576 realuid
= ucred
->uid
;
578 sprintf(pid
, "_PID="PID_FMT
, ucred
->pid
);
579 IOVEC_SET_STRING(iovec
[n
++], pid
);
581 sprintf(uid
, "_UID="UID_FMT
, ucred
->uid
);
582 IOVEC_SET_STRING(iovec
[n
++], uid
);
584 sprintf(gid
, "_GID="GID_FMT
, ucred
->gid
);
585 IOVEC_SET_STRING(iovec
[n
++], gid
);
587 r
= get_process_comm(ucred
->pid
, &t
);
589 x
= strjoina("_COMM=", t
);
591 IOVEC_SET_STRING(iovec
[n
++], x
);
594 r
= get_process_exe(ucred
->pid
, &t
);
596 x
= strjoina("_EXE=", t
);
598 IOVEC_SET_STRING(iovec
[n
++], x
);
601 r
= get_process_cmdline(ucred
->pid
, 0, false, &t
);
603 x
= strjoina("_CMDLINE=", t
);
605 IOVEC_SET_STRING(iovec
[n
++], x
);
608 r
= get_process_capeff(ucred
->pid
, &t
);
610 x
= strjoina("_CAP_EFFECTIVE=", t
);
612 IOVEC_SET_STRING(iovec
[n
++], x
);
616 r
= audit_session_from_pid(ucred
->pid
, &audit
);
618 sprintf(audit_session
, "_AUDIT_SESSION=%"PRIu32
, audit
);
619 IOVEC_SET_STRING(iovec
[n
++], audit_session
);
622 r
= audit_loginuid_from_pid(ucred
->pid
, &loginuid
);
624 sprintf(audit_loginuid
, "_AUDIT_LOGINUID="UID_FMT
, loginuid
);
625 IOVEC_SET_STRING(iovec
[n
++], audit_loginuid
);
629 r
= cg_pid_get_path_shifted(ucred
->pid
, s
->cgroup_root
, &c
);
631 char *session
= NULL
;
633 x
= strjoina("_SYSTEMD_CGROUP=", c
);
634 IOVEC_SET_STRING(iovec
[n
++], x
);
636 r
= cg_path_get_session(c
, &t
);
638 session
= strjoina("_SYSTEMD_SESSION=", t
);
640 IOVEC_SET_STRING(iovec
[n
++], session
);
643 if (cg_path_get_owner_uid(c
, &owner
) >= 0) {
646 sprintf(owner_uid
, "_SYSTEMD_OWNER_UID="UID_FMT
, owner
);
647 IOVEC_SET_STRING(iovec
[n
++], owner_uid
);
650 if (cg_path_get_unit(c
, &t
) >= 0) {
651 x
= strjoina("_SYSTEMD_UNIT=", t
);
653 IOVEC_SET_STRING(iovec
[n
++], x
);
654 } else if (unit_id
&& !session
) {
655 x
= strjoina("_SYSTEMD_UNIT=", unit_id
);
656 IOVEC_SET_STRING(iovec
[n
++], x
);
659 if (cg_path_get_user_unit(c
, &t
) >= 0) {
660 x
= strjoina("_SYSTEMD_USER_UNIT=", t
);
662 IOVEC_SET_STRING(iovec
[n
++], x
);
663 } else if (unit_id
&& session
) {
664 x
= strjoina("_SYSTEMD_USER_UNIT=", unit_id
);
665 IOVEC_SET_STRING(iovec
[n
++], x
);
668 if (cg_path_get_slice(c
, &t
) >= 0) {
669 x
= strjoina("_SYSTEMD_SLICE=", t
);
671 IOVEC_SET_STRING(iovec
[n
++], x
);
675 } else if (unit_id
) {
676 x
= strjoina("_SYSTEMD_UNIT=", unit_id
);
677 IOVEC_SET_STRING(iovec
[n
++], x
);
681 if (mac_selinux_use()) {
683 x
= alloca(strlen("_SELINUX_CONTEXT=") + label_len
+ 1);
685 *((char*) mempcpy(stpcpy(x
, "_SELINUX_CONTEXT="), label
, label_len
)) = 0;
686 IOVEC_SET_STRING(iovec
[n
++], x
);
688 security_context_t con
;
690 if (getpidcon(ucred
->pid
, &con
) >= 0) {
691 x
= strjoina("_SELINUX_CONTEXT=", con
);
694 IOVEC_SET_STRING(iovec
[n
++], x
);
703 r
= get_process_uid(object_pid
, &object_uid
);
705 sprintf(o_uid
, "OBJECT_UID="UID_FMT
, object_uid
);
706 IOVEC_SET_STRING(iovec
[n
++], o_uid
);
709 r
= get_process_gid(object_pid
, &object_gid
);
711 sprintf(o_gid
, "OBJECT_GID="GID_FMT
, object_gid
);
712 IOVEC_SET_STRING(iovec
[n
++], o_gid
);
715 r
= get_process_comm(object_pid
, &t
);
717 x
= strjoina("OBJECT_COMM=", t
);
719 IOVEC_SET_STRING(iovec
[n
++], x
);
722 r
= get_process_exe(object_pid
, &t
);
724 x
= strjoina("OBJECT_EXE=", t
);
726 IOVEC_SET_STRING(iovec
[n
++], x
);
729 r
= get_process_cmdline(object_pid
, 0, false, &t
);
731 x
= strjoina("OBJECT_CMDLINE=", t
);
733 IOVEC_SET_STRING(iovec
[n
++], x
);
737 r
= audit_session_from_pid(object_pid
, &audit
);
739 sprintf(o_audit_session
, "OBJECT_AUDIT_SESSION=%"PRIu32
, audit
);
740 IOVEC_SET_STRING(iovec
[n
++], o_audit_session
);
743 r
= audit_loginuid_from_pid(object_pid
, &loginuid
);
745 sprintf(o_audit_loginuid
, "OBJECT_AUDIT_LOGINUID="UID_FMT
, loginuid
);
746 IOVEC_SET_STRING(iovec
[n
++], o_audit_loginuid
);
750 r
= cg_pid_get_path_shifted(object_pid
, s
->cgroup_root
, &c
);
752 x
= strjoina("OBJECT_SYSTEMD_CGROUP=", c
);
753 IOVEC_SET_STRING(iovec
[n
++], x
);
755 r
= cg_path_get_session(c
, &t
);
757 x
= strjoina("OBJECT_SYSTEMD_SESSION=", t
);
759 IOVEC_SET_STRING(iovec
[n
++], x
);
762 if (cg_path_get_owner_uid(c
, &owner
) >= 0) {
763 sprintf(o_owner_uid
, "OBJECT_SYSTEMD_OWNER_UID="UID_FMT
, owner
);
764 IOVEC_SET_STRING(iovec
[n
++], o_owner_uid
);
767 if (cg_path_get_unit(c
, &t
) >= 0) {
768 x
= strjoina("OBJECT_SYSTEMD_UNIT=", t
);
770 IOVEC_SET_STRING(iovec
[n
++], x
);
773 if (cg_path_get_user_unit(c
, &t
) >= 0) {
774 x
= strjoina("OBJECT_SYSTEMD_USER_UNIT=", t
);
776 IOVEC_SET_STRING(iovec
[n
++], x
);
785 sprintf(source_time
, "_SOURCE_REALTIME_TIMESTAMP=%llu", (unsigned long long) timeval_load(tv
));
786 IOVEC_SET_STRING(iovec
[n
++], source_time
);
789 /* Note that strictly speaking storing the boot id here is
790 * redundant since the entry includes this in-line
791 * anyway. However, we need this indexed, too. */
792 if (!isempty(s
->boot_id_field
))
793 IOVEC_SET_STRING(iovec
[n
++], s
->boot_id_field
);
795 if (!isempty(s
->machine_id_field
))
796 IOVEC_SET_STRING(iovec
[n
++], s
->machine_id_field
);
798 if (!isempty(s
->hostname_field
))
799 IOVEC_SET_STRING(iovec
[n
++], s
->hostname_field
);
803 if (s
->split_mode
== SPLIT_UID
&& realuid
> 0)
804 /* Split up strictly by any UID */
805 journal_uid
= realuid
;
806 else if (s
->split_mode
== SPLIT_LOGIN
&& realuid
> 0 && owner_valid
&& owner
> 0)
807 /* Split up by login UIDs. We do this only if the
808 * realuid is not root, in order not to accidentally
809 * leak privileged information to the user that is
810 * logged by a privileged process that is part of an
811 * unprivileged session. */
816 write_to_journal(s
, journal_uid
, iovec
, n
, priority
);
819 void server_driver_message(Server
*s
, sd_id128_t message_id
, const char *format
, ...) {
820 char mid
[11 + 32 + 1];
821 char buffer
[16 + LINE_MAX
+ 1];
822 struct iovec iovec
[N_IOVEC_META_FIELDS
+ 4];
825 struct ucred ucred
= {};
830 IOVEC_SET_STRING(iovec
[n
++], "PRIORITY=6");
831 IOVEC_SET_STRING(iovec
[n
++], "_TRANSPORT=driver");
833 memcpy(buffer
, "MESSAGE=", 8);
834 va_start(ap
, format
);
835 vsnprintf(buffer
+ 8, sizeof(buffer
) - 8, format
, ap
);
837 IOVEC_SET_STRING(iovec
[n
++], buffer
);
839 if (!sd_id128_equal(message_id
, SD_ID128_NULL
)) {
840 snprintf(mid
, sizeof(mid
), LOG_MESSAGE_ID(message_id
));
841 IOVEC_SET_STRING(iovec
[n
++], mid
);
844 ucred
.pid
= getpid();
845 ucred
.uid
= getuid();
846 ucred
.gid
= getgid();
848 dispatch_message_real(s
, iovec
, n
, ELEMENTSOF(iovec
), &ucred
, NULL
, NULL
, 0, NULL
, LOG_INFO
, 0);
851 void server_dispatch_message(
853 struct iovec
*iovec
, unsigned n
, unsigned m
,
854 const struct ucred
*ucred
,
855 const struct timeval
*tv
,
856 const char *label
, size_t label_len
,
862 _cleanup_free_
char *path
= NULL
;
866 assert(iovec
|| n
== 0);
871 if (LOG_PRI(priority
) > s
->max_level_store
)
874 /* Stop early in case the information will not be stored
876 if (s
->storage
== STORAGE_NONE
)
882 r
= cg_pid_get_path_shifted(ucred
->pid
, s
->cgroup_root
, &path
);
886 /* example: /user/lennart/3/foobar
887 * /system/dbus.service/foobar
889 * So let's cut of everything past the third /, since that is
890 * where user directories start */
892 c
= strchr(path
, '/');
894 c
= strchr(c
+1, '/');
896 c
= strchr(c
+1, '/');
902 rl
= journal_rate_limit_test(s
->rate_limit
, path
,
903 priority
& LOG_PRIMASK
, available_space(s
, false));
908 /* Write a suppression message if we suppressed something */
910 server_driver_message(s
, SD_MESSAGE_JOURNAL_DROPPED
,
911 "Suppressed %u messages from %s", rl
- 1, path
);
914 dispatch_message_real(s
, iovec
, n
, m
, ucred
, tv
, label
, label_len
, unit_id
, priority
, object_pid
);
918 static int system_journal_open(Server
*s
, bool flush_requested
) {
924 r
= sd_id128_get_machine(&machine
);
926 return log_error_errno(r
, "Failed to get machine id: %m");
928 sd_id128_to_string(machine
, ids
);
930 if (!s
->system_journal
&&
931 (s
->storage
== STORAGE_PERSISTENT
|| s
->storage
== STORAGE_AUTO
) &&
933 || access("/run/systemd/journal/flushed", F_OK
) >= 0)) {
935 /* If in auto mode: first try to create the machine
936 * path, but not the prefix.
938 * If in persistent mode: create /var/log/journal and
939 * the machine path */
941 if (s
->storage
== STORAGE_PERSISTENT
)
942 (void) mkdir("/var/log/journal/", 0755);
944 fn
= strjoina("/var/log/journal/", ids
);
945 (void) mkdir(fn
, 0755);
947 fn
= strjoina(fn
, "/system.journal");
948 r
= journal_file_open_reliably(fn
, O_RDWR
|O_CREAT
, 0640, s
->compress
, s
->seal
, &s
->system_metrics
, s
->mmap
, NULL
, &s
->system_journal
);
951 server_fix_perms(s
, s
->system_journal
, 0);
953 if (r
!= -ENOENT
&& r
!= -EROFS
)
954 log_warning_errno(r
, "Failed to open system journal: %m");
960 if (!s
->runtime_journal
&&
961 (s
->storage
!= STORAGE_NONE
)) {
963 fn
= strjoin("/run/log/journal/", ids
, "/system.journal", NULL
);
967 if (s
->system_journal
) {
969 /* Try to open the runtime journal, but only
970 * if it already exists, so that we can flush
971 * it into the system journal */
973 r
= journal_file_open(fn
, O_RDWR
, 0640, s
->compress
, false, &s
->runtime_metrics
, s
->mmap
, NULL
, &s
->runtime_journal
);
978 log_warning_errno(r
, "Failed to open runtime journal: %m");
985 /* OK, we really need the runtime journal, so create
986 * it if necessary. */
988 (void) mkdir("/run/log", 0755);
989 (void) mkdir("/run/log/journal", 0755);
990 (void) mkdir_parents(fn
, 0750);
992 r
= journal_file_open_reliably(fn
, O_RDWR
|O_CREAT
, 0640, s
->compress
, false, &s
->runtime_metrics
, s
->mmap
, NULL
, &s
->runtime_journal
);
996 return log_error_errno(r
, "Failed to open runtime journal: %m");
999 if (s
->runtime_journal
)
1000 server_fix_perms(s
, s
->runtime_journal
, 0);
1003 available_space(s
, true);
1008 int server_flush_to_var(Server
*s
) {
1010 sd_journal
*j
= NULL
;
1011 char ts
[FORMAT_TIMESPAN_MAX
];
1018 if (s
->storage
!= STORAGE_AUTO
&&
1019 s
->storage
!= STORAGE_PERSISTENT
)
1022 if (!s
->runtime_journal
)
1025 system_journal_open(s
, true);
1027 if (!s
->system_journal
)
1030 log_debug("Flushing to /var...");
1032 start
= now(CLOCK_MONOTONIC
);
1034 r
= sd_id128_get_machine(&machine
);
1038 r
= sd_journal_open(&j
, SD_JOURNAL_RUNTIME_ONLY
);
1040 return log_error_errno(r
, "Failed to read runtime journal: %m");
1042 sd_journal_set_data_threshold(j
, 0);
1044 SD_JOURNAL_FOREACH(j
) {
1048 f
= j
->current_file
;
1049 assert(f
&& f
->current_offset
> 0);
1053 r
= journal_file_move_to_object(f
, OBJECT_ENTRY
, f
->current_offset
, &o
);
1055 log_error_errno(r
, "Can't read entry: %m");
1059 r
= journal_file_copy_entry(f
, s
->system_journal
, o
, f
->current_offset
, NULL
, NULL
, NULL
);
1063 if (!shall_try_append_again(s
->system_journal
, r
)) {
1064 log_error_errno(r
, "Can't write entry: %m");
1071 if (!s
->system_journal
) {
1072 log_notice("Didn't flush runtime journal since rotation of system journal wasn't successful.");
1077 log_debug("Retrying write.");
1078 r
= journal_file_copy_entry(f
, s
->system_journal
, o
, f
->current_offset
, NULL
, NULL
, NULL
);
1080 log_error_errno(r
, "Can't write entry: %m");
1086 journal_file_post_change(s
->system_journal
);
1088 journal_file_close(s
->runtime_journal
);
1089 s
->runtime_journal
= NULL
;
1092 (void) rm_rf("/run/log/journal", REMOVE_ROOT
);
1094 sd_journal_close(j
);
1096 server_driver_message(s
, SD_ID128_NULL
, "Time spent on flushing to /var is %s for %u entries.", format_timespan(ts
, sizeof(ts
), now(CLOCK_MONOTONIC
) - start
, 0), n
);
1101 int server_process_datagram(sd_event_source
*es
, int fd
, uint32_t revents
, void *userdata
) {
1102 Server
*s
= userdata
;
1105 assert(fd
== s
->native_fd
|| fd
== s
->syslog_fd
|| fd
== s
->audit_fd
);
1107 if (revents
!= EPOLLIN
) {
1108 log_error("Got invalid event from epoll for datagram fd: %"PRIx32
, revents
);
1113 struct ucred
*ucred
= NULL
;
1114 struct timeval
*tv
= NULL
;
1115 struct cmsghdr
*cmsg
;
1117 size_t label_len
= 0;
1121 struct cmsghdr cmsghdr
;
1123 /* We use NAME_MAX space for the SELinux label
1124 * here. The kernel currently enforces no
1125 * limit, but according to suggestions from
1126 * the SELinux people this will change and it
1127 * will probably be identical to NAME_MAX. For
1128 * now we use that, but this should be updated
1129 * one day when the final limit is known. */
1130 uint8_t buf
[CMSG_SPACE(sizeof(struct ucred
)) +
1131 CMSG_SPACE(sizeof(struct timeval
)) +
1132 CMSG_SPACE(sizeof(int)) + /* fd */
1133 CMSG_SPACE(NAME_MAX
)]; /* selinux label */
1135 union sockaddr_union sa
= {};
1136 struct msghdr msghdr
= {
1139 .msg_control
= &control
,
1140 .msg_controllen
= sizeof(control
),
1142 .msg_namelen
= sizeof(sa
),
1151 /* Try to get the right size, if we can. (Not all
1152 * sockets support SIOCINQ, hence we just try, but
1153 * don't rely on it. */
1154 (void) ioctl(fd
, SIOCINQ
, &v
);
1156 /* Fix it up, if it is too small. We use the same fixed value as auditd here. Awful! */
1157 m
= PAGE_ALIGN(MAX3((size_t) v
+ 1,
1159 ALIGN(sizeof(struct nlmsghdr
)) + ALIGN((size_t) MAX_AUDIT_MESSAGE_LENGTH
)) + 1);
1161 if (!GREEDY_REALLOC(s
->buffer
, s
->buffer_size
, m
))
1164 iovec
.iov_base
= s
->buffer
;
1165 iovec
.iov_len
= s
->buffer_size
- 1; /* Leave room for trailing NUL we add later */
1167 n
= recvmsg(fd
, &msghdr
, MSG_DONTWAIT
|MSG_CMSG_CLOEXEC
);
1169 if (errno
== EINTR
|| errno
== EAGAIN
)
1172 log_error_errno(errno
, "recvmsg() failed: %m");
1176 for (cmsg
= CMSG_FIRSTHDR(&msghdr
); cmsg
; cmsg
= CMSG_NXTHDR(&msghdr
, cmsg
)) {
1178 if (cmsg
->cmsg_level
== SOL_SOCKET
&&
1179 cmsg
->cmsg_type
== SCM_CREDENTIALS
&&
1180 cmsg
->cmsg_len
== CMSG_LEN(sizeof(struct ucred
)))
1181 ucred
= (struct ucred
*) CMSG_DATA(cmsg
);
1182 else if (cmsg
->cmsg_level
== SOL_SOCKET
&&
1183 cmsg
->cmsg_type
== SCM_SECURITY
) {
1184 label
= (char*) CMSG_DATA(cmsg
);
1185 label_len
= cmsg
->cmsg_len
- CMSG_LEN(0);
1186 } else if (cmsg
->cmsg_level
== SOL_SOCKET
&&
1187 cmsg
->cmsg_type
== SO_TIMESTAMP
&&
1188 cmsg
->cmsg_len
== CMSG_LEN(sizeof(struct timeval
)))
1189 tv
= (struct timeval
*) CMSG_DATA(cmsg
);
1190 else if (cmsg
->cmsg_level
== SOL_SOCKET
&&
1191 cmsg
->cmsg_type
== SCM_RIGHTS
) {
1192 fds
= (int*) CMSG_DATA(cmsg
);
1193 n_fds
= (cmsg
->cmsg_len
- CMSG_LEN(0)) / sizeof(int);
1197 /* And a trailing NUL, just in case */
1200 if (fd
== s
->syslog_fd
) {
1201 if (n
> 0 && n_fds
== 0)
1202 server_process_syslog_message(s
, strstrip(s
->buffer
), ucred
, tv
, label
, label_len
);
1204 log_warning("Got file descriptors via syslog socket. Ignoring.");
1206 } else if (fd
== s
->native_fd
) {
1207 if (n
> 0 && n_fds
== 0)
1208 server_process_native_message(s
, s
->buffer
, n
, ucred
, tv
, label
, label_len
);
1209 else if (n
== 0 && n_fds
== 1)
1210 server_process_native_file(s
, fds
[0], ucred
, tv
, label
, label_len
);
1212 log_warning("Got too many file descriptors via native socket. Ignoring.");
1215 assert(fd
== s
->audit_fd
);
1217 if (n
> 0 && n_fds
== 0)
1218 server_process_audit_message(s
, s
->buffer
, n
, ucred
, &sa
, msghdr
.msg_namelen
);
1220 log_warning("Got file descriptors via audit socket. Ignoring.");
1223 close_many(fds
, n_fds
);
1227 static int dispatch_sigusr1(sd_event_source
*es
, const struct signalfd_siginfo
*si
, void *userdata
) {
1228 Server
*s
= userdata
;
1232 log_info("Received request to flush runtime journal from PID %"PRIu32
, si
->ssi_pid
);
1234 server_flush_to_var(s
);
1238 touch("/run/systemd/journal/flushed");
1243 static int dispatch_sigusr2(sd_event_source
*es
, const struct signalfd_siginfo
*si
, void *userdata
) {
1244 Server
*s
= userdata
;
1248 log_info("Received request to rotate journal from PID %"PRIu32
, si
->ssi_pid
);
1255 static int dispatch_sigterm(sd_event_source
*es
, const struct signalfd_siginfo
*si
, void *userdata
) {
1256 Server
*s
= userdata
;
1260 log_received_signal(LOG_INFO
, si
);
1262 sd_event_exit(s
->event
, 0);
1266 static int setup_signals(Server
*s
) {
1272 assert_se(sigemptyset(&mask
) == 0);
1273 sigset_add_many(&mask
, SIGINT
, SIGTERM
, SIGUSR1
, SIGUSR2
, -1);
1274 assert_se(sigprocmask(SIG_SETMASK
, &mask
, NULL
) == 0);
1276 r
= sd_event_add_signal(s
->event
, &s
->sigusr1_event_source
, SIGUSR1
, dispatch_sigusr1
, s
);
1280 r
= sd_event_add_signal(s
->event
, &s
->sigusr2_event_source
, SIGUSR2
, dispatch_sigusr2
, s
);
1284 r
= sd_event_add_signal(s
->event
, &s
->sigterm_event_source
, SIGTERM
, dispatch_sigterm
, s
);
1288 r
= sd_event_add_signal(s
->event
, &s
->sigint_event_source
, SIGINT
, dispatch_sigterm
, s
);
1295 static int server_parse_proc_cmdline(Server
*s
) {
1296 _cleanup_free_
char *line
= NULL
;
1297 const char *w
, *state
;
1301 r
= proc_cmdline(&line
);
1303 log_warning_errno(r
, "Failed to read /proc/cmdline, ignoring: %m");
1307 FOREACH_WORD_QUOTED(w
, l
, line
, state
) {
1308 _cleanup_free_
char *word
;
1310 word
= strndup(w
, l
);
1314 if (startswith(word
, "systemd.journald.forward_to_syslog=")) {
1315 r
= parse_boolean(word
+ 35);
1317 log_warning("Failed to parse forward to syslog switch %s. Ignoring.", word
+ 35);
1319 s
->forward_to_syslog
= r
;
1320 } else if (startswith(word
, "systemd.journald.forward_to_kmsg=")) {
1321 r
= parse_boolean(word
+ 33);
1323 log_warning("Failed to parse forward to kmsg switch %s. Ignoring.", word
+ 33);
1325 s
->forward_to_kmsg
= r
;
1326 } else if (startswith(word
, "systemd.journald.forward_to_console=")) {
1327 r
= parse_boolean(word
+ 36);
1329 log_warning("Failed to parse forward to console switch %s. Ignoring.", word
+ 36);
1331 s
->forward_to_console
= r
;
1332 } else if (startswith(word
, "systemd.journald.forward_to_wall=")) {
1333 r
= parse_boolean(word
+ 33);
1335 log_warning("Failed to parse forward to wall switch %s. Ignoring.", word
+ 33);
1337 s
->forward_to_wall
= r
;
1338 } else if (startswith(word
, "systemd.journald"))
1339 log_warning("Invalid systemd.journald parameter. Ignoring.");
1341 /* do not warn about state here, since probably systemd already did */
1346 static int server_parse_config_file(Server
*s
) {
1349 return config_parse_many("/etc/systemd/journald.conf",
1350 CONF_DIRS_NULSTR("systemd/journald.conf"),
1352 config_item_perf_lookup
, journald_gperf_lookup
,
1356 static int server_dispatch_sync(sd_event_source
*es
, usec_t t
, void *userdata
) {
1357 Server
*s
= userdata
;
1365 int server_schedule_sync(Server
*s
, int priority
) {
1370 if (priority
<= LOG_CRIT
) {
1371 /* Immediately sync to disk when this is of priority CRIT, ALERT, EMERG */
1376 if (s
->sync_scheduled
)
1379 if (s
->sync_interval_usec
> 0) {
1382 r
= sd_event_now(s
->event
, CLOCK_MONOTONIC
, &when
);
1386 when
+= s
->sync_interval_usec
;
1388 if (!s
->sync_event_source
) {
1389 r
= sd_event_add_time(
1391 &s
->sync_event_source
,
1394 server_dispatch_sync
, s
);
1398 r
= sd_event_source_set_priority(s
->sync_event_source
, SD_EVENT_PRIORITY_IMPORTANT
);
1400 r
= sd_event_source_set_time(s
->sync_event_source
, when
);
1404 r
= sd_event_source_set_enabled(s
->sync_event_source
, SD_EVENT_ONESHOT
);
1409 s
->sync_scheduled
= true;
1415 static int dispatch_hostname_change(sd_event_source
*es
, int fd
, uint32_t revents
, void *userdata
) {
1416 Server
*s
= userdata
;
1420 server_cache_hostname(s
);
1424 static int server_open_hostname(Server
*s
) {
1429 s
->hostname_fd
= open("/proc/sys/kernel/hostname", O_RDONLY
|O_CLOEXEC
|O_NDELAY
|O_NOCTTY
);
1430 if (s
->hostname_fd
< 0)
1431 return log_error_errno(errno
, "Failed to open /proc/sys/kernel/hostname: %m");
1433 r
= sd_event_add_io(s
->event
, &s
->hostname_event_source
, s
->hostname_fd
, 0, dispatch_hostname_change
, s
);
1435 /* kernels prior to 3.2 don't support polling this file. Ignore
1438 log_warning("Failed to register hostname fd in event loop: %s. Ignoring.",
1440 s
->hostname_fd
= safe_close(s
->hostname_fd
);
1444 return log_error_errno(r
, "Failed to register hostname fd in event loop: %m");
1447 r
= sd_event_source_set_priority(s
->hostname_event_source
, SD_EVENT_PRIORITY_IMPORTANT
-10);
1449 return log_error_errno(r
, "Failed to adjust priority of host name event source: %m");
1454 int server_init(Server
*s
) {
1455 _cleanup_fdset_free_ FDSet
*fds
= NULL
;
1461 s
->syslog_fd
= s
->native_fd
= s
->stdout_fd
= s
->dev_kmsg_fd
= s
->audit_fd
= s
->hostname_fd
= -1;
1465 s
->sync_interval_usec
= DEFAULT_SYNC_INTERVAL_USEC
;
1466 s
->sync_scheduled
= false;
1468 s
->rate_limit_interval
= DEFAULT_RATE_LIMIT_INTERVAL
;
1469 s
->rate_limit_burst
= DEFAULT_RATE_LIMIT_BURST
;
1471 s
->forward_to_wall
= true;
1473 s
->max_file_usec
= DEFAULT_MAX_FILE_USEC
;
1475 s
->max_level_store
= LOG_DEBUG
;
1476 s
->max_level_syslog
= LOG_DEBUG
;
1477 s
->max_level_kmsg
= LOG_NOTICE
;
1478 s
->max_level_console
= LOG_INFO
;
1479 s
->max_level_wall
= LOG_EMERG
;
1481 memset(&s
->system_metrics
, 0xFF, sizeof(s
->system_metrics
));
1482 memset(&s
->runtime_metrics
, 0xFF, sizeof(s
->runtime_metrics
));
1484 server_parse_config_file(s
);
1485 server_parse_proc_cmdline(s
);
1486 if (!!s
->rate_limit_interval
^ !!s
->rate_limit_burst
) {
1487 log_debug("Setting both rate limit interval and burst from "USEC_FMT
",%u to 0,0",
1488 s
->rate_limit_interval
, s
->rate_limit_burst
);
1489 s
->rate_limit_interval
= s
->rate_limit_burst
= 0;
1492 mkdir_p("/run/systemd/journal", 0755);
1494 s
->user_journals
= ordered_hashmap_new(NULL
);
1495 if (!s
->user_journals
)
1498 s
->mmap
= mmap_cache_new();
1502 r
= sd_event_default(&s
->event
);
1504 return log_error_errno(r
, "Failed to create event loop: %m");
1506 sd_event_set_watchdog(s
->event
, true);
1508 n
= sd_listen_fds(true);
1510 return log_error_errno(n
, "Failed to read listening file descriptors from environment: %m");
1512 for (fd
= SD_LISTEN_FDS_START
; fd
< SD_LISTEN_FDS_START
+ n
; fd
++) {
1514 if (sd_is_socket_unix(fd
, SOCK_DGRAM
, -1, "/run/systemd/journal/socket", 0) > 0) {
1516 if (s
->native_fd
>= 0) {
1517 log_error("Too many native sockets passed.");
1523 } else if (sd_is_socket_unix(fd
, SOCK_STREAM
, 1, "/run/systemd/journal/stdout", 0) > 0) {
1525 if (s
->stdout_fd
>= 0) {
1526 log_error("Too many stdout sockets passed.");
1532 } else if (sd_is_socket_unix(fd
, SOCK_DGRAM
, -1, "/dev/log", 0) > 0 ||
1533 sd_is_socket_unix(fd
, SOCK_DGRAM
, -1, "/run/systemd/journal/dev-log", 0) > 0) {
1535 if (s
->syslog_fd
>= 0) {
1536 log_error("Too many /dev/log sockets passed.");
1542 } else if (sd_is_socket(fd
, AF_NETLINK
, SOCK_RAW
, -1) > 0) {
1544 if (s
->audit_fd
>= 0) {
1545 log_error("Too many audit sockets passed.");
1559 r
= fdset_put(fds
, fd
);
1565 r
= server_open_stdout_socket(s
, fds
);
1569 if (fdset_size(fds
) > 0) {
1570 log_warning("%u unknown file descriptors passed, closing.", fdset_size(fds
));
1571 fds
= fdset_free(fds
);
1574 r
= server_open_syslog_socket(s
);
1578 r
= server_open_native_socket(s
);
1582 r
= server_open_dev_kmsg(s
);
1586 r
= server_open_audit(s
);
1590 r
= server_open_kernel_seqnum(s
);
1594 r
= server_open_hostname(s
);
1598 r
= setup_signals(s
);
1602 s
->udev
= udev_new();
1606 s
->rate_limit
= journal_rate_limit_new(s
->rate_limit_interval
, s
->rate_limit_burst
);
1610 r
= cg_get_root_path(&s
->cgroup_root
);
1614 server_cache_hostname(s
);
1615 server_cache_boot_id(s
);
1616 server_cache_machine_id(s
);
1618 r
= system_journal_open(s
, false);
1625 void server_maybe_append_tags(Server
*s
) {
1631 n
= now(CLOCK_REALTIME
);
1633 if (s
->system_journal
)
1634 journal_file_maybe_append_tag(s
->system_journal
, n
);
1636 ORDERED_HASHMAP_FOREACH(f
, s
->user_journals
, i
)
1637 journal_file_maybe_append_tag(f
, n
);
1641 void server_done(Server
*s
) {
1645 while (s
->stdout_streams
)
1646 stdout_stream_free(s
->stdout_streams
);
1648 if (s
->system_journal
)
1649 journal_file_close(s
->system_journal
);
1651 if (s
->runtime_journal
)
1652 journal_file_close(s
->runtime_journal
);
1654 while ((f
= ordered_hashmap_steal_first(s
->user_journals
)))
1655 journal_file_close(f
);
1657 ordered_hashmap_free(s
->user_journals
);
1659 sd_event_source_unref(s
->syslog_event_source
);
1660 sd_event_source_unref(s
->native_event_source
);
1661 sd_event_source_unref(s
->stdout_event_source
);
1662 sd_event_source_unref(s
->dev_kmsg_event_source
);
1663 sd_event_source_unref(s
->audit_event_source
);
1664 sd_event_source_unref(s
->sync_event_source
);
1665 sd_event_source_unref(s
->sigusr1_event_source
);
1666 sd_event_source_unref(s
->sigusr2_event_source
);
1667 sd_event_source_unref(s
->sigterm_event_source
);
1668 sd_event_source_unref(s
->sigint_event_source
);
1669 sd_event_source_unref(s
->hostname_event_source
);
1670 sd_event_unref(s
->event
);
1672 safe_close(s
->syslog_fd
);
1673 safe_close(s
->native_fd
);
1674 safe_close(s
->stdout_fd
);
1675 safe_close(s
->dev_kmsg_fd
);
1676 safe_close(s
->audit_fd
);
1677 safe_close(s
->hostname_fd
);
1680 journal_rate_limit_free(s
->rate_limit
);
1682 if (s
->kernel_seqnum
)
1683 munmap(s
->kernel_seqnum
, sizeof(uint64_t));
1687 free(s
->cgroup_root
);
1688 free(s
->hostname_field
);
1691 mmap_cache_unref(s
->mmap
);
1694 udev_unref(s
->udev
);