]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/journal/journald-server.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #417 from ssahani/ipv6-private
[thirdparty/systemd.git] / src / journal / journald-server.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2011 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <sys/signalfd.h>
23 #include <sys/ioctl.h>
24 #include <linux/sockios.h>
25 #include <sys/statvfs.h>
26 #include <sys/mman.h>
27
28 #ifdef HAVE_SELINUX
29 #include <selinux/selinux.h>
30 #endif
31
32 #include <libudev.h>
33
34 #include "sd-journal.h"
35 #include "sd-messages.h"
36 #include "sd-daemon.h"
37 #include "mkdir.h"
38 #include "rm-rf.h"
39 #include "hashmap.h"
40 #include "journal-file.h"
41 #include "socket-util.h"
42 #include "cgroup-util.h"
43 #include "missing.h"
44 #include "conf-parser.h"
45 #include "selinux-util.h"
46 #include "acl-util.h"
47 #include "formats-util.h"
48 #include "process-util.h"
49 #include "hostname-util.h"
50 #include "signal-util.h"
51 #include "journal-internal.h"
52 #include "journal-vacuum.h"
53 #include "journal-authenticate.h"
54 #include "journald-rate-limit.h"
55 #include "journald-kmsg.h"
56 #include "journald-syslog.h"
57 #include "journald-stream.h"
58 #include "journald-native.h"
59 #include "journald-audit.h"
60 #include "journald-server.h"
61
62 #define USER_JOURNALS_MAX 1024
63
64 #define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
65 #define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC)
66 #define DEFAULT_RATE_LIMIT_BURST 1000
67 #define DEFAULT_MAX_FILE_USEC USEC_PER_MONTH
68
69 #define RECHECK_AVAILABLE_SPACE_USEC (30*USEC_PER_SEC)
70
71 static const char* const storage_table[_STORAGE_MAX] = {
72 [STORAGE_AUTO] = "auto",
73 [STORAGE_VOLATILE] = "volatile",
74 [STORAGE_PERSISTENT] = "persistent",
75 [STORAGE_NONE] = "none"
76 };
77
78 DEFINE_STRING_TABLE_LOOKUP(storage, Storage);
79 DEFINE_CONFIG_PARSE_ENUM(config_parse_storage, storage, Storage, "Failed to parse storage setting");
80
81 static const char* const split_mode_table[_SPLIT_MAX] = {
82 [SPLIT_LOGIN] = "login",
83 [SPLIT_UID] = "uid",
84 [SPLIT_NONE] = "none",
85 };
86
87 DEFINE_STRING_TABLE_LOOKUP(split_mode, SplitMode);
88 DEFINE_CONFIG_PARSE_ENUM(config_parse_split_mode, split_mode, SplitMode, "Failed to parse split mode setting");
89
90 static uint64_t available_space(Server *s, bool verbose) {
91 char ids[33];
92 _cleanup_free_ char *p = NULL;
93 sd_id128_t machine;
94 struct statvfs ss;
95 uint64_t sum = 0, ss_avail = 0, avail = 0;
96 int r;
97 _cleanup_closedir_ DIR *d = NULL;
98 usec_t ts;
99 const char *f;
100 JournalMetrics *m;
101
102 ts = now(CLOCK_MONOTONIC);
103
104 if (s->cached_available_space_timestamp + RECHECK_AVAILABLE_SPACE_USEC > ts
105 && !verbose)
106 return s->cached_available_space;
107
108 r = sd_id128_get_machine(&machine);
109 if (r < 0)
110 return 0;
111
112 if (s->system_journal) {
113 f = "/var/log/journal/";
114 m = &s->system_metrics;
115 } else {
116 f = "/run/log/journal/";
117 m = &s->runtime_metrics;
118 }
119
120 assert(m);
121
122 p = strappend(f, sd_id128_to_string(machine, ids));
123 if (!p)
124 return 0;
125
126 d = opendir(p);
127 if (!d)
128 return 0;
129
130 if (fstatvfs(dirfd(d), &ss) < 0)
131 return 0;
132
133 for (;;) {
134 struct stat st;
135 struct dirent *de;
136
137 errno = 0;
138 de = readdir(d);
139 if (!de && errno != 0)
140 return 0;
141
142 if (!de)
143 break;
144
145 if (!endswith(de->d_name, ".journal") &&
146 !endswith(de->d_name, ".journal~"))
147 continue;
148
149 if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0)
150 continue;
151
152 if (!S_ISREG(st.st_mode))
153 continue;
154
155 sum += (uint64_t) st.st_blocks * 512UL;
156 }
157
158 ss_avail = ss.f_bsize * ss.f_bavail;
159
160 /* If we reached a high mark, we will always allow this much
161 * again, unless usage goes above max_use. This watermark
162 * value is cached so that we don't give up space on pressure,
163 * but hover below the maximum usage. */
164
165 if (m->use < sum)
166 m->use = sum;
167
168 avail = LESS_BY(ss_avail, m->keep_free);
169
170 s->cached_available_space = LESS_BY(MIN(m->max_use, avail), sum);
171 s->cached_available_space_timestamp = ts;
172
173 if (verbose) {
174 char fb1[FORMAT_BYTES_MAX], fb2[FORMAT_BYTES_MAX], fb3[FORMAT_BYTES_MAX],
175 fb4[FORMAT_BYTES_MAX], fb5[FORMAT_BYTES_MAX];
176
177 server_driver_message(s, SD_MESSAGE_JOURNAL_USAGE,
178 "%s journal is using %s (max allowed %s, "
179 "trying to leave %s free of %s available → current limit %s).",
180 s->system_journal ? "Permanent" : "Runtime",
181 format_bytes(fb1, sizeof(fb1), sum),
182 format_bytes(fb2, sizeof(fb2), m->max_use),
183 format_bytes(fb3, sizeof(fb3), m->keep_free),
184 format_bytes(fb4, sizeof(fb4), ss_avail),
185 format_bytes(fb5, sizeof(fb5), s->cached_available_space + sum));
186 }
187
188 return s->cached_available_space;
189 }
190
191 void server_fix_perms(Server *s, JournalFile *f, uid_t uid) {
192 int r;
193 #ifdef HAVE_ACL
194 acl_t acl;
195 acl_entry_t entry;
196 acl_permset_t permset;
197 #endif
198
199 assert(f);
200
201 r = fchmod(f->fd, 0640);
202 if (r < 0)
203 log_warning_errno(r, "Failed to fix access mode on %s, ignoring: %m", f->path);
204
205 #ifdef HAVE_ACL
206 if (uid <= SYSTEM_UID_MAX)
207 return;
208
209 acl = acl_get_fd(f->fd);
210 if (!acl) {
211 log_warning_errno(errno, "Failed to read ACL on %s, ignoring: %m", f->path);
212 return;
213 }
214
215 r = acl_find_uid(acl, uid, &entry);
216 if (r <= 0) {
217
218 if (acl_create_entry(&acl, &entry) < 0 ||
219 acl_set_tag_type(entry, ACL_USER) < 0 ||
220 acl_set_qualifier(entry, &uid) < 0) {
221 log_warning_errno(errno, "Failed to patch ACL on %s, ignoring: %m", f->path);
222 goto finish;
223 }
224 }
225
226 /* We do not recalculate the mask unconditionally here,
227 * so that the fchmod() mask above stays intact. */
228 if (acl_get_permset(entry, &permset) < 0 ||
229 acl_add_perm(permset, ACL_READ) < 0 ||
230 calc_acl_mask_if_needed(&acl) < 0) {
231 log_warning_errno(errno, "Failed to patch ACL on %s, ignoring: %m", f->path);
232 goto finish;
233 }
234
235 if (acl_set_fd(f->fd, acl) < 0)
236 log_warning_errno(errno, "Failed to set ACL on %s, ignoring: %m", f->path);
237
238 finish:
239 acl_free(acl);
240 #endif
241 }
242
243 static JournalFile* find_journal(Server *s, uid_t uid) {
244 _cleanup_free_ char *p = NULL;
245 int r;
246 JournalFile *f;
247 sd_id128_t machine;
248
249 assert(s);
250
251 /* We split up user logs only on /var, not on /run. If the
252 * runtime file is open, we write to it exclusively, in order
253 * to guarantee proper order as soon as we flush /run to
254 * /var and close the runtime file. */
255
256 if (s->runtime_journal)
257 return s->runtime_journal;
258
259 if (uid <= SYSTEM_UID_MAX)
260 return s->system_journal;
261
262 r = sd_id128_get_machine(&machine);
263 if (r < 0)
264 return s->system_journal;
265
266 f = ordered_hashmap_get(s->user_journals, UINT32_TO_PTR(uid));
267 if (f)
268 return f;
269
270 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/user-"UID_FMT".journal",
271 SD_ID128_FORMAT_VAL(machine), uid) < 0)
272 return s->system_journal;
273
274 while (ordered_hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
275 /* Too many open? Then let's close one */
276 f = ordered_hashmap_steal_first(s->user_journals);
277 assert(f);
278 journal_file_close(f);
279 }
280
281 r = journal_file_open_reliably(p, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &f);
282 if (r < 0)
283 return s->system_journal;
284
285 server_fix_perms(s, f, uid);
286
287 r = ordered_hashmap_put(s->user_journals, UINT32_TO_PTR(uid), f);
288 if (r < 0) {
289 journal_file_close(f);
290 return s->system_journal;
291 }
292
293 return f;
294 }
295
296 static int do_rotate(
297 Server *s,
298 JournalFile **f,
299 const char* name,
300 bool seal,
301 uint32_t uid) {
302
303 int r;
304 assert(s);
305
306 if (!*f)
307 return -EINVAL;
308
309 r = journal_file_rotate(f, s->compress, seal);
310 if (r < 0)
311 if (*f)
312 log_error_errno(r, "Failed to rotate %s: %m", (*f)->path);
313 else
314 log_error_errno(r, "Failed to create new %s journal: %m", name);
315 else
316 server_fix_perms(s, *f, uid);
317
318 return r;
319 }
320
321 void server_rotate(Server *s) {
322 JournalFile *f;
323 void *k;
324 Iterator i;
325 int r;
326
327 log_debug("Rotating...");
328
329 do_rotate(s, &s->runtime_journal, "runtime", false, 0);
330 do_rotate(s, &s->system_journal, "system", s->seal, 0);
331
332 ORDERED_HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
333 r = do_rotate(s, &f, "user", s->seal, PTR_TO_UINT32(k));
334 if (r >= 0)
335 ordered_hashmap_replace(s->user_journals, k, f);
336 else if (!f)
337 /* Old file has been closed and deallocated */
338 ordered_hashmap_remove(s->user_journals, k);
339 }
340 }
341
342 void server_sync(Server *s) {
343 JournalFile *f;
344 void *k;
345 Iterator i;
346 int r;
347
348 if (s->system_journal) {
349 r = journal_file_set_offline(s->system_journal);
350 if (r < 0)
351 log_error_errno(r, "Failed to sync system journal: %m");
352 }
353
354 ORDERED_HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
355 r = journal_file_set_offline(f);
356 if (r < 0)
357 log_error_errno(r, "Failed to sync user journal: %m");
358 }
359
360 if (s->sync_event_source) {
361 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_OFF);
362 if (r < 0)
363 log_error_errno(r, "Failed to disable sync timer source: %m");
364 }
365
366 s->sync_scheduled = false;
367 }
368
369 static void do_vacuum(
370 Server *s,
371 const char *id,
372 JournalFile *f,
373 const char* path,
374 JournalMetrics *metrics) {
375
376 const char *p;
377 int r;
378
379 if (!f)
380 return;
381
382 p = strjoina(path, id);
383 r = journal_directory_vacuum(p, metrics->max_use, s->max_retention_usec, &s->oldest_file_usec, false);
384 if (r < 0 && r != -ENOENT)
385 log_error_errno(r, "Failed to vacuum %s: %m", p);
386 }
387
388 void server_vacuum(Server *s) {
389 char ids[33];
390 sd_id128_t machine;
391 int r;
392
393 log_debug("Vacuuming...");
394
395 s->oldest_file_usec = 0;
396
397 r = sd_id128_get_machine(&machine);
398 if (r < 0) {
399 log_error_errno(r, "Failed to get machine ID: %m");
400 return;
401 }
402 sd_id128_to_string(machine, ids);
403
404 do_vacuum(s, ids, s->system_journal, "/var/log/journal/", &s->system_metrics);
405 do_vacuum(s, ids, s->runtime_journal, "/run/log/journal/", &s->runtime_metrics);
406
407 s->cached_available_space_timestamp = 0;
408 }
409
410 static void server_cache_machine_id(Server *s) {
411 sd_id128_t id;
412 int r;
413
414 assert(s);
415
416 r = sd_id128_get_machine(&id);
417 if (r < 0)
418 return;
419
420 sd_id128_to_string(id, stpcpy(s->machine_id_field, "_MACHINE_ID="));
421 }
422
423 static void server_cache_boot_id(Server *s) {
424 sd_id128_t id;
425 int r;
426
427 assert(s);
428
429 r = sd_id128_get_boot(&id);
430 if (r < 0)
431 return;
432
433 sd_id128_to_string(id, stpcpy(s->boot_id_field, "_BOOT_ID="));
434 }
435
436 static void server_cache_hostname(Server *s) {
437 _cleanup_free_ char *t = NULL;
438 char *x;
439
440 assert(s);
441
442 t = gethostname_malloc();
443 if (!t)
444 return;
445
446 x = strappend("_HOSTNAME=", t);
447 if (!x)
448 return;
449
450 free(s->hostname_field);
451 s->hostname_field = x;
452 }
453
454 static bool shall_try_append_again(JournalFile *f, int r) {
455
456 /* -E2BIG Hit configured limit
457 -EFBIG Hit fs limit
458 -EDQUOT Quota limit hit
459 -ENOSPC Disk full
460 -EIO I/O error of some kind (mmap)
461 -EHOSTDOWN Other machine
462 -EBUSY Unclean shutdown
463 -EPROTONOSUPPORT Unsupported feature
464 -EBADMSG Corrupted
465 -ENODATA Truncated
466 -ESHUTDOWN Already archived
467 -EIDRM Journal file has been deleted */
468
469 if (r == -E2BIG || r == -EFBIG || r == -EDQUOT || r == -ENOSPC)
470 log_debug("%s: Allocation limit reached, rotating.", f->path);
471 else if (r == -EHOSTDOWN)
472 log_info("%s: Journal file from other machine, rotating.", f->path);
473 else if (r == -EBUSY)
474 log_info("%s: Unclean shutdown, rotating.", f->path);
475 else if (r == -EPROTONOSUPPORT)
476 log_info("%s: Unsupported feature, rotating.", f->path);
477 else if (r == -EBADMSG || r == -ENODATA || r == ESHUTDOWN)
478 log_warning("%s: Journal file corrupted, rotating.", f->path);
479 else if (r == -EIO)
480 log_warning("%s: IO error, rotating.", f->path);
481 else if (r == -EIDRM)
482 log_warning("%s: Journal file has been deleted, rotating.", f->path);
483 else
484 return false;
485
486 return true;
487 }
488
489 static void write_to_journal(Server *s, uid_t uid, struct iovec *iovec, unsigned n, int priority) {
490 JournalFile *f;
491 bool vacuumed = false;
492 int r;
493
494 assert(s);
495 assert(iovec);
496 assert(n > 0);
497
498 f = find_journal(s, uid);
499 if (!f)
500 return;
501
502 if (journal_file_rotate_suggested(f, s->max_file_usec)) {
503 log_debug("%s: Journal header limits reached or header out-of-date, rotating.", f->path);
504 server_rotate(s);
505 server_vacuum(s);
506 vacuumed = true;
507
508 f = find_journal(s, uid);
509 if (!f)
510 return;
511 }
512
513 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
514 if (r >= 0) {
515 server_schedule_sync(s, priority);
516 return;
517 }
518
519 if (vacuumed || !shall_try_append_again(f, r)) {
520 log_error_errno(r, "Failed to write entry (%d items, %zu bytes), ignoring: %m", n, IOVEC_TOTAL_SIZE(iovec, n));
521 return;
522 }
523
524 server_rotate(s);
525 server_vacuum(s);
526
527 f = find_journal(s, uid);
528 if (!f)
529 return;
530
531 log_debug("Retrying write.");
532 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
533 if (r < 0)
534 log_error_errno(r, "Failed to write entry (%d items, %zu bytes) despite vacuuming, ignoring: %m", n, IOVEC_TOTAL_SIZE(iovec, n));
535 else
536 server_schedule_sync(s, priority);
537 }
538
539 static void dispatch_message_real(
540 Server *s,
541 struct iovec *iovec, unsigned n, unsigned m,
542 const struct ucred *ucred,
543 const struct timeval *tv,
544 const char *label, size_t label_len,
545 const char *unit_id,
546 int priority,
547 pid_t object_pid) {
548
549 char pid[sizeof("_PID=") + DECIMAL_STR_MAX(pid_t)],
550 uid[sizeof("_UID=") + DECIMAL_STR_MAX(uid_t)],
551 gid[sizeof("_GID=") + DECIMAL_STR_MAX(gid_t)],
552 owner_uid[sizeof("_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)],
553 source_time[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)],
554 o_uid[sizeof("OBJECT_UID=") + DECIMAL_STR_MAX(uid_t)],
555 o_gid[sizeof("OBJECT_GID=") + DECIMAL_STR_MAX(gid_t)],
556 o_owner_uid[sizeof("OBJECT_SYSTEMD_OWNER_UID=") + DECIMAL_STR_MAX(uid_t)];
557 uid_t object_uid;
558 gid_t object_gid;
559 char *x;
560 int r;
561 char *t, *c;
562 uid_t realuid = 0, owner = 0, journal_uid;
563 bool owner_valid = false;
564 #ifdef HAVE_AUDIT
565 char audit_session[sizeof("_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
566 audit_loginuid[sizeof("_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)],
567 o_audit_session[sizeof("OBJECT_AUDIT_SESSION=") + DECIMAL_STR_MAX(uint32_t)],
568 o_audit_loginuid[sizeof("OBJECT_AUDIT_LOGINUID=") + DECIMAL_STR_MAX(uid_t)];
569
570 uint32_t audit;
571 uid_t loginuid;
572 #endif
573
574 assert(s);
575 assert(iovec);
576 assert(n > 0);
577 assert(n + N_IOVEC_META_FIELDS + (object_pid ? N_IOVEC_OBJECT_FIELDS : 0) <= m);
578
579 if (ucred) {
580 realuid = ucred->uid;
581
582 sprintf(pid, "_PID="PID_FMT, ucred->pid);
583 IOVEC_SET_STRING(iovec[n++], pid);
584
585 sprintf(uid, "_UID="UID_FMT, ucred->uid);
586 IOVEC_SET_STRING(iovec[n++], uid);
587
588 sprintf(gid, "_GID="GID_FMT, ucred->gid);
589 IOVEC_SET_STRING(iovec[n++], gid);
590
591 r = get_process_comm(ucred->pid, &t);
592 if (r >= 0) {
593 x = strjoina("_COMM=", t);
594 free(t);
595 IOVEC_SET_STRING(iovec[n++], x);
596 }
597
598 r = get_process_exe(ucred->pid, &t);
599 if (r >= 0) {
600 x = strjoina("_EXE=", t);
601 free(t);
602 IOVEC_SET_STRING(iovec[n++], x);
603 }
604
605 r = get_process_cmdline(ucred->pid, 0, false, &t);
606 if (r >= 0) {
607 x = strjoina("_CMDLINE=", t);
608 free(t);
609 IOVEC_SET_STRING(iovec[n++], x);
610 }
611
612 r = get_process_capeff(ucred->pid, &t);
613 if (r >= 0) {
614 x = strjoina("_CAP_EFFECTIVE=", t);
615 free(t);
616 IOVEC_SET_STRING(iovec[n++], x);
617 }
618
619 #ifdef HAVE_AUDIT
620 r = audit_session_from_pid(ucred->pid, &audit);
621 if (r >= 0) {
622 sprintf(audit_session, "_AUDIT_SESSION=%"PRIu32, audit);
623 IOVEC_SET_STRING(iovec[n++], audit_session);
624 }
625
626 r = audit_loginuid_from_pid(ucred->pid, &loginuid);
627 if (r >= 0) {
628 sprintf(audit_loginuid, "_AUDIT_LOGINUID="UID_FMT, loginuid);
629 IOVEC_SET_STRING(iovec[n++], audit_loginuid);
630 }
631 #endif
632
633 r = cg_pid_get_path_shifted(ucred->pid, s->cgroup_root, &c);
634 if (r >= 0) {
635 char *session = NULL;
636
637 x = strjoina("_SYSTEMD_CGROUP=", c);
638 IOVEC_SET_STRING(iovec[n++], x);
639
640 r = cg_path_get_session(c, &t);
641 if (r >= 0) {
642 session = strjoina("_SYSTEMD_SESSION=", t);
643 free(t);
644 IOVEC_SET_STRING(iovec[n++], session);
645 }
646
647 if (cg_path_get_owner_uid(c, &owner) >= 0) {
648 owner_valid = true;
649
650 sprintf(owner_uid, "_SYSTEMD_OWNER_UID="UID_FMT, owner);
651 IOVEC_SET_STRING(iovec[n++], owner_uid);
652 }
653
654 if (cg_path_get_unit(c, &t) >= 0) {
655 x = strjoina("_SYSTEMD_UNIT=", t);
656 free(t);
657 IOVEC_SET_STRING(iovec[n++], x);
658 } else if (unit_id && !session) {
659 x = strjoina("_SYSTEMD_UNIT=", unit_id);
660 IOVEC_SET_STRING(iovec[n++], x);
661 }
662
663 if (cg_path_get_user_unit(c, &t) >= 0) {
664 x = strjoina("_SYSTEMD_USER_UNIT=", t);
665 free(t);
666 IOVEC_SET_STRING(iovec[n++], x);
667 } else if (unit_id && session) {
668 x = strjoina("_SYSTEMD_USER_UNIT=", unit_id);
669 IOVEC_SET_STRING(iovec[n++], x);
670 }
671
672 if (cg_path_get_slice(c, &t) >= 0) {
673 x = strjoina("_SYSTEMD_SLICE=", t);
674 free(t);
675 IOVEC_SET_STRING(iovec[n++], x);
676 }
677
678 free(c);
679 } else if (unit_id) {
680 x = strjoina("_SYSTEMD_UNIT=", unit_id);
681 IOVEC_SET_STRING(iovec[n++], x);
682 }
683
684 #ifdef HAVE_SELINUX
685 if (mac_selinux_use()) {
686 if (label) {
687 x = alloca(strlen("_SELINUX_CONTEXT=") + label_len + 1);
688
689 *((char*) mempcpy(stpcpy(x, "_SELINUX_CONTEXT="), label, label_len)) = 0;
690 IOVEC_SET_STRING(iovec[n++], x);
691 } else {
692 security_context_t con;
693
694 if (getpidcon(ucred->pid, &con) >= 0) {
695 x = strjoina("_SELINUX_CONTEXT=", con);
696
697 freecon(con);
698 IOVEC_SET_STRING(iovec[n++], x);
699 }
700 }
701 }
702 #endif
703 }
704 assert(n <= m);
705
706 if (object_pid) {
707 r = get_process_uid(object_pid, &object_uid);
708 if (r >= 0) {
709 sprintf(o_uid, "OBJECT_UID="UID_FMT, object_uid);
710 IOVEC_SET_STRING(iovec[n++], o_uid);
711 }
712
713 r = get_process_gid(object_pid, &object_gid);
714 if (r >= 0) {
715 sprintf(o_gid, "OBJECT_GID="GID_FMT, object_gid);
716 IOVEC_SET_STRING(iovec[n++], o_gid);
717 }
718
719 r = get_process_comm(object_pid, &t);
720 if (r >= 0) {
721 x = strjoina("OBJECT_COMM=", t);
722 free(t);
723 IOVEC_SET_STRING(iovec[n++], x);
724 }
725
726 r = get_process_exe(object_pid, &t);
727 if (r >= 0) {
728 x = strjoina("OBJECT_EXE=", t);
729 free(t);
730 IOVEC_SET_STRING(iovec[n++], x);
731 }
732
733 r = get_process_cmdline(object_pid, 0, false, &t);
734 if (r >= 0) {
735 x = strjoina("OBJECT_CMDLINE=", t);
736 free(t);
737 IOVEC_SET_STRING(iovec[n++], x);
738 }
739
740 #ifdef HAVE_AUDIT
741 r = audit_session_from_pid(object_pid, &audit);
742 if (r >= 0) {
743 sprintf(o_audit_session, "OBJECT_AUDIT_SESSION=%"PRIu32, audit);
744 IOVEC_SET_STRING(iovec[n++], o_audit_session);
745 }
746
747 r = audit_loginuid_from_pid(object_pid, &loginuid);
748 if (r >= 0) {
749 sprintf(o_audit_loginuid, "OBJECT_AUDIT_LOGINUID="UID_FMT, loginuid);
750 IOVEC_SET_STRING(iovec[n++], o_audit_loginuid);
751 }
752 #endif
753
754 r = cg_pid_get_path_shifted(object_pid, s->cgroup_root, &c);
755 if (r >= 0) {
756 x = strjoina("OBJECT_SYSTEMD_CGROUP=", c);
757 IOVEC_SET_STRING(iovec[n++], x);
758
759 r = cg_path_get_session(c, &t);
760 if (r >= 0) {
761 x = strjoina("OBJECT_SYSTEMD_SESSION=", t);
762 free(t);
763 IOVEC_SET_STRING(iovec[n++], x);
764 }
765
766 if (cg_path_get_owner_uid(c, &owner) >= 0) {
767 sprintf(o_owner_uid, "OBJECT_SYSTEMD_OWNER_UID="UID_FMT, owner);
768 IOVEC_SET_STRING(iovec[n++], o_owner_uid);
769 }
770
771 if (cg_path_get_unit(c, &t) >= 0) {
772 x = strjoina("OBJECT_SYSTEMD_UNIT=", t);
773 free(t);
774 IOVEC_SET_STRING(iovec[n++], x);
775 }
776
777 if (cg_path_get_user_unit(c, &t) >= 0) {
778 x = strjoina("OBJECT_SYSTEMD_USER_UNIT=", t);
779 free(t);
780 IOVEC_SET_STRING(iovec[n++], x);
781 }
782
783 free(c);
784 }
785 }
786 assert(n <= m);
787
788 if (tv) {
789 sprintf(source_time, "_SOURCE_REALTIME_TIMESTAMP=%llu", (unsigned long long) timeval_load(tv));
790 IOVEC_SET_STRING(iovec[n++], source_time);
791 }
792
793 /* Note that strictly speaking storing the boot id here is
794 * redundant since the entry includes this in-line
795 * anyway. However, we need this indexed, too. */
796 if (!isempty(s->boot_id_field))
797 IOVEC_SET_STRING(iovec[n++], s->boot_id_field);
798
799 if (!isempty(s->machine_id_field))
800 IOVEC_SET_STRING(iovec[n++], s->machine_id_field);
801
802 if (!isempty(s->hostname_field))
803 IOVEC_SET_STRING(iovec[n++], s->hostname_field);
804
805 assert(n <= m);
806
807 if (s->split_mode == SPLIT_UID && realuid > 0)
808 /* Split up strictly by any UID */
809 journal_uid = realuid;
810 else if (s->split_mode == SPLIT_LOGIN && realuid > 0 && owner_valid && owner > 0)
811 /* Split up by login UIDs. We do this only if the
812 * realuid is not root, in order not to accidentally
813 * leak privileged information to the user that is
814 * logged by a privileged process that is part of an
815 * unprivileged session. */
816 journal_uid = owner;
817 else
818 journal_uid = 0;
819
820 write_to_journal(s, journal_uid, iovec, n, priority);
821 }
822
823 void server_driver_message(Server *s, sd_id128_t message_id, const char *format, ...) {
824 char mid[11 + 32 + 1];
825 char buffer[16 + LINE_MAX + 1];
826 struct iovec iovec[N_IOVEC_META_FIELDS + 4];
827 int n = 0;
828 va_list ap;
829 struct ucred ucred = {};
830
831 assert(s);
832 assert(format);
833
834 IOVEC_SET_STRING(iovec[n++], "PRIORITY=6");
835 IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=driver");
836
837 memcpy(buffer, "MESSAGE=", 8);
838 va_start(ap, format);
839 vsnprintf(buffer + 8, sizeof(buffer) - 8, format, ap);
840 va_end(ap);
841 IOVEC_SET_STRING(iovec[n++], buffer);
842
843 if (!sd_id128_equal(message_id, SD_ID128_NULL)) {
844 snprintf(mid, sizeof(mid), LOG_MESSAGE_ID(message_id));
845 IOVEC_SET_STRING(iovec[n++], mid);
846 }
847
848 ucred.pid = getpid();
849 ucred.uid = getuid();
850 ucred.gid = getgid();
851
852 dispatch_message_real(s, iovec, n, ELEMENTSOF(iovec), &ucred, NULL, NULL, 0, NULL, LOG_INFO, 0);
853 }
854
855 void server_dispatch_message(
856 Server *s,
857 struct iovec *iovec, unsigned n, unsigned m,
858 const struct ucred *ucred,
859 const struct timeval *tv,
860 const char *label, size_t label_len,
861 const char *unit_id,
862 int priority,
863 pid_t object_pid) {
864
865 int rl, r;
866 _cleanup_free_ char *path = NULL;
867 char *c;
868
869 assert(s);
870 assert(iovec || n == 0);
871
872 if (n == 0)
873 return;
874
875 if (LOG_PRI(priority) > s->max_level_store)
876 return;
877
878 /* Stop early in case the information will not be stored
879 * in a journal. */
880 if (s->storage == STORAGE_NONE)
881 return;
882
883 if (!ucred)
884 goto finish;
885
886 r = cg_pid_get_path_shifted(ucred->pid, s->cgroup_root, &path);
887 if (r < 0)
888 goto finish;
889
890 /* example: /user/lennart/3/foobar
891 * /system/dbus.service/foobar
892 *
893 * So let's cut of everything past the third /, since that is
894 * where user directories start */
895
896 c = strchr(path, '/');
897 if (c) {
898 c = strchr(c+1, '/');
899 if (c) {
900 c = strchr(c+1, '/');
901 if (c)
902 *c = 0;
903 }
904 }
905
906 rl = journal_rate_limit_test(s->rate_limit, path,
907 priority & LOG_PRIMASK, available_space(s, false));
908
909 if (rl == 0)
910 return;
911
912 /* Write a suppression message if we suppressed something */
913 if (rl > 1)
914 server_driver_message(s, SD_MESSAGE_JOURNAL_DROPPED,
915 "Suppressed %u messages from %s", rl - 1, path);
916
917 finish:
918 dispatch_message_real(s, iovec, n, m, ucred, tv, label, label_len, unit_id, priority, object_pid);
919 }
920
921
922 static int system_journal_open(Server *s, bool flush_requested) {
923 int r;
924 char *fn;
925 sd_id128_t machine;
926 char ids[33];
927
928 r = sd_id128_get_machine(&machine);
929 if (r < 0)
930 return log_error_errno(r, "Failed to get machine id: %m");
931
932 sd_id128_to_string(machine, ids);
933
934 if (!s->system_journal &&
935 (s->storage == STORAGE_PERSISTENT || s->storage == STORAGE_AUTO) &&
936 (flush_requested
937 || access("/run/systemd/journal/flushed", F_OK) >= 0)) {
938
939 /* If in auto mode: first try to create the machine
940 * path, but not the prefix.
941 *
942 * If in persistent mode: create /var/log/journal and
943 * the machine path */
944
945 if (s->storage == STORAGE_PERSISTENT)
946 (void) mkdir_p("/var/log/journal/", 0755);
947
948 fn = strjoina("/var/log/journal/", ids);
949 (void) mkdir(fn, 0755);
950
951 fn = strjoina(fn, "/system.journal");
952 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &s->system_journal);
953
954 if (r >= 0)
955 server_fix_perms(s, s->system_journal, 0);
956 else if (r < 0) {
957 if (r != -ENOENT && r != -EROFS)
958 log_warning_errno(r, "Failed to open system journal: %m");
959
960 r = 0;
961 }
962 }
963
964 if (!s->runtime_journal &&
965 (s->storage != STORAGE_NONE)) {
966
967 fn = strjoin("/run/log/journal/", ids, "/system.journal", NULL);
968 if (!fn)
969 return -ENOMEM;
970
971 if (s->system_journal) {
972
973 /* Try to open the runtime journal, but only
974 * if it already exists, so that we can flush
975 * it into the system journal */
976
977 r = journal_file_open(fn, O_RDWR, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
978 free(fn);
979
980 if (r < 0) {
981 if (r != -ENOENT)
982 log_warning_errno(r, "Failed to open runtime journal: %m");
983
984 r = 0;
985 }
986
987 } else {
988
989 /* OK, we really need the runtime journal, so create
990 * it if necessary. */
991
992 (void) mkdir("/run/log", 0755);
993 (void) mkdir("/run/log/journal", 0755);
994 (void) mkdir_parents(fn, 0750);
995
996 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
997 free(fn);
998
999 if (r < 0)
1000 return log_error_errno(r, "Failed to open runtime journal: %m");
1001 }
1002
1003 if (s->runtime_journal)
1004 server_fix_perms(s, s->runtime_journal, 0);
1005 }
1006
1007 available_space(s, true);
1008
1009 return r;
1010 }
1011
1012 int server_flush_to_var(Server *s) {
1013 sd_id128_t machine;
1014 sd_journal *j = NULL;
1015 char ts[FORMAT_TIMESPAN_MAX];
1016 usec_t start;
1017 unsigned n = 0;
1018 int r;
1019
1020 assert(s);
1021
1022 if (s->storage != STORAGE_AUTO &&
1023 s->storage != STORAGE_PERSISTENT)
1024 return 0;
1025
1026 if (!s->runtime_journal)
1027 return 0;
1028
1029 system_journal_open(s, true);
1030
1031 if (!s->system_journal)
1032 return 0;
1033
1034 log_debug("Flushing to /var...");
1035
1036 start = now(CLOCK_MONOTONIC);
1037
1038 r = sd_id128_get_machine(&machine);
1039 if (r < 0)
1040 return r;
1041
1042 r = sd_journal_open(&j, SD_JOURNAL_RUNTIME_ONLY);
1043 if (r < 0)
1044 return log_error_errno(r, "Failed to read runtime journal: %m");
1045
1046 sd_journal_set_data_threshold(j, 0);
1047
1048 SD_JOURNAL_FOREACH(j) {
1049 Object *o = NULL;
1050 JournalFile *f;
1051
1052 f = j->current_file;
1053 assert(f && f->current_offset > 0);
1054
1055 n++;
1056
1057 r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
1058 if (r < 0) {
1059 log_error_errno(r, "Can't read entry: %m");
1060 goto finish;
1061 }
1062
1063 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
1064 if (r >= 0)
1065 continue;
1066
1067 if (!shall_try_append_again(s->system_journal, r)) {
1068 log_error_errno(r, "Can't write entry: %m");
1069 goto finish;
1070 }
1071
1072 server_rotate(s);
1073 server_vacuum(s);
1074
1075 if (!s->system_journal) {
1076 log_notice("Didn't flush runtime journal since rotation of system journal wasn't successful.");
1077 r = -EIO;
1078 goto finish;
1079 }
1080
1081 log_debug("Retrying write.");
1082 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
1083 if (r < 0) {
1084 log_error_errno(r, "Can't write entry: %m");
1085 goto finish;
1086 }
1087 }
1088
1089 finish:
1090 journal_file_post_change(s->system_journal);
1091
1092 journal_file_close(s->runtime_journal);
1093 s->runtime_journal = NULL;
1094
1095 if (r >= 0)
1096 (void) rm_rf("/run/log/journal", REMOVE_ROOT);
1097
1098 sd_journal_close(j);
1099
1100 server_driver_message(s, SD_ID128_NULL, "Time spent on flushing to /var is %s for %u entries.", format_timespan(ts, sizeof(ts), now(CLOCK_MONOTONIC) - start, 0), n);
1101
1102 return r;
1103 }
1104
1105 int server_process_datagram(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
1106 Server *s = userdata;
1107 struct ucred *ucred = NULL;
1108 struct timeval *tv = NULL;
1109 struct cmsghdr *cmsg;
1110 char *label = NULL;
1111 size_t label_len = 0, m;
1112 struct iovec iovec;
1113 ssize_t n;
1114 int *fds = NULL, v = 0;
1115 unsigned n_fds = 0;
1116
1117 union {
1118 struct cmsghdr cmsghdr;
1119
1120 /* We use NAME_MAX space for the SELinux label
1121 * here. The kernel currently enforces no
1122 * limit, but according to suggestions from
1123 * the SELinux people this will change and it
1124 * will probably be identical to NAME_MAX. For
1125 * now we use that, but this should be updated
1126 * one day when the final limit is known. */
1127 uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
1128 CMSG_SPACE(sizeof(struct timeval)) +
1129 CMSG_SPACE(sizeof(int)) + /* fd */
1130 CMSG_SPACE(NAME_MAX)]; /* selinux label */
1131 } control = {};
1132
1133 union sockaddr_union sa = {};
1134
1135 struct msghdr msghdr = {
1136 .msg_iov = &iovec,
1137 .msg_iovlen = 1,
1138 .msg_control = &control,
1139 .msg_controllen = sizeof(control),
1140 .msg_name = &sa,
1141 .msg_namelen = sizeof(sa),
1142 };
1143
1144 assert(s);
1145 assert(fd == s->native_fd || fd == s->syslog_fd || fd == s->audit_fd);
1146
1147 if (revents != EPOLLIN) {
1148 log_error("Got invalid event from epoll for datagram fd: %"PRIx32, revents);
1149 return -EIO;
1150 }
1151
1152 /* Try to get the right size, if we can. (Not all
1153 * sockets support SIOCINQ, hence we just try, but
1154 * don't rely on it. */
1155 (void) ioctl(fd, SIOCINQ, &v);
1156
1157 /* Fix it up, if it is too small. We use the same fixed value as auditd here. Awful! */
1158 m = PAGE_ALIGN(MAX3((size_t) v + 1,
1159 (size_t) LINE_MAX,
1160 ALIGN(sizeof(struct nlmsghdr)) + ALIGN((size_t) MAX_AUDIT_MESSAGE_LENGTH)) + 1);
1161
1162 if (!GREEDY_REALLOC(s->buffer, s->buffer_size, m))
1163 return log_oom();
1164
1165 iovec.iov_base = s->buffer;
1166 iovec.iov_len = s->buffer_size - 1; /* Leave room for trailing NUL we add later */
1167
1168 n = recvmsg(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
1169 if (n < 0) {
1170 if (errno == EINTR || errno == EAGAIN)
1171 return 0;
1172
1173 return log_error_errno(errno, "recvmsg() failed: %m");
1174 }
1175
1176 CMSG_FOREACH(cmsg, &msghdr) {
1177
1178 if (cmsg->cmsg_level == SOL_SOCKET &&
1179 cmsg->cmsg_type == SCM_CREDENTIALS &&
1180 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
1181 ucred = (struct ucred*) CMSG_DATA(cmsg);
1182 else if (cmsg->cmsg_level == SOL_SOCKET &&
1183 cmsg->cmsg_type == SCM_SECURITY) {
1184 label = (char*) CMSG_DATA(cmsg);
1185 label_len = cmsg->cmsg_len - CMSG_LEN(0);
1186 } else if (cmsg->cmsg_level == SOL_SOCKET &&
1187 cmsg->cmsg_type == SO_TIMESTAMP &&
1188 cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval)))
1189 tv = (struct timeval*) CMSG_DATA(cmsg);
1190 else if (cmsg->cmsg_level == SOL_SOCKET &&
1191 cmsg->cmsg_type == SCM_RIGHTS) {
1192 fds = (int*) CMSG_DATA(cmsg);
1193 n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
1194 }
1195 }
1196
1197 /* And a trailing NUL, just in case */
1198 s->buffer[n] = 0;
1199
1200 if (fd == s->syslog_fd) {
1201 if (n > 0 && n_fds == 0)
1202 server_process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len);
1203 else if (n_fds > 0)
1204 log_warning("Got file descriptors via syslog socket. Ignoring.");
1205
1206 } else if (fd == s->native_fd) {
1207 if (n > 0 && n_fds == 0)
1208 server_process_native_message(s, s->buffer, n, ucred, tv, label, label_len);
1209 else if (n == 0 && n_fds == 1)
1210 server_process_native_file(s, fds[0], ucred, tv, label, label_len);
1211 else if (n_fds > 0)
1212 log_warning("Got too many file descriptors via native socket. Ignoring.");
1213
1214 } else {
1215 assert(fd == s->audit_fd);
1216
1217 if (n > 0 && n_fds == 0)
1218 server_process_audit_message(s, s->buffer, n, ucred, &sa, msghdr.msg_namelen);
1219 else if (n_fds > 0)
1220 log_warning("Got file descriptors via audit socket. Ignoring.");
1221 }
1222
1223 close_many(fds, n_fds);
1224 return 0;
1225 }
1226
1227 static int dispatch_sigusr1(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1228 Server *s = userdata;
1229
1230 assert(s);
1231
1232 log_info("Received request to flush runtime journal from PID %"PRIu32, si->ssi_pid);
1233
1234 server_flush_to_var(s);
1235 server_sync(s);
1236 server_vacuum(s);
1237
1238 touch("/run/systemd/journal/flushed");
1239
1240 return 0;
1241 }
1242
1243 static int dispatch_sigusr2(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1244 Server *s = userdata;
1245
1246 assert(s);
1247
1248 log_info("Received request to rotate journal from PID %"PRIu32, si->ssi_pid);
1249 server_rotate(s);
1250 server_vacuum(s);
1251
1252 return 0;
1253 }
1254
1255 static int dispatch_sigterm(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1256 Server *s = userdata;
1257
1258 assert(s);
1259
1260 log_received_signal(LOG_INFO, si);
1261
1262 sd_event_exit(s->event, 0);
1263 return 0;
1264 }
1265
1266 static int setup_signals(Server *s) {
1267 int r;
1268
1269 assert(s);
1270
1271 assert(sigprocmask_many(SIG_SETMASK, NULL, SIGINT, SIGTERM, SIGUSR1, SIGUSR2, -1) >= 0);
1272
1273 r = sd_event_add_signal(s->event, &s->sigusr1_event_source, SIGUSR1, dispatch_sigusr1, s);
1274 if (r < 0)
1275 return r;
1276
1277 r = sd_event_add_signal(s->event, &s->sigusr2_event_source, SIGUSR2, dispatch_sigusr2, s);
1278 if (r < 0)
1279 return r;
1280
1281 r = sd_event_add_signal(s->event, &s->sigterm_event_source, SIGTERM, dispatch_sigterm, s);
1282 if (r < 0)
1283 return r;
1284
1285 r = sd_event_add_signal(s->event, &s->sigint_event_source, SIGINT, dispatch_sigterm, s);
1286 if (r < 0)
1287 return r;
1288
1289 return 0;
1290 }
1291
1292 static int server_parse_proc_cmdline(Server *s) {
1293 _cleanup_free_ char *line = NULL;
1294 const char *w, *state;
1295 size_t l;
1296 int r;
1297
1298 r = proc_cmdline(&line);
1299 if (r < 0) {
1300 log_warning_errno(r, "Failed to read /proc/cmdline, ignoring: %m");
1301 return 0;
1302 }
1303
1304 FOREACH_WORD_QUOTED(w, l, line, state) {
1305 _cleanup_free_ char *word;
1306
1307 word = strndup(w, l);
1308 if (!word)
1309 return -ENOMEM;
1310
1311 if (startswith(word, "systemd.journald.forward_to_syslog=")) {
1312 r = parse_boolean(word + 35);
1313 if (r < 0)
1314 log_warning("Failed to parse forward to syslog switch %s. Ignoring.", word + 35);
1315 else
1316 s->forward_to_syslog = r;
1317 } else if (startswith(word, "systemd.journald.forward_to_kmsg=")) {
1318 r = parse_boolean(word + 33);
1319 if (r < 0)
1320 log_warning("Failed to parse forward to kmsg switch %s. Ignoring.", word + 33);
1321 else
1322 s->forward_to_kmsg = r;
1323 } else if (startswith(word, "systemd.journald.forward_to_console=")) {
1324 r = parse_boolean(word + 36);
1325 if (r < 0)
1326 log_warning("Failed to parse forward to console switch %s. Ignoring.", word + 36);
1327 else
1328 s->forward_to_console = r;
1329 } else if (startswith(word, "systemd.journald.forward_to_wall=")) {
1330 r = parse_boolean(word + 33);
1331 if (r < 0)
1332 log_warning("Failed to parse forward to wall switch %s. Ignoring.", word + 33);
1333 else
1334 s->forward_to_wall = r;
1335 } else if (startswith(word, "systemd.journald"))
1336 log_warning("Invalid systemd.journald parameter. Ignoring.");
1337 }
1338 /* do not warn about state here, since probably systemd already did */
1339
1340 return 0;
1341 }
1342
1343 static int server_parse_config_file(Server *s) {
1344 assert(s);
1345
1346 return config_parse_many("/etc/systemd/journald.conf",
1347 CONF_DIRS_NULSTR("systemd/journald.conf"),
1348 "Journal\0",
1349 config_item_perf_lookup, journald_gperf_lookup,
1350 false, s);
1351 }
1352
1353 static int server_dispatch_sync(sd_event_source *es, usec_t t, void *userdata) {
1354 Server *s = userdata;
1355
1356 assert(s);
1357
1358 server_sync(s);
1359 return 0;
1360 }
1361
1362 int server_schedule_sync(Server *s, int priority) {
1363 int r;
1364
1365 assert(s);
1366
1367 if (priority <= LOG_CRIT) {
1368 /* Immediately sync to disk when this is of priority CRIT, ALERT, EMERG */
1369 server_sync(s);
1370 return 0;
1371 }
1372
1373 if (s->sync_scheduled)
1374 return 0;
1375
1376 if (s->sync_interval_usec > 0) {
1377 usec_t when;
1378
1379 r = sd_event_now(s->event, CLOCK_MONOTONIC, &when);
1380 if (r < 0)
1381 return r;
1382
1383 when += s->sync_interval_usec;
1384
1385 if (!s->sync_event_source) {
1386 r = sd_event_add_time(
1387 s->event,
1388 &s->sync_event_source,
1389 CLOCK_MONOTONIC,
1390 when, 0,
1391 server_dispatch_sync, s);
1392 if (r < 0)
1393 return r;
1394
1395 r = sd_event_source_set_priority(s->sync_event_source, SD_EVENT_PRIORITY_IMPORTANT);
1396 } else {
1397 r = sd_event_source_set_time(s->sync_event_source, when);
1398 if (r < 0)
1399 return r;
1400
1401 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_ONESHOT);
1402 }
1403 if (r < 0)
1404 return r;
1405
1406 s->sync_scheduled = true;
1407 }
1408
1409 return 0;
1410 }
1411
1412 static int dispatch_hostname_change(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
1413 Server *s = userdata;
1414
1415 assert(s);
1416
1417 server_cache_hostname(s);
1418 return 0;
1419 }
1420
1421 static int server_open_hostname(Server *s) {
1422 int r;
1423
1424 assert(s);
1425
1426 s->hostname_fd = open("/proc/sys/kernel/hostname", O_RDONLY|O_CLOEXEC|O_NDELAY|O_NOCTTY);
1427 if (s->hostname_fd < 0)
1428 return log_error_errno(errno, "Failed to open /proc/sys/kernel/hostname: %m");
1429
1430 r = sd_event_add_io(s->event, &s->hostname_event_source, s->hostname_fd, 0, dispatch_hostname_change, s);
1431 if (r < 0) {
1432 /* kernels prior to 3.2 don't support polling this file. Ignore
1433 * the failure. */
1434 if (r == -EPERM) {
1435 log_warning("Failed to register hostname fd in event loop: %s. Ignoring.",
1436 strerror(-r));
1437 s->hostname_fd = safe_close(s->hostname_fd);
1438 return 0;
1439 }
1440
1441 return log_error_errno(r, "Failed to register hostname fd in event loop: %m");
1442 }
1443
1444 r = sd_event_source_set_priority(s->hostname_event_source, SD_EVENT_PRIORITY_IMPORTANT-10);
1445 if (r < 0)
1446 return log_error_errno(r, "Failed to adjust priority of host name event source: %m");
1447
1448 return 0;
1449 }
1450
1451 int server_init(Server *s) {
1452 _cleanup_fdset_free_ FDSet *fds = NULL;
1453 int n, r, fd;
1454
1455 assert(s);
1456
1457 zero(*s);
1458 s->syslog_fd = s->native_fd = s->stdout_fd = s->dev_kmsg_fd = s->audit_fd = s->hostname_fd = -1;
1459 s->compress = true;
1460 s->seal = true;
1461
1462 s->sync_interval_usec = DEFAULT_SYNC_INTERVAL_USEC;
1463 s->sync_scheduled = false;
1464
1465 s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL;
1466 s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST;
1467
1468 s->forward_to_wall = true;
1469
1470 s->max_file_usec = DEFAULT_MAX_FILE_USEC;
1471
1472 s->max_level_store = LOG_DEBUG;
1473 s->max_level_syslog = LOG_DEBUG;
1474 s->max_level_kmsg = LOG_NOTICE;
1475 s->max_level_console = LOG_INFO;
1476 s->max_level_wall = LOG_EMERG;
1477
1478 memset(&s->system_metrics, 0xFF, sizeof(s->system_metrics));
1479 memset(&s->runtime_metrics, 0xFF, sizeof(s->runtime_metrics));
1480
1481 server_parse_config_file(s);
1482 server_parse_proc_cmdline(s);
1483 if (!!s->rate_limit_interval ^ !!s->rate_limit_burst) {
1484 log_debug("Setting both rate limit interval and burst from "USEC_FMT",%u to 0,0",
1485 s->rate_limit_interval, s->rate_limit_burst);
1486 s->rate_limit_interval = s->rate_limit_burst = 0;
1487 }
1488
1489 mkdir_p("/run/systemd/journal", 0755);
1490
1491 s->user_journals = ordered_hashmap_new(NULL);
1492 if (!s->user_journals)
1493 return log_oom();
1494
1495 s->mmap = mmap_cache_new();
1496 if (!s->mmap)
1497 return log_oom();
1498
1499 r = sd_event_default(&s->event);
1500 if (r < 0)
1501 return log_error_errno(r, "Failed to create event loop: %m");
1502
1503 sd_event_set_watchdog(s->event, true);
1504
1505 n = sd_listen_fds(true);
1506 if (n < 0)
1507 return log_error_errno(n, "Failed to read listening file descriptors from environment: %m");
1508
1509 for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
1510
1511 if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/socket", 0) > 0) {
1512
1513 if (s->native_fd >= 0) {
1514 log_error("Too many native sockets passed.");
1515 return -EINVAL;
1516 }
1517
1518 s->native_fd = fd;
1519
1520 } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, "/run/systemd/journal/stdout", 0) > 0) {
1521
1522 if (s->stdout_fd >= 0) {
1523 log_error("Too many stdout sockets passed.");
1524 return -EINVAL;
1525 }
1526
1527 s->stdout_fd = fd;
1528
1529 } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0 ||
1530 sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/dev-log", 0) > 0) {
1531
1532 if (s->syslog_fd >= 0) {
1533 log_error("Too many /dev/log sockets passed.");
1534 return -EINVAL;
1535 }
1536
1537 s->syslog_fd = fd;
1538
1539 } else if (sd_is_socket(fd, AF_NETLINK, SOCK_RAW, -1) > 0) {
1540
1541 if (s->audit_fd >= 0) {
1542 log_error("Too many audit sockets passed.");
1543 return -EINVAL;
1544 }
1545
1546 s->audit_fd = fd;
1547
1548 } else {
1549
1550 if (!fds) {
1551 fds = fdset_new();
1552 if (!fds)
1553 return log_oom();
1554 }
1555
1556 r = fdset_put(fds, fd);
1557 if (r < 0)
1558 return log_oom();
1559 }
1560 }
1561
1562 r = server_open_stdout_socket(s, fds);
1563 if (r < 0)
1564 return r;
1565
1566 if (fdset_size(fds) > 0) {
1567 log_warning("%u unknown file descriptors passed, closing.", fdset_size(fds));
1568 fds = fdset_free(fds);
1569 }
1570
1571 r = server_open_syslog_socket(s);
1572 if (r < 0)
1573 return r;
1574
1575 r = server_open_native_socket(s);
1576 if (r < 0)
1577 return r;
1578
1579 r = server_open_dev_kmsg(s);
1580 if (r < 0)
1581 return r;
1582
1583 r = server_open_audit(s);
1584 if (r < 0)
1585 return r;
1586
1587 r = server_open_kernel_seqnum(s);
1588 if (r < 0)
1589 return r;
1590
1591 r = server_open_hostname(s);
1592 if (r < 0)
1593 return r;
1594
1595 r = setup_signals(s);
1596 if (r < 0)
1597 return r;
1598
1599 s->udev = udev_new();
1600 if (!s->udev)
1601 return -ENOMEM;
1602
1603 s->rate_limit = journal_rate_limit_new(s->rate_limit_interval, s->rate_limit_burst);
1604 if (!s->rate_limit)
1605 return -ENOMEM;
1606
1607 r = cg_get_root_path(&s->cgroup_root);
1608 if (r < 0)
1609 return r;
1610
1611 server_cache_hostname(s);
1612 server_cache_boot_id(s);
1613 server_cache_machine_id(s);
1614
1615 r = system_journal_open(s, false);
1616 if (r < 0)
1617 return r;
1618
1619 return 0;
1620 }
1621
1622 void server_maybe_append_tags(Server *s) {
1623 #ifdef HAVE_GCRYPT
1624 JournalFile *f;
1625 Iterator i;
1626 usec_t n;
1627
1628 n = now(CLOCK_REALTIME);
1629
1630 if (s->system_journal)
1631 journal_file_maybe_append_tag(s->system_journal, n);
1632
1633 ORDERED_HASHMAP_FOREACH(f, s->user_journals, i)
1634 journal_file_maybe_append_tag(f, n);
1635 #endif
1636 }
1637
1638 void server_done(Server *s) {
1639 JournalFile *f;
1640 assert(s);
1641
1642 while (s->stdout_streams)
1643 stdout_stream_free(s->stdout_streams);
1644
1645 if (s->system_journal)
1646 journal_file_close(s->system_journal);
1647
1648 if (s->runtime_journal)
1649 journal_file_close(s->runtime_journal);
1650
1651 while ((f = ordered_hashmap_steal_first(s->user_journals)))
1652 journal_file_close(f);
1653
1654 ordered_hashmap_free(s->user_journals);
1655
1656 sd_event_source_unref(s->syslog_event_source);
1657 sd_event_source_unref(s->native_event_source);
1658 sd_event_source_unref(s->stdout_event_source);
1659 sd_event_source_unref(s->dev_kmsg_event_source);
1660 sd_event_source_unref(s->audit_event_source);
1661 sd_event_source_unref(s->sync_event_source);
1662 sd_event_source_unref(s->sigusr1_event_source);
1663 sd_event_source_unref(s->sigusr2_event_source);
1664 sd_event_source_unref(s->sigterm_event_source);
1665 sd_event_source_unref(s->sigint_event_source);
1666 sd_event_source_unref(s->hostname_event_source);
1667 sd_event_unref(s->event);
1668
1669 safe_close(s->syslog_fd);
1670 safe_close(s->native_fd);
1671 safe_close(s->stdout_fd);
1672 safe_close(s->dev_kmsg_fd);
1673 safe_close(s->audit_fd);
1674 safe_close(s->hostname_fd);
1675
1676 if (s->rate_limit)
1677 journal_rate_limit_free(s->rate_limit);
1678
1679 if (s->kernel_seqnum)
1680 munmap(s->kernel_seqnum, sizeof(uint64_t));
1681
1682 free(s->buffer);
1683 free(s->tty_path);
1684 free(s->cgroup_root);
1685 free(s->hostname_field);
1686
1687 if (s->mmap)
1688 mmap_cache_unref(s->mmap);
1689
1690 if (s->udev)
1691 udev_unref(s->udev);
1692 }
Unnamed repository; edit this file 'description' to name the repository.