]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/journal/journald-server.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bug #944: Deletion of unnecessary checks before a few calls of systemd functions
[thirdparty/systemd.git] / src / journal / journald-server.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2011 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <sys/signalfd.h>
23 #include <sys/ioctl.h>
24 #include <linux/sockios.h>
25 #include <sys/statvfs.h>
26 #include <sys/mman.h>
27
28 #ifdef HAVE_SELINUX
29 #include <selinux/selinux.h>
30 #endif
31
32 #include <libudev.h>
33
34 #include "sd-journal.h"
35 #include "sd-messages.h"
36 #include "sd-daemon.h"
37 #include "mkdir.h"
38 #include "rm-rf.h"
39 #include "hashmap.h"
40 #include "journal-file.h"
41 #include "socket-util.h"
42 #include "cgroup-util.h"
43 #include "missing.h"
44 #include "conf-parser.h"
45 #include "selinux-util.h"
46 #include "acl-util.h"
47 #include "formats-util.h"
48 #include "process-util.h"
49 #include "hostname-util.h"
50 #include "signal-util.h"
51 #include "journal-internal.h"
52 #include "journal-vacuum.h"
53 #include "journal-authenticate.h"
54 #include "journald-rate-limit.h"
55 #include "journald-kmsg.h"
56 #include "journald-syslog.h"
57 #include "journald-stream.h"
58 #include "journald-native.h"
59 #include "journald-audit.h"
60 #include "journald-server.h"
61
62 #define USER_JOURNALS_MAX 1024
63
64 #define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
65 #define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC)
66 #define DEFAULT_RATE_LIMIT_BURST 1000
67 #define DEFAULT_MAX_FILE_USEC USEC_PER_MONTH
68
69 #define RECHECK_AVAILABLE_SPACE_USEC (30*USEC_PER_SEC)
70
71 static const char* const storage_table[_STORAGE_MAX] = {
72 [STORAGE_AUTO] = "auto",
73 [STORAGE_VOLATILE] = "volatile",
74 [STORAGE_PERSISTENT] = "persistent",
75 [STORAGE_NONE] = "none"
76 };
77
78 DEFINE_STRING_TABLE_LOOKUP(storage, Storage);
79 DEFINE_CONFIG_PARSE_ENUM(config_parse_storage, storage, Storage, "Failed to parse storage setting");
80
81 static const char* const split_mode_table[_SPLIT_MAX] = {
82 [SPLIT_LOGIN] = "login",
83 [SPLIT_UID] = "uid",
84 [SPLIT_NONE] = "none",
85 };
86
87 DEFINE_STRING_TABLE_LOOKUP(split_mode, SplitMode);
88 DEFINE_CONFIG_PARSE_ENUM(config_parse_split_mode, split_mode, SplitMode, "Failed to parse split mode setting");
89
90 static uint64_t available_space(Server *s, bool verbose) {
91 char ids[33];
92 _cleanup_free_ char *p = NULL;
93 sd_id128_t machine;
94 struct statvfs ss;
95 uint64_t sum = 0, ss_avail = 0, avail = 0;
96 int r;
97 _cleanup_closedir_ DIR *d = NULL;
98 usec_t ts;
99 const char *f;
100 JournalMetrics *m;
101
102 ts = now(CLOCK_MONOTONIC);
103
104 if (s->cached_available_space_timestamp + RECHECK_AVAILABLE_SPACE_USEC > ts
105 && !verbose)
106 return s->cached_available_space;
107
108 r = sd_id128_get_machine(&machine);
109 if (r < 0)
110 return 0;
111
112 if (s->system_journal) {
113 f = "/var/log/journal/";
114 m = &s->system_metrics;
115 } else {
116 f = "/run/log/journal/";
117 m = &s->runtime_metrics;
118 }
119
120 assert(m);
121
122 p = strappend(f, sd_id128_to_string(machine, ids));
123 if (!p)
124 return 0;
125
126 d = opendir(p);
127 if (!d)
128 return 0;
129
130 if (fstatvfs(dirfd(d), &ss) < 0)
131 return 0;
132
133 for (;;) {
134 struct stat st;
135 struct dirent *de;
136
137 errno = 0;
138 de = readdir(d);
139 if (!de && errno != 0)
140 return 0;
141
142 if (!de)
143 break;
144
145 if (!endswith(de->d_name, ".journal") &&
146 !endswith(de->d_name, ".journal~"))
147 continue;
148
149 if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0)
150 continue;
151
152 if (!S_ISREG(st.st_mode))
153 continue;
154
155 sum += (uint64_t) st.st_blocks * 512UL;
156 }
157
158 ss_avail = ss.f_bsize * ss.f_bavail;
159
160 /* If we reached a high mark, we will always allow this much
161 * again, unless usage goes above max_use. This watermark
162 * value is cached so that we don't give up space on pressure,
163 * but hover below the maximum usage. */
164
165 if (m->use < sum)
166 m->use = sum;
167
168 avail = LESS_BY(ss_avail, m->keep_free);
169
170 s->cached_available_space = LESS_BY(MIN(m->max_use, avail), sum);
171 s->cached_available_space_timestamp = ts;
172
173 if (verbose) {
174 char fb1[FORMAT_BYTES_MAX], fb2[FORMAT_BYTES_MAX], fb3[FORMAT_BYTES_MAX],
175 fb4[FORMAT_BYTES_MAX], fb5[FORMAT_BYTES_MAX];
176
177 server_driver_message(s, SD_MESSAGE_JOURNAL_USAGE,
178 "%s is currently using %s.\n"
179 "Maximum allowed usage is set to %s.\n"
180 "Leaving at least %s free (of currently available %s of space).\n"
181 "Enforced usage limit is thus %s.",
182 s->system_journal ? "Permanent journal (/var/log/journal/)" : "Runtime journal (/run/log/journal/)",
183 format_bytes(fb1, sizeof(fb1), sum),
184 format_bytes(fb2, sizeof(fb2), m->max_use),
185 format_bytes(fb3, sizeof(fb3), m->keep_free),
186 format_bytes(fb4, sizeof(fb4), ss_avail),
187 format_bytes(fb5, sizeof(fb5), s->cached_available_space + sum));
188 }
189
190 return s->cached_available_space;
191 }
192
193 void server_fix_perms(Server *s, JournalFile *f, uid_t uid) {
194 int r;
195 #ifdef HAVE_ACL
196 acl_t acl;
197 acl_entry_t entry;
198 acl_permset_t permset;
199 #endif
200
201 assert(f);
202
203 r = fchmod(f->fd, 0640);
204 if (r < 0)
205 log_warning_errno(r, "Failed to fix access mode on %s, ignoring: %m", f->path);
206
207 #ifdef HAVE_ACL
208 if (uid <= SYSTEM_UID_MAX)
209 return;
210
211 acl = acl_get_fd(f->fd);
212 if (!acl) {
213 log_warning_errno(errno, "Failed to read ACL on %s, ignoring: %m", f->path);
214 return;
215 }
216
217 r = acl_find_uid(acl, uid, &entry);
218 if (r <= 0) {
219
220 if (acl_create_entry(&acl, &entry) < 0 ||
221 acl_set_tag_type(entry, ACL_USER) < 0 ||
222 acl_set_qualifier(entry, &uid) < 0) {
223 log_warning_errno(errno, "Failed to patch ACL on %s, ignoring: %m", f->path);
224 goto finish;
225 }
226 }
227
228 /* We do not recalculate the mask unconditionally here,
229 * so that the fchmod() mask above stays intact. */
230 if (acl_get_permset(entry, &permset) < 0 ||
231 acl_add_perm(permset, ACL_READ) < 0 ||
232 calc_acl_mask_if_needed(&acl) < 0) {
233 log_warning_errno(errno, "Failed to patch ACL on %s, ignoring: %m", f->path);
234 goto finish;
235 }
236
237 if (acl_set_fd(f->fd, acl) < 0)
238 log_warning_errno(errno, "Failed to set ACL on %s, ignoring: %m", f->path);
239
240 finish:
241 acl_free(acl);
242 #endif
243 }
244
245 static JournalFile* find_journal(Server *s, uid_t uid) {
246 _cleanup_free_ char *p = NULL;
247 int r;
248 JournalFile *f;
249 sd_id128_t machine;
250
251 assert(s);
252
253 /* We split up user logs only on /var, not on /run. If the
254 * runtime file is open, we write to it exclusively, in order
255 * to guarantee proper order as soon as we flush /run to
256 * /var and close the runtime file. */
257
258 if (s->runtime_journal)
259 return s->runtime_journal;
260
261 if (uid <= SYSTEM_UID_MAX)
262 return s->system_journal;
263
264 r = sd_id128_get_machine(&machine);
265 if (r < 0)
266 return s->system_journal;
267
268 f = ordered_hashmap_get(s->user_journals, UINT32_TO_PTR(uid));
269 if (f)
270 return f;
271
272 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/user-"UID_FMT".journal",
273 SD_ID128_FORMAT_VAL(machine), uid) < 0)
274 return s->system_journal;
275
276 while (ordered_hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
277 /* Too many open? Then let's close one */
278 f = ordered_hashmap_steal_first(s->user_journals);
279 assert(f);
280 journal_file_close(f);
281 }
282
283 r = journal_file_open_reliably(p, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &f);
284 if (r < 0)
285 return s->system_journal;
286
287 server_fix_perms(s, f, uid);
288
289 r = ordered_hashmap_put(s->user_journals, UINT32_TO_PTR(uid), f);
290 if (r < 0) {
291 journal_file_close(f);
292 return s->system_journal;
293 }
294
295 return f;
296 }
297
298 static int do_rotate(
299 Server *s,
300 JournalFile **f,
301 const char* name,
302 bool seal,
303 uint32_t uid) {
304
305 int r;
306 assert(s);
307
308 if (!*f)
309 return -EINVAL;
310
311 r = journal_file_rotate(f, s->compress, seal);
312 if (r < 0)
313 if (*f)
314 log_error_errno(r, "Failed to rotate %s: %m", (*f)->path);
315 else
316 log_error_errno(r, "Failed to create new %s journal: %m", name);
317 else
318 server_fix_perms(s, *f, uid);
319
320 return r;
321 }
322
323 void server_rotate(Server *s) {
324 JournalFile *f;
325 void *k;
326 Iterator i;
327 int r;
328
329 log_debug("Rotating...");
330
331 do_rotate(s, &s->runtime_journal, "runtime", false, 0);
332 do_rotate(s, &s->system_journal, "system", s->seal, 0);
333
334 ORDERED_HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
335 r = do_rotate(s, &f, "user", s->seal, PTR_TO_UINT32(k));
336 if (r >= 0)
337 ordered_hashmap_replace(s->user_journals, k, f);
338 else if (!f)
339 /* Old file has been closed and deallocated */
340 ordered_hashmap_remove(s->user_journals, k);
341 }
342 }
343
344 void server_sync(Server *s) {
345 JournalFile *f;
346 void *k;
347 Iterator i;
348 int r;
349
350 if (s->system_journal) {
351 r = journal_file_set_offline(s->system_journal);
352 if (r < 0)
353 log_error_errno(r, "Failed to sync system journal: %m");
354 }
355
356 ORDERED_HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
357 r = journal_file_set_offline(f);
358 if (r < 0)
359 log_error_errno(r, "Failed to sync user journal: %m");
360 }
361
362 if (s->sync_event_source) {
363 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_OFF);
364 if (r < 0)
365 log_error_errno(r, "Failed to disable sync timer source: %m");
366 }
367
368 s->sync_scheduled = false;
369 }
370
371 static void do_vacuum(
372 Server *s,
373 const char *id,
374 JournalFile *f,
375 const char* path,
376 JournalMetrics *metrics) {
377
378 const char *p;
379 int r;
380
381 if (!f)
382 return;
383
384 p = strjoina(path, id);
385 r = journal_directory_vacuum(p, metrics->max_use, s->max_retention_usec, &s->oldest_file_usec, false);
386 if (r < 0 && r != -ENOENT)
387 log_error_errno(r, "Failed to vacuum %s: %m", p);
388 }
389
390 void server_vacuum(Server *s) {
391 char ids[33];
392 sd_id128_t machine;
393 int r;
394
395 log_debug("Vacuuming...");
396
397 s->oldest_file_usec = 0;
398
399 r = sd_id128_get_machine(&machine);
400 if (r < 0) {
401 log_error_errno(r, "Failed to get machine ID: %m");
402 return;
403 }
404 sd_id128_to_string(machine, ids);
405
406 do_vacuum(s, ids, s->system_journal, "/var/log/journal/", &s->system_metrics);
407 do_vacuum(s, ids, s->runtime_journal, "/run/log/journal/", &s->runtime_metrics);
408
409 s->cached_available_space_timestamp = 0;
410 }
411
412 static void server_cache_machine_id(Server *s) {
413 sd_id128_t id;
414 int r;
415
416 assert(s);
417
418 r = sd_id128_get_machine(&id);
419 if (r < 0)
420 return;
421
422 sd_id128_to_string(id, stpcpy(s->machine_id_field, "_MACHINE_ID="));
423 }
424
425 static void server_cache_boot_id(Server *s) {
426 sd_id128_t id;
427 int r;
428
429 assert(s);
430
431 r = sd_id128_get_boot(&id);
432 if (r < 0)
433 return;
434
435 sd_id128_to_string(id, stpcpy(s->boot_id_field, "_BOOT_ID="));
436 }
437
438 static void server_cache_hostname(Server *s) {
439 _cleanup_free_ char *t = NULL;
440 char *x;
441
442 assert(s);
443
444 t = gethostname_malloc();
445 if (!t)
446 return;
447
448 x = strappend("_HOSTNAME=", t);
449 if (!x)
450 return;
451
452 free(s->hostname_field);
453 s->hostname_field = x;
454 }
455
456 static bool shall_try_append_again(JournalFile *f, int r) {
457
458 /* -E2BIG Hit configured limit
459 -EFBIG Hit fs limit
460 -EDQUOT Quota limit hit
461 -ENOSPC Disk full
462 -EIO I/O error of some kind (mmap)
463 -EHOSTDOWN Other machine
464 -EBUSY Unclean shutdown
465 -EPROTONOSUPPORT Unsupported feature
466 -EBADMSG Corrupted
467 -ENODATA Truncated
468 -ESHUTDOWN Already archived
469 -EIDRM Journal file has been deleted */
470
471 if (r == -E2BIG || r == -EFBIG || r == -EDQUOT || r == -ENOSPC)
472 log_debug("%s: Allocation limit reached, rotating.", f->path);
473 else if (r == -EHOSTDOWN)
474 log_info("%s: Journal file from other machine, rotating.", f->path);
475 else if (r == -EBUSY)
476 log_info("%s: Unclean shutdown, rotating.", f->path);
477 else if (r == -EPROTONOSUPPORT)
478 log_info("%s: Unsupported feature, rotating.", f->path);
479 else if (r == -EBADMSG || r == -ENODATA || r == ESHUTDOWN)
480 log_warning("%s: Journal file corrupted, rotating.", f->path);
481 else if (r == -EIO)
482 log_warning("%s: IO error, rotating.", f->path);
483 else if (r == -EIDRM)
484 log_warning("%s: Journal file has been deleted, rotating.", f->path);
485 else
486 return false;
487
488 return true;
489 }
490
491 static void write_to_journal(Server *s, uid_t uid, struct iovec *iovec, unsigned n, int priority) {
492 JournalFile *f;
493 bool vacuumed = false;
494 int r;
495
496 assert(s);
497 assert(iovec);
498 assert(n > 0);
499
500 f = find_journal(s, uid);
501 if (!f)
502 return;
503
504 if (journal_file_rotate_suggested(f, s->max_file_usec)) {
505 log_debug("%s: Journal header limits reached or header out-of-date, rotating.", f->path);
506 server_rotate(s);
507 server_vacuum(s);
508 vacuumed = true;
509
510 f = find_journal(s, uid);
511 if (!f)
512 return;
513 }
514
515 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
516 if (r >= 0) {
517 server_schedule_sync(s, priority);
518 return;
519 }
520
521 if (vacuumed || !shall_try_append_again(f, r)) {
522 log_error_errno(r, "Failed to write entry (%d items, %zu bytes), ignoring: %m", n, IOVEC_TOTAL_SIZE(iovec, n));
523 return;
524 }
525
526 server_rotate(s);
527 server_vacuum(s);
528
529 f = find_journal(s, uid);
530 if (!f)
531 return;
532
533 log_debug("Retrying write.");
534 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
535 if (r < 0)
536 log_error_errno(r, "Failed to write entry (%d items, %zu bytes) despite vacuuming, ignoring: %m", n, IOVEC_TOTAL_SIZE(iovec, n));
537 else
538 server_schedule_sync(s, priority);
539 }
540
541 static void dispatch_message_real(
542 Server *s,
543 struct iovec *iovec, unsigned n, unsigned m,
544 const struct ucred *ucred,
545 const struct timeval *tv,
546 const char *label, size_t label_len,
547 const char *unit_id,
548 int priority,
549 pid_t object_pid) {
550
551 char pid[sizeof("_PID=") + DECIMAL_STR_MAX(pid_t)],
552 uid[sizeof("_UID=") + DECIMAL_STR_MAX(uid_t)],
553 gid[sizeof("_GID=") + DECIMAL_STR_MAX(gid_t)],
554 owner_uid[sizeof("_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)],
555 source_time[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)],
556 o_uid[sizeof("OBJECT_UID=") + DECIMAL_STR_MAX(uid_t)],
557 o_gid[sizeof("OBJECT_GID=") + DECIMAL_STR_MAX(gid_t)],
558 o_owner_uid[sizeof("OBJECT_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)];
559 uid_t object_uid;
560 gid_t object_gid;
561 char *x;
562 int r;
563 char *t, *c;
564 uid_t realuid = 0, owner = 0, journal_uid;
565 bool owner_valid = false;
566 #ifdef HAVE_AUDIT
567 char audit_session[sizeof("_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
568 audit_loginuid[sizeof("_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)],
569 o_audit_session[sizeof("OBJECT_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
570 o_audit_loginuid[sizeof("OBJECT_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)];
571
572 uint32_t audit;
573 uid_t loginuid;
574 #endif
575
576 assert(s);
577 assert(iovec);
578 assert(n > 0);
579 assert(n + N_IOVEC_META_FIELDS + (object_pid ? N_IOVEC_OBJECT_FIELDS : 0) <= m);
580
581 if (ucred) {
582 realuid = ucred->uid;
583
584 sprintf(pid, "_PID="PID_FMT, ucred->pid);
585 IOVEC_SET_STRING(iovec[n++], pid);
586
587 sprintf(uid, "_UID="UID_FMT, ucred->uid);
588 IOVEC_SET_STRING(iovec[n++], uid);
589
590 sprintf(gid, "_GID="GID_FMT, ucred->gid);
591 IOVEC_SET_STRING(iovec[n++], gid);
592
593 r = get_process_comm(ucred->pid, &t);
594 if (r >= 0) {
595 x = strjoina("_COMM=", t);
596 free(t);
597 IOVEC_SET_STRING(iovec[n++], x);
598 }
599
600 r = get_process_exe(ucred->pid, &t);
601 if (r >= 0) {
602 x = strjoina("_EXE=", t);
603 free(t);
604 IOVEC_SET_STRING(iovec[n++], x);
605 }
606
607 r = get_process_cmdline(ucred->pid, 0, false, &t);
608 if (r >= 0) {
609 x = strjoina("_CMDLINE=", t);
610 free(t);
611 IOVEC_SET_STRING(iovec[n++], x);
612 }
613
614 r = get_process_capeff(ucred->pid, &t);
615 if (r >= 0) {
616 x = strjoina("_CAP_EFFECTIVE=", t);
617 free(t);
618 IOVEC_SET_STRING(iovec[n++], x);
619 }
620
621 #ifdef HAVE_AUDIT
622 r = audit_session_from_pid(ucred->pid, &audit);
623 if (r >= 0) {
624 sprintf(audit_session, "_AUDIT_SESSION=%"PRIu32, audit);
625 IOVEC_SET_STRING(iovec[n++], audit_session);
626 }
627
628 r = audit_loginuid_from_pid(ucred->pid, &loginuid);
629 if (r >= 0) {
630 sprintf(audit_loginuid, "_AUDIT_LOGINUID="UID_FMT, loginuid);
631 IOVEC_SET_STRING(iovec[n++], audit_loginuid);
632 }
633 #endif
634
635 r = cg_pid_get_path_shifted(ucred->pid, s->cgroup_root, &c);
636 if (r >= 0) {
637 char *session = NULL;
638
639 x = strjoina("_SYSTEMD_CGROUP=", c);
640 IOVEC_SET_STRING(iovec[n++], x);
641
642 r = cg_path_get_session(c, &t);
643 if (r >= 0) {
644 session = strjoina("_SYSTEMD_SESSION=", t);
645 free(t);
646 IOVEC_SET_STRING(iovec[n++], session);
647 }
648
649 if (cg_path_get_owner_uid(c, &owner) >= 0) {
650 owner_valid = true;
651
652 sprintf(owner_uid, "_SYSTEMD_OWNER_UID="UID_FMT, owner);
653 IOVEC_SET_STRING(iovec[n++], owner_uid);
654 }
655
656 if (cg_path_get_unit(c, &t) >= 0) {
657 x = strjoina("_SYSTEMD_UNIT=", t);
658 free(t);
659 IOVEC_SET_STRING(iovec[n++], x);
660 } else if (unit_id && !session) {
661 x = strjoina("_SYSTEMD_UNIT=", unit_id);
662 IOVEC_SET_STRING(iovec[n++], x);
663 }
664
665 if (cg_path_get_user_unit(c, &t) >= 0) {
666 x = strjoina("_SYSTEMD_USER_UNIT=", t);
667 free(t);
668 IOVEC_SET_STRING(iovec[n++], x);
669 } else if (unit_id && session) {
670 x = strjoina("_SYSTEMD_USER_UNIT=", unit_id);
671 IOVEC_SET_STRING(iovec[n++], x);
672 }
673
674 if (cg_path_get_slice(c, &t) >= 0) {
675 x = strjoina("_SYSTEMD_SLICE=", t);
676 free(t);
677 IOVEC_SET_STRING(iovec[n++], x);
678 }
679
680 free(c);
681 } else if (unit_id) {
682 x = strjoina("_SYSTEMD_UNIT=", unit_id);
683 IOVEC_SET_STRING(iovec[n++], x);
684 }
685
686 #ifdef HAVE_SELINUX
687 if (mac_selinux_use()) {
688 if (label) {
689 x = alloca(strlen("_SELINUX_CONTEXT=") + label_len + 1);
690
691 *((char*) mempcpy(stpcpy(x, "_SELINUX_CONTEXT="), label, label_len)) = 0;
692 IOVEC_SET_STRING(iovec[n++], x);
693 } else {
694 security_context_t con;
695
696 if (getpidcon(ucred->pid, &con) >= 0) {
697 x = strjoina("_SELINUX_CONTEXT=", con);
698
699 freecon(con);
700 IOVEC_SET_STRING(iovec[n++], x);
701 }
702 }
703 }
704 #endif
705 }
706 assert(n <= m);
707
708 if (object_pid) {
709 r = get_process_uid(object_pid, &object_uid);
710 if (r >= 0) {
711 sprintf(o_uid, "OBJECT_UID="UID_FMT, object_uid);
712 IOVEC_SET_STRING(iovec[n++], o_uid);
713 }
714
715 r = get_process_gid(object_pid, &object_gid);
716 if (r >= 0) {
717 sprintf(o_gid, "OBJECT_GID="GID_FMT, object_gid);
718 IOVEC_SET_STRING(iovec[n++], o_gid);
719 }
720
721 r = get_process_comm(object_pid, &t);
722 if (r >= 0) {
723 x = strjoina("OBJECT_COMM=", t);
724 free(t);
725 IOVEC_SET_STRING(iovec[n++], x);
726 }
727
728 r = get_process_exe(object_pid, &t);
729 if (r >= 0) {
730 x = strjoina("OBJECT_EXE=", t);
731 free(t);
732 IOVEC_SET_STRING(iovec[n++], x);
733 }
734
735 r = get_process_cmdline(object_pid, 0, false, &t);
736 if (r >= 0) {
737 x = strjoina("OBJECT_CMDLINE=", t);
738 free(t);
739 IOVEC_SET_STRING(iovec[n++], x);
740 }
741
742 #ifdef HAVE_AUDIT
743 r = audit_session_from_pid(object_pid, &audit);
744 if (r >= 0) {
745 sprintf(o_audit_session, "OBJECT_AUDIT_SESSION=%"PRIu32, audit);
746 IOVEC_SET_STRING(iovec[n++], o_audit_session);
747 }
748
749 r = audit_loginuid_from_pid(object_pid, &loginuid);
750 if (r >= 0) {
751 sprintf(o_audit_loginuid, "OBJECT_AUDIT_LOGINUID="UID_FMT, loginuid);
752 IOVEC_SET_STRING(iovec[n++], o_audit_loginuid);
753 }
754 #endif
755
756 r = cg_pid_get_path_shifted(object_pid, s->cgroup_root, &c);
757 if (r >= 0) {
758 x = strjoina("OBJECT_SYSTEMD_CGROUP=", c);
759 IOVEC_SET_STRING(iovec[n++], x);
760
761 r = cg_path_get_session(c, &t);
762 if (r >= 0) {
763 x = strjoina("OBJECT_SYSTEMD_SESSION=", t);
764 free(t);
765 IOVEC_SET_STRING(iovec[n++], x);
766 }
767
768 if (cg_path_get_owner_uid(c, &owner) >= 0) {
769 sprintf(o_owner_uid, "OBJECT_SYSTEMD_OWNER_UID="UID_FMT, owner);
770 IOVEC_SET_STRING(iovec[n++], o_owner_uid);
771 }
772
773 if (cg_path_get_unit(c, &t) >= 0) {
774 x = strjoina("OBJECT_SYSTEMD_UNIT=", t);
775 free(t);
776 IOVEC_SET_STRING(iovec[n++], x);
777 }
778
779 if (cg_path_get_user_unit(c, &t) >= 0) {
780 x = strjoina("OBJECT_SYSTEMD_USER_UNIT=", t);
781 free(t);
782 IOVEC_SET_STRING(iovec[n++], x);
783 }
784
785 free(c);
786 }
787 }
788 assert(n <= m);
789
790 if (tv) {
791 sprintf(source_time, "_SOURCE_REALTIME_TIMESTAMP=%llu", (unsigned long long) timeval_load(tv));
792 IOVEC_SET_STRING(iovec[n++], source_time);
793 }
794
795 /* Note that strictly speaking storing the boot id here is
796 * redundant since the entry includes this in-line
797 * anyway. However, we need this indexed, too. */
798 if (!isempty(s->boot_id_field))
799 IOVEC_SET_STRING(iovec[n++], s->boot_id_field);
800
801 if (!isempty(s->machine_id_field))
802 IOVEC_SET_STRING(iovec[n++], s->machine_id_field);
803
804 if (!isempty(s->hostname_field))
805 IOVEC_SET_STRING(iovec[n++], s->hostname_field);
806
807 assert(n <= m);
808
809 if (s->split_mode == SPLIT_UID && realuid > 0)
810 /* Split up strictly by any UID */
811 journal_uid = realuid;
812 else if (s->split_mode == SPLIT_LOGIN && realuid > 0 && owner_valid && owner > 0)
813 /* Split up by login UIDs. We do this only if the
814 * realuid is not root, in order not to accidentally
815 * leak privileged information to the user that is
816 * logged by a privileged process that is part of an
817 * unprivileged session. */
818 journal_uid = owner;
819 else
820 journal_uid = 0;
821
822 write_to_journal(s, journal_uid, iovec, n, priority);
823 }
824
825 void server_driver_message(Server *s, sd_id128_t message_id, const char *format, ...) {
826 char mid[11 + 32 + 1];
827 char buffer[16 + LINE_MAX + 1];
828 struct iovec iovec[N_IOVEC_META_FIELDS + 4];
829 int n = 0;
830 va_list ap;
831 struct ucred ucred = {};
832
833 assert(s);
834 assert(format);
835
836 IOVEC_SET_STRING(iovec[n++], "PRIORITY=6");
837 IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=driver");
838
839 memcpy(buffer, "MESSAGE=", 8);
840 va_start(ap, format);
841 vsnprintf(buffer + 8, sizeof(buffer) - 8, format, ap);
842 va_end(ap);
843 IOVEC_SET_STRING(iovec[n++], buffer);
844
845 if (!sd_id128_equal(message_id, SD_ID128_NULL)) {
846 snprintf(mid, sizeof(mid), LOG_MESSAGE_ID(message_id));
847 IOVEC_SET_STRING(iovec[n++], mid);
848 }
849
850 ucred.pid = getpid();
851 ucred.uid = getuid();
852 ucred.gid = getgid();
853
854 dispatch_message_real(s, iovec, n, ELEMENTSOF(iovec), &ucred, NULL, NULL, 0, NULL, LOG_INFO, 0);
855 }
856
857 void server_dispatch_message(
858 Server *s,
859 struct iovec *iovec, unsigned n, unsigned m,
860 const struct ucred *ucred,
861 const struct timeval *tv,
862 const char *label, size_t label_len,
863 const char *unit_id,
864 int priority,
865 pid_t object_pid) {
866
867 int rl, r;
868 _cleanup_free_ char *path = NULL;
869 char *c;
870
871 assert(s);
872 assert(iovec || n == 0);
873
874 if (n == 0)
875 return;
876
877 if (LOG_PRI(priority) > s->max_level_store)
878 return;
879
880 /* Stop early in case the information will not be stored
881 * in a journal. */
882 if (s->storage == STORAGE_NONE)
883 return;
884
885 if (!ucred)
886 goto finish;
887
888 r = cg_pid_get_path_shifted(ucred->pid, s->cgroup_root, &path);
889 if (r < 0)
890 goto finish;
891
892 /* example: /user/lennart/3/foobar
893 * /system/dbus.service/foobar
894 *
895 * So let's cut of everything past the third /, since that is
896 * where user directories start */
897
898 c = strchr(path, '/');
899 if (c) {
900 c = strchr(c+1, '/');
901 if (c) {
902 c = strchr(c+1, '/');
903 if (c)
904 *c = 0;
905 }
906 }
907
908 rl = journal_rate_limit_test(s->rate_limit, path,
909 priority & LOG_PRIMASK, available_space(s, false));
910
911 if (rl == 0)
912 return;
913
914 /* Write a suppression message if we suppressed something */
915 if (rl > 1)
916 server_driver_message(s, SD_MESSAGE_JOURNAL_DROPPED,
917 "Suppressed %u messages from %s", rl - 1, path);
918
919 finish:
920 dispatch_message_real(s, iovec, n, m, ucred, tv, label, label_len, unit_id, priority, object_pid);
921 }
922
923
924 static int system_journal_open(Server *s, bool flush_requested) {
925 int r;
926 char *fn;
927 sd_id128_t machine;
928 char ids[33];
929
930 r = sd_id128_get_machine(&machine);
931 if (r < 0)
932 return log_error_errno(r, "Failed to get machine id: %m");
933
934 sd_id128_to_string(machine, ids);
935
936 if (!s->system_journal &&
937 (s->storage == STORAGE_PERSISTENT || s->storage == STORAGE_AUTO) &&
938 (flush_requested
939 || access("/run/systemd/journal/flushed", F_OK) >= 0)) {
940
941 /* If in auto mode: first try to create the machine
942 * path, but not the prefix.
943 *
944 * If in persistent mode: create /var/log/journal and
945 * the machine path */
946
947 if (s->storage == STORAGE_PERSISTENT)
948 (void) mkdir_p("/var/log/journal/", 0755);
949
950 fn = strjoina("/var/log/journal/", ids);
951 (void) mkdir(fn, 0755);
952
953 fn = strjoina(fn, "/system.journal");
954 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &s->system_journal);
955
956 if (r >= 0)
957 server_fix_perms(s, s->system_journal, 0);
958 else if (r < 0) {
959 if (r != -ENOENT && r != -EROFS)
960 log_warning_errno(r, "Failed to open system journal: %m");
961
962 r = 0;
963 }
964 }
965
966 if (!s->runtime_journal &&
967 (s->storage != STORAGE_NONE)) {
968
969 fn = strjoin("/run/log/journal/", ids, "/system.journal", NULL);
970 if (!fn)
971 return -ENOMEM;
972
973 if (s->system_journal) {
974
975 /* Try to open the runtime journal, but only
976 * if it already exists, so that we can flush
977 * it into the system journal */
978
979 r = journal_file_open(fn, O_RDWR, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
980 free(fn);
981
982 if (r < 0) {
983 if (r != -ENOENT)
984 log_warning_errno(r, "Failed to open runtime journal: %m");
985
986 r = 0;
987 }
988
989 } else {
990
991 /* OK, we really need the runtime journal, so create
992 * it if necessary. */
993
994 (void) mkdir("/run/log", 0755);
995 (void) mkdir("/run/log/journal", 0755);
996 (void) mkdir_parents(fn, 0750);
997
998 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
999 free(fn);
1000
1001 if (r < 0)
1002 return log_error_errno(r, "Failed to open runtime journal: %m");
1003 }
1004
1005 if (s->runtime_journal)
1006 server_fix_perms(s, s->runtime_journal, 0);
1007 }
1008
1009 available_space(s, true);
1010
1011 return r;
1012 }
1013
1014 int server_flush_to_var(Server *s) {
1015 sd_id128_t machine;
1016 sd_journal *j = NULL;
1017 char ts[FORMAT_TIMESPAN_MAX];
1018 usec_t start;
1019 unsigned n = 0;
1020 int r;
1021
1022 assert(s);
1023
1024 if (s->storage != STORAGE_AUTO &&
1025 s->storage != STORAGE_PERSISTENT)
1026 return 0;
1027
1028 if (!s->runtime_journal)
1029 return 0;
1030
1031 system_journal_open(s, true);
1032
1033 if (!s->system_journal)
1034 return 0;
1035
1036 log_debug("Flushing to /var...");
1037
1038 start = now(CLOCK_MONOTONIC);
1039
1040 r = sd_id128_get_machine(&machine);
1041 if (r < 0)
1042 return r;
1043
1044 r = sd_journal_open(&j, SD_JOURNAL_RUNTIME_ONLY);
1045 if (r < 0)
1046 return log_error_errno(r, "Failed to read runtime journal: %m");
1047
1048 sd_journal_set_data_threshold(j, 0);
1049
1050 SD_JOURNAL_FOREACH(j) {
1051 Object *o = NULL;
1052 JournalFile *f;
1053
1054 f = j->current_file;
1055 assert(f && f->current_offset > 0);
1056
1057 n++;
1058
1059 r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
1060 if (r < 0) {
1061 log_error_errno(r, "Can't read entry: %m");
1062 goto finish;
1063 }
1064
1065 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
1066 if (r >= 0)
1067 continue;
1068
1069 if (!shall_try_append_again(s->system_journal, r)) {
1070 log_error_errno(r, "Can't write entry: %m");
1071 goto finish;
1072 }
1073
1074 server_rotate(s);
1075 server_vacuum(s);
1076
1077 if (!s->system_journal) {
1078 log_notice("Didn't flush runtime journal since rotation of system journal wasn't successful.");
1079 r = -EIO;
1080 goto finish;
1081 }
1082
1083 log_debug("Retrying write.");
1084 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
1085 if (r < 0) {
1086 log_error_errno(r, "Can't write entry: %m");
1087 goto finish;
1088 }
1089 }
1090
1091 finish:
1092 journal_file_post_change(s->system_journal);
1093
1094 journal_file_close(s->runtime_journal);
1095 s->runtime_journal = NULL;
1096
1097 if (r >= 0)
1098 (void) rm_rf("/run/log/journal", REMOVE_ROOT);
1099
1100 sd_journal_close(j);
1101
1102 server_driver_message(s, SD_ID128_NULL, "Time spent on flushing to /var is %s for %u entries.", format_timespan(ts, sizeof(ts), now(CLOCK_MONOTONIC) - start, 0), n);
1103
1104 return r;
1105 }
1106
1107 int server_process_datagram(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
1108 Server *s = userdata;
1109 struct ucred *ucred = NULL;
1110 struct timeval *tv = NULL;
1111 struct cmsghdr *cmsg;
1112 char *label = NULL;
1113 size_t label_len = 0, m;
1114 struct iovec iovec;
1115 ssize_t n;
1116 int *fds = NULL, v = 0;
1117 unsigned n_fds = 0;
1118
1119 union {
1120 struct cmsghdr cmsghdr;
1121
1122 /* We use NAME_MAX space for the SELinux label
1123 * here. The kernel currently enforces no
1124 * limit, but according to suggestions from
1125 * the SELinux people this will change and it
1126 * will probably be identical to NAME_MAX. For
1127 * now we use that, but this should be updated
1128 * one day when the final limit is known. */
1129 uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
1130 CMSG_SPACE(sizeof(struct timeval)) +
1131 CMSG_SPACE(sizeof(int)) + /* fd */
1132 CMSG_SPACE(NAME_MAX)]; /* selinux label */
1133 } control = {};
1134
1135 union sockaddr_union sa = {};
1136
1137 struct msghdr msghdr = {
1138 .msg_iov = &iovec,
1139 .msg_iovlen = 1,
1140 .msg_control = &control,
1141 .msg_controllen = sizeof(control),
1142 .msg_name = &sa,
1143 .msg_namelen = sizeof(sa),
1144 };
1145
1146 assert(s);
1147 assert(fd == s->native_fd || fd == s->syslog_fd || fd == s->audit_fd);
1148
1149 if (revents != EPOLLIN) {
1150 log_error("Got invalid event from epoll for datagram fd: %"PRIx32, revents);
1151 return -EIO;
1152 }
1153
1154 /* Try to get the right size, if we can. (Not all
1155 * sockets support SIOCINQ, hence we just try, but
1156 * don't rely on it. */
1157 (void) ioctl(fd, SIOCINQ, &v);
1158
1159 /* Fix it up, if it is too small. We use the same fixed value as auditd here. Awful! */
1160 m = PAGE_ALIGN(MAX3((size_t) v + 1,
1161 (size_t) LINE_MAX,
1162 ALIGN(sizeof(struct nlmsghdr)) + ALIGN((size_t) MAX_AUDIT_MESSAGE_LENGTH)) + 1);
1163
1164 if (!GREEDY_REALLOC(s->buffer, s->buffer_size, m))
1165 return log_oom();
1166
1167 iovec.iov_base = s->buffer;
1168 iovec.iov_len = s->buffer_size - 1; /* Leave room for trailing NUL we add later */
1169
1170 n = recvmsg(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
1171 if (n < 0) {
1172 if (errno == EINTR || errno == EAGAIN)
1173 return 0;
1174
1175 return log_error_errno(errno, "recvmsg() failed: %m");
1176 }
1177
1178 CMSG_FOREACH(cmsg, &msghdr) {
1179
1180 if (cmsg->cmsg_level == SOL_SOCKET &&
1181 cmsg->cmsg_type == SCM_CREDENTIALS &&
1182 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
1183 ucred = (struct ucred*) CMSG_DATA(cmsg);
1184 else if (cmsg->cmsg_level == SOL_SOCKET &&
1185 cmsg->cmsg_type == SCM_SECURITY) {
1186 label = (char*) CMSG_DATA(cmsg);
1187 label_len = cmsg->cmsg_len - CMSG_LEN(0);
1188 } else if (cmsg->cmsg_level == SOL_SOCKET &&
1189 cmsg->cmsg_type == SO_TIMESTAMP &&
1190 cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval)))
1191 tv = (struct timeval*) CMSG_DATA(cmsg);
1192 else if (cmsg->cmsg_level == SOL_SOCKET &&
1193 cmsg->cmsg_type == SCM_RIGHTS) {
1194 fds = (int*) CMSG_DATA(cmsg);
1195 n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
1196 }
1197 }
1198
1199 /* And a trailing NUL, just in case */
1200 s->buffer[n] = 0;
1201
1202 if (fd == s->syslog_fd) {
1203 if (n > 0 && n_fds == 0)
1204 server_process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len);
1205 else if (n_fds > 0)
1206 log_warning("Got file descriptors via syslog socket. Ignoring.");
1207
1208 } else if (fd == s->native_fd) {
1209 if (n > 0 && n_fds == 0)
1210 server_process_native_message(s, s->buffer, n, ucred, tv, label, label_len);
1211 else if (n == 0 && n_fds == 1)
1212 server_process_native_file(s, fds[0], ucred, tv, label, label_len);
1213 else if (n_fds > 0)
1214 log_warning("Got too many file descriptors via native socket. Ignoring.");
1215
1216 } else {
1217 assert(fd == s->audit_fd);
1218
1219 if (n > 0 && n_fds == 0)
1220 server_process_audit_message(s, s->buffer, n, ucred, &sa, msghdr.msg_namelen);
1221 else if (n_fds > 0)
1222 log_warning("Got file descriptors via audit socket. Ignoring.");
1223 }
1224
1225 close_many(fds, n_fds);
1226 return 0;
1227 }
1228
1229 static int dispatch_sigusr1(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1230 Server *s = userdata;
1231
1232 assert(s);
1233
1234 log_info("Received request to flush runtime journal from PID %"PRIu32, si->ssi_pid);
1235
1236 server_flush_to_var(s);
1237 server_sync(s);
1238 server_vacuum(s);
1239
1240 touch("/run/systemd/journal/flushed");
1241
1242 return 0;
1243 }
1244
1245 static int dispatch_sigusr2(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1246 Server *s = userdata;
1247
1248 assert(s);
1249
1250 log_info("Received request to rotate journal from PID %"PRIu32, si->ssi_pid);
1251 server_rotate(s);
1252 server_vacuum(s);
1253
1254 return 0;
1255 }
1256
1257 static int dispatch_sigterm(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1258 Server *s = userdata;
1259
1260 assert(s);
1261
1262 log_received_signal(LOG_INFO, si);
1263
1264 sd_event_exit(s->event, 0);
1265 return 0;
1266 }
1267
1268 static int setup_signals(Server *s) {
1269 int r;
1270
1271 assert(s);
1272
1273 assert(sigprocmask_many(SIG_SETMASK, NULL, SIGINT, SIGTERM, SIGUSR1, SIGUSR2, -1) >= 0);
1274
1275 r = sd_event_add_signal(s->event, &s->sigusr1_event_source, SIGUSR1, dispatch_sigusr1, s);
1276 if (r < 0)
1277 return r;
1278
1279 r = sd_event_add_signal(s->event, &s->sigusr2_event_source, SIGUSR2, dispatch_sigusr2, s);
1280 if (r < 0)
1281 return r;
1282
1283 r = sd_event_add_signal(s->event, &s->sigterm_event_source, SIGTERM, dispatch_sigterm, s);
1284 if (r < 0)
1285 return r;
1286
1287 r = sd_event_add_signal(s->event, &s->sigint_event_source, SIGINT, dispatch_sigterm, s);
1288 if (r < 0)
1289 return r;
1290
1291 return 0;
1292 }
1293
1294 static int server_parse_proc_cmdline(Server *s) {
1295 _cleanup_free_ char *line = NULL;
1296 const char *w, *state;
1297 size_t l;
1298 int r;
1299
1300 r = proc_cmdline(&line);
1301 if (r < 0) {
1302 log_warning_errno(r, "Failed to read /proc/cmdline, ignoring: %m");
1303 return 0;
1304 }
1305
1306 FOREACH_WORD_QUOTED(w, l, line, state) {
1307 _cleanup_free_ char *word;
1308
1309 word = strndup(w, l);
1310 if (!word)
1311 return -ENOMEM;
1312
1313 if (startswith(word, "systemd.journald.forward_to_syslog=")) {
1314 r = parse_boolean(word + 35);
1315 if (r < 0)
1316 log_warning("Failed to parse forward to syslog switch %s. Ignoring.", word + 35);
1317 else
1318 s->forward_to_syslog = r;
1319 } else if (startswith(word, "systemd.journald.forward_to_kmsg=")) {
1320 r = parse_boolean(word + 33);
1321 if (r < 0)
1322 log_warning("Failed to parse forward to kmsg switch %s. Ignoring.", word + 33);
1323 else
1324 s->forward_to_kmsg = r;
1325 } else if (startswith(word, "systemd.journald.forward_to_console=")) {
1326 r = parse_boolean(word + 36);
1327 if (r < 0)
1328 log_warning("Failed to parse forward to console switch %s. Ignoring.", word + 36);
1329 else
1330 s->forward_to_console = r;
1331 } else if (startswith(word, "systemd.journald.forward_to_wall=")) {
1332 r = parse_boolean(word + 33);
1333 if (r < 0)
1334 log_warning("Failed to parse forward to wall switch %s. Ignoring.", word + 33);
1335 else
1336 s->forward_to_wall = r;
1337 } else if (startswith(word, "systemd.journald"))
1338 log_warning("Invalid systemd.journald parameter. Ignoring.");
1339 }
1340 /* do not warn about state here, since probably systemd already did */
1341
1342 return 0;
1343 }
1344
1345 static int server_parse_config_file(Server *s) {
1346 assert(s);
1347
1348 return config_parse_many("/etc/systemd/journald.conf",
1349 CONF_DIRS_NULSTR("systemd/journald.conf"),
1350 "Journal\0",
1351 config_item_perf_lookup, journald_gperf_lookup,
1352 false, s);
1353 }
1354
1355 static int server_dispatch_sync(sd_event_source *es, usec_t t, void *userdata) {
1356 Server *s = userdata;
1357
1358 assert(s);
1359
1360 server_sync(s);
1361 return 0;
1362 }
1363
1364 int server_schedule_sync(Server *s, int priority) {
1365 int r;
1366
1367 assert(s);
1368
1369 if (priority <= LOG_CRIT) {
1370 /* Immediately sync to disk when this is of priority CRIT, ALERT, EMERG */
1371 server_sync(s);
1372 return 0;
1373 }
1374
1375 if (s->sync_scheduled)
1376 return 0;
1377
1378 if (s->sync_interval_usec > 0) {
1379 usec_t when;
1380
1381 r = sd_event_now(s->event, CLOCK_MONOTONIC, &when);
1382 if (r < 0)
1383 return r;
1384
1385 when += s->sync_interval_usec;
1386
1387 if (!s->sync_event_source) {
1388 r = sd_event_add_time(
1389 s->event,
1390 &s->sync_event_source,
1391 CLOCK_MONOTONIC,
1392 when, 0,
1393 server_dispatch_sync, s);
1394 if (r < 0)
1395 return r;
1396
1397 r = sd_event_source_set_priority(s->sync_event_source, SD_EVENT_PRIORITY_IMPORTANT);
1398 } else {
1399 r = sd_event_source_set_time(s->sync_event_source, when);
1400 if (r < 0)
1401 return r;
1402
1403 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_ONESHOT);
1404 }
1405 if (r < 0)
1406 return r;
1407
1408 s->sync_scheduled = true;
1409 }
1410
1411 return 0;
1412 }
1413
1414 static int dispatch_hostname_change(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
1415 Server *s = userdata;
1416
1417 assert(s);
1418
1419 server_cache_hostname(s);
1420 return 0;
1421 }
1422
1423 static int server_open_hostname(Server *s) {
1424 int r;
1425
1426 assert(s);
1427
1428 s->hostname_fd = open("/proc/sys/kernel/hostname", O_RDONLY|O_CLOEXEC|O_NDELAY|O_NOCTTY);
1429 if (s->hostname_fd < 0)
1430 return log_error_errno(errno, "Failed to open /proc/sys/kernel/hostname: %m");
1431
1432 r = sd_event_add_io(s->event, &s->hostname_event_source, s->hostname_fd, 0, dispatch_hostname_change, s);
1433 if (r < 0) {
1434 /* kernels prior to 3.2 don't support polling this file. Ignore
1435 * the failure. */
1436 if (r == -EPERM) {
1437 log_warning("Failed to register hostname fd in event loop: %s. Ignoring.",
1438 strerror(-r));
1439 s->hostname_fd = safe_close(s->hostname_fd);
1440 return 0;
1441 }
1442
1443 return log_error_errno(r, "Failed to register hostname fd in event loop: %m");
1444 }
1445
1446 r = sd_event_source_set_priority(s->hostname_event_source, SD_EVENT_PRIORITY_IMPORTANT-10);
1447 if (r < 0)
1448 return log_error_errno(r, "Failed to adjust priority of host name event source: %m");
1449
1450 return 0;
1451 }
1452
1453 int server_init(Server *s) {
1454 _cleanup_fdset_free_ FDSet *fds = NULL;
1455 int n, r, fd;
1456
1457 assert(s);
1458
1459 zero(*s);
1460 s->syslog_fd = s->native_fd = s->stdout_fd = s->dev_kmsg_fd = s->audit_fd = s->hostname_fd = -1;
1461 s->compress = true;
1462 s->seal = true;
1463
1464 s->sync_interval_usec = DEFAULT_SYNC_INTERVAL_USEC;
1465 s->sync_scheduled = false;
1466
1467 s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL;
1468 s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST;
1469
1470 s->forward_to_wall = true;
1471
1472 s->max_file_usec = DEFAULT_MAX_FILE_USEC;
1473
1474 s->max_level_store = LOG_DEBUG;
1475 s->max_level_syslog = LOG_DEBUG;
1476 s->max_level_kmsg = LOG_NOTICE;
1477 s->max_level_console = LOG_INFO;
1478 s->max_level_wall = LOG_EMERG;
1479
1480 memset(&s->system_metrics, 0xFF, sizeof(s->system_metrics));
1481 memset(&s->runtime_metrics, 0xFF, sizeof(s->runtime_metrics));
1482
1483 server_parse_config_file(s);
1484 server_parse_proc_cmdline(s);
1485 if (!!s->rate_limit_interval ^ !!s->rate_limit_burst) {
1486 log_debug("Setting both rate limit interval and burst from "USEC_FMT",%u to 0,0",
1487 s->rate_limit_interval, s->rate_limit_burst);
1488 s->rate_limit_interval = s->rate_limit_burst = 0;
1489 }
1490
1491 mkdir_p("/run/systemd/journal", 0755);
1492
1493 s->user_journals = ordered_hashmap_new(NULL);
1494 if (!s->user_journals)
1495 return log_oom();
1496
1497 s->mmap = mmap_cache_new();
1498 if (!s->mmap)
1499 return log_oom();
1500
1501 r = sd_event_default(&s->event);
1502 if (r < 0)
1503 return log_error_errno(r, "Failed to create event loop: %m");
1504
1505 sd_event_set_watchdog(s->event, true);
1506
1507 n = sd_listen_fds(true);
1508 if (n < 0)
1509 return log_error_errno(n, "Failed to read listening file descriptors from environment: %m");
1510
1511 for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
1512
1513 if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/socket", 0) > 0) {
1514
1515 if (s->native_fd >= 0) {
1516 log_error("Too many native sockets passed.");
1517 return -EINVAL;
1518 }
1519
1520 s->native_fd = fd;
1521
1522 } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, "/run/systemd/journal/stdout", 0) > 0) {
1523
1524 if (s->stdout_fd >= 0) {
1525 log_error("Too many stdout sockets passed.");
1526 return -EINVAL;
1527 }
1528
1529 s->stdout_fd = fd;
1530
1531 } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0 ||
1532 sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/dev-log", 0) > 0) {
1533
1534 if (s->syslog_fd >= 0) {
1535 log_error("Too many /dev/log sockets passed.");
1536 return -EINVAL;
1537 }
1538
1539 s->syslog_fd = fd;
1540
1541 } else if (sd_is_socket(fd, AF_NETLINK, SOCK_RAW, -1) > 0) {
1542
1543 if (s->audit_fd >= 0) {
1544 log_error("Too many audit sockets passed.");
1545 return -EINVAL;
1546 }
1547
1548 s->audit_fd = fd;
1549
1550 } else {
1551
1552 if (!fds) {
1553 fds = fdset_new();
1554 if (!fds)
1555 return log_oom();
1556 }
1557
1558 r = fdset_put(fds, fd);
1559 if (r < 0)
1560 return log_oom();
1561 }
1562 }
1563
1564 r = server_open_stdout_socket(s, fds);
1565 if (r < 0)
1566 return r;
1567
1568 if (fdset_size(fds) > 0) {
1569 log_warning("%u unknown file descriptors passed, closing.", fdset_size(fds));
1570 fds = fdset_free(fds);
1571 }
1572
1573 r = server_open_syslog_socket(s);
1574 if (r < 0)
1575 return r;
1576
1577 r = server_open_native_socket(s);
1578 if (r < 0)
1579 return r;
1580
1581 r = server_open_dev_kmsg(s);
1582 if (r < 0)
1583 return r;
1584
1585 r = server_open_audit(s);
1586 if (r < 0)
1587 return r;
1588
1589 r = server_open_kernel_seqnum(s);
1590 if (r < 0)
1591 return r;
1592
1593 r = server_open_hostname(s);
1594 if (r < 0)
1595 return r;
1596
1597 r = setup_signals(s);
1598 if (r < 0)
1599 return r;
1600
1601 s->udev = udev_new();
1602 if (!s->udev)
1603 return -ENOMEM;
1604
1605 s->rate_limit = journal_rate_limit_new(s->rate_limit_interval, s->rate_limit_burst);
1606 if (!s->rate_limit)
1607 return -ENOMEM;
1608
1609 r = cg_get_root_path(&s->cgroup_root);
1610 if (r < 0)
1611 return r;
1612
1613 server_cache_hostname(s);
1614 server_cache_boot_id(s);
1615 server_cache_machine_id(s);
1616
1617 r = system_journal_open(s, false);
1618 if (r < 0)
1619 return r;
1620
1621 return 0;
1622 }
1623
1624 void server_maybe_append_tags(Server *s) {
1625 #ifdef HAVE_GCRYPT
1626 JournalFile *f;
1627 Iterator i;
1628 usec_t n;
1629
1630 n = now(CLOCK_REALTIME);
1631
1632 if (s->system_journal)
1633 journal_file_maybe_append_tag(s->system_journal, n);
1634
1635 ORDERED_HASHMAP_FOREACH(f, s->user_journals, i)
1636 journal_file_maybe_append_tag(f, n);
1637 #endif
1638 }
1639
1640 void server_done(Server *s) {
1641 JournalFile *f;
1642 assert(s);
1643
1644 while (s->stdout_streams)
1645 stdout_stream_free(s->stdout_streams);
1646
1647 if (s->system_journal)
1648 journal_file_close(s->system_journal);
1649
1650 if (s->runtime_journal)
1651 journal_file_close(s->runtime_journal);
1652
1653 while ((f = ordered_hashmap_steal_first(s->user_journals)))
1654 journal_file_close(f);
1655
1656 ordered_hashmap_free(s->user_journals);
1657
1658 sd_event_source_unref(s->syslog_event_source);
1659 sd_event_source_unref(s->native_event_source);
1660 sd_event_source_unref(s->stdout_event_source);
1661 sd_event_source_unref(s->dev_kmsg_event_source);
1662 sd_event_source_unref(s->audit_event_source);
1663 sd_event_source_unref(s->sync_event_source);
1664 sd_event_source_unref(s->sigusr1_event_source);
1665 sd_event_source_unref(s->sigusr2_event_source);
1666 sd_event_source_unref(s->sigterm_event_source);
1667 sd_event_source_unref(s->sigint_event_source);
1668 sd_event_source_unref(s->hostname_event_source);
1669 sd_event_unref(s->event);
1670
1671 safe_close(s->syslog_fd);
1672 safe_close(s->native_fd);
1673 safe_close(s->stdout_fd);
1674 safe_close(s->dev_kmsg_fd);
1675 safe_close(s->audit_fd);
1676 safe_close(s->hostname_fd);
1677
1678 if (s->rate_limit)
1679 journal_rate_limit_free(s->rate_limit);
1680
1681 if (s->kernel_seqnum)
1682 munmap(s->kernel_seqnum, sizeof(uint64_t));
1683
1684 free(s->buffer);
1685 free(s->tty_path);
1686 free(s->cgroup_root);
1687 free(s->hostname_field);
1688
1689 if (s->mmap)
1690 mmap_cache_unref(s->mmap);
1691
1692 udev_unref(s->udev);
1693 }
Unnamed repository; edit this file 'description' to name the repository.