1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #if HAVE_SELINUX
4 #include <selinux/selinux.h>
5 #endif
6 #include <sys/ioctl.h>
7 #include <sys/mman.h>
8 #include <sys/signalfd.h>
9 #include <sys/statvfs.h>
10 #include <linux/sockios.h>
11
12 #include "sd-daemon.h"
13 #include "sd-journal.h"
14 #include "sd-messages.h"
15
16 #include "acl-util.h"
17 #include "alloc-util.h"
18 #include "audit-util.h"
19 #include "cgroup-util.h"
20 #include "conf-parser.h"
21 #include "dirent-util.h"
22 #include "extract-word.h"
23 #include "fd-util.h"
24 #include "fileio.h"
25 #include "format-util.h"
26 #include "fs-util.h"
27 #include "hashmap.h"
28 #include "hostname-util.h"
29 #include "id128-util.h"
30 #include "io-util.h"
31 #include "journal-authenticate.h"
32 #include "journal-internal.h"
33 #include "journal-vacuum.h"
34 #include "journald-audit.h"
35 #include "journald-context.h"
36 #include "journald-kmsg.h"
37 #include "journald-native.h"
38 #include "journald-rate-limit.h"
39 #include "journald-server.h"
40 #include "journald-stream.h"
41 #include "journald-syslog.h"
42 #include "log.h"
43 #include "missing_audit.h"
44 #include "mkdir.h"
45 #include "parse-util.h"
46 #include "path-util.h"
47 #include "proc-cmdline.h"
48 #include "process-util.h"
49 #include "rm-rf.h"
50 #include "selinux-util.h"
51 #include "signal-util.h"
52 #include "socket-util.h"
53 #include "stdio-util.h"
54 #include "string-table.h"
55 #include "string-util.h"
56 #include "syslog-util.h"
57 #include "uid-alloc-range.h"
58 #include "user-util.h"
59
60 #define USER_JOURNALS_MAX 1024
61
62 #define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
63 #define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC)
64 #define DEFAULT_RATE_LIMIT_BURST 10000
65 #define DEFAULT_MAX_FILE_USEC USEC_PER_MONTH
66
67 #define DEFAULT_KMSG_OWN_INTERVAL (5 * USEC_PER_SEC)
68 #define DEFAULT_KMSG_OWN_BURST 50
69
70 #define RECHECK_SPACE_USEC (30*USEC_PER_SEC)
71
72 #define NOTIFY_SNDBUF_SIZE (8*1024*1024)
73
74 /* The period to insert between posting changes for coalescing */
75 #define POST_CHANGE_TIMER_INTERVAL_USEC (250*USEC_PER_MSEC)
76
77 /* Pick a good default that is likely to fit into AF_UNIX and AF_INET SOCK_DGRAM datagrams, and even leaves some room
78 * for a bit of additional metadata. */
79 #define DEFAULT_LINE_MAX (48*1024)
80
81 #define DEFERRED_CLOSES_MAX (4096)
82
83 #define IDLE_TIMEOUT_USEC (30*USEC_PER_SEC)
84
determine_path_usage(Server * s,const char * path,uint64_t * ret_used,uint64_t * ret_free)85 static int determine_path_usage(
86 Server *s,
87 const char *path,
88 uint64_t *ret_used,
89 uint64_t *ret_free) {
90
91 _cleanup_closedir_ DIR *d = NULL;
92 struct statvfs ss;
93
94 assert(s);
95 assert(path);
96 assert(ret_used);
97 assert(ret_free);
98
99 d = opendir(path);
100 if (!d)
101 return log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR,
102 errno, "Failed to open %s: %m", path);
103
104 if (fstatvfs(dirfd(d), &ss) < 0)
105 return log_error_errno(errno, "Failed to fstatvfs(%s): %m", path);
106
107 *ret_free = ss.f_bsize * ss.f_bavail;
108 *ret_used = 0;
109 FOREACH_DIRENT_ALL(de, d, break) {
110 struct stat st;
111
112 if (!endswith(de->d_name, ".journal") &&
113 !endswith(de->d_name, ".journal~"))
114 continue;
115
116 if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
117 log_debug_errno(errno, "Failed to stat %s/%s, ignoring: %m", path, de->d_name);
118 continue;
119 }
120
121 if (!S_ISREG(st.st_mode))
122 continue;
123
124 *ret_used += (uint64_t) st.st_blocks * 512UL;
125 }
126
127 return 0;
128 }
129
cache_space_invalidate(JournalStorageSpace * space)130 static void cache_space_invalidate(JournalStorageSpace *space) {
131 zero(*space);
132 }
133
cache_space_refresh(Server * s,JournalStorage * storage)134 static int cache_space_refresh(Server *s, JournalStorage *storage) {
135 JournalStorageSpace *space;
136 JournalMetrics *metrics;
137 uint64_t vfs_used, vfs_avail, avail;
138 usec_t ts;
139 int r;
140
141 assert(s);
142
143 metrics = &storage->metrics;
144 space = &storage->space;
145
146 ts = now(CLOCK_MONOTONIC);
147
148 if (space->timestamp != 0 && usec_add(space->timestamp, RECHECK_SPACE_USEC) > ts)
149 return 0;
150
151 r = determine_path_usage(s, storage->path, &vfs_used, &vfs_avail);
152 if (r < 0)
153 return r;
154
155 space->vfs_used = vfs_used;
156 space->vfs_available = vfs_avail;
157
158 avail = LESS_BY(vfs_avail, metrics->keep_free);
159
160 space->limit = CLAMP(vfs_used + avail, metrics->min_use, metrics->max_use);
161 space->available = LESS_BY(space->limit, vfs_used);
162 space->timestamp = ts;
163 return 1;
164 }
165
patch_min_use(JournalStorage * storage)166 static void patch_min_use(JournalStorage *storage) {
167 assert(storage);
168
169 /* Let's bump the min_use limit to the current usage on disk. We do
170 * this when starting up and first opening the journal files. This way
171 * sudden spikes in disk usage will not cause journald to vacuum files
172 * without bounds. Note that this means that only a restart of journald
173 * will make it reset this value. */
174
175 storage->metrics.min_use = MAX(storage->metrics.min_use, storage->space.vfs_used);
176 }
177
server_current_storage(Server * s)178 static JournalStorage* server_current_storage(Server *s) {
179 assert(s);
180
181 return s->system_journal ? &s->system_storage : &s->runtime_storage;
182 }
183
determine_space(Server * s,uint64_t * available,uint64_t * limit)184 static int determine_space(Server *s, uint64_t *available, uint64_t *limit) {
185 JournalStorage *js;
186 int r;
187
188 assert(s);
189
190 js = server_current_storage(s);
191
192 r = cache_space_refresh(s, js);
193 if (r >= 0) {
194 if (available)
195 *available = js->space.available;
196 if (limit)
197 *limit = js->space.limit;
198 }
199 return r;
200 }
201
server_space_usage_message(Server * s,JournalStorage * storage)202 void server_space_usage_message(Server *s, JournalStorage *storage) {
203 assert(s);
204
205 if (!storage)
206 storage = server_current_storage(s);
207
208 if (cache_space_refresh(s, storage) < 0)
209 return;
210
211 const JournalMetrics *metrics = &storage->metrics;
212
213 server_driver_message(s, 0,
214 "MESSAGE_ID=" SD_MESSAGE_JOURNAL_USAGE_STR,
215 LOG_MESSAGE("%s (%s) is %s, max %s, %s free.",
216 storage->name, storage->path,
217 FORMAT_BYTES(storage->space.vfs_used),
218 FORMAT_BYTES(storage->space.limit),
219 FORMAT_BYTES(storage->space.available)),
220 "JOURNAL_NAME=%s", storage->name,
221 "JOURNAL_PATH=%s", storage->path,
222 "CURRENT_USE=%"PRIu64, storage->space.vfs_used,
223 "CURRENT_USE_PRETTY=%s", FORMAT_BYTES(storage->space.vfs_used),
224 "MAX_USE=%"PRIu64, metrics->max_use,
225 "MAX_USE_PRETTY=%s", FORMAT_BYTES(metrics->max_use),
226 "DISK_KEEP_FREE=%"PRIu64, metrics->keep_free,
227 "DISK_KEEP_FREE_PRETTY=%s", FORMAT_BYTES(metrics->keep_free),
228 "DISK_AVAILABLE=%"PRIu64, storage->space.vfs_available,
229 "DISK_AVAILABLE_PRETTY=%s", FORMAT_BYTES(storage->space.vfs_available),
230 "LIMIT=%"PRIu64, storage->space.limit,
231 "LIMIT_PRETTY=%s", FORMAT_BYTES(storage->space.limit),
232 "AVAILABLE=%"PRIu64, storage->space.available,
233 "AVAILABLE_PRETTY=%s", FORMAT_BYTES(storage->space.available),
234 NULL);
235 }
236
uid_for_system_journal(uid_t uid)237 static bool uid_for_system_journal(uid_t uid) {
238
239 /* Returns true if the specified UID shall get its data stored in the system journal. */
240
241 return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY;
242 }
243
server_add_acls(ManagedJournalFile * f,uid_t uid)244 static void server_add_acls(ManagedJournalFile *f, uid_t uid) {
245 assert(f);
246
247 #if HAVE_ACL
248 int r;
249
250 if (uid_for_system_journal(uid))
251 return;
252
253 r = fd_add_uid_acl_permission(f->file->fd, uid, ACL_READ);
254 if (r < 0)
255 log_warning_errno(r, "Failed to set ACL on %s, ignoring: %m", f->file->path);
256 #endif
257 }
258
open_journal(Server * s,bool reliably,const char * fname,int open_flags,bool seal,JournalMetrics * metrics,ManagedJournalFile ** ret)259 static int open_journal(
260 Server *s,
261 bool reliably,
262 const char *fname,
263 int open_flags,
264 bool seal,
265 JournalMetrics *metrics,
266 ManagedJournalFile **ret) {
267
268 _cleanup_(managed_journal_file_closep) ManagedJournalFile *f = NULL;
269 JournalFileFlags file_flags;
270 int r;
271
272 assert(s);
273 assert(fname);
274 assert(ret);
275
276 file_flags = (s->compress.enabled ? JOURNAL_COMPRESS : 0) | (seal ? JOURNAL_SEAL : 0);
277
278 if (reliably)
279 r = managed_journal_file_open_reliably(
280 fname,
281 open_flags,
282 file_flags,
283 0640,
284 s->compress.threshold_bytes,
285 metrics,
286 s->mmap,
287 s->deferred_closes,
288 NULL,
289 &f);
290 else
291 r = managed_journal_file_open(
292 -1,
293 fname,
294 open_flags,
295 file_flags,
296 0640,
297 s->compress.threshold_bytes,
298 metrics,
299 s->mmap,
300 s->deferred_closes,
301 NULL,
302 &f);
303
304 if (r < 0)
305 return r;
306
307 r = journal_file_enable_post_change_timer(f->file, s->event, POST_CHANGE_TIMER_INTERVAL_USEC);
308 if (r < 0)
309 return r;
310
311 *ret = TAKE_PTR(f);
312 return r;
313 }
314
flushed_flag_is_set(Server * s)315 static bool flushed_flag_is_set(Server *s) {
316 const char *fn;
317
318 assert(s);
319
320 /* We don't support the "flushing" concept for namespace instances, we assume them to always have
321 * access to /var */
322 if (s->namespace)
323 return true;
324
325 fn = strjoina(s->runtime_directory, "/flushed");
326 return access(fn, F_OK) >= 0;
327 }
328
system_journal_open(Server * s,bool flush_requested,bool relinquish_requested)329 static int system_journal_open(Server *s, bool flush_requested, bool relinquish_requested) {
330 const char *fn;
331 int r = 0;
332
333 if (!s->system_journal &&
334 IN_SET(s->storage, STORAGE_PERSISTENT, STORAGE_AUTO) &&
335 (flush_requested || flushed_flag_is_set(s)) &&
336 !relinquish_requested) {
337
338 /* If in auto mode: first try to create the machine path, but not the prefix.
339 *
340 * If in persistent mode: create /var/log/journal and the machine path */
341
342 if (s->storage == STORAGE_PERSISTENT)
343 (void) mkdir_parents(s->system_storage.path, 0755);
344
345 (void) mkdir(s->system_storage.path, 0755);
346
347 fn = strjoina(s->system_storage.path, "/system.journal");
348 r = open_journal(s, true, fn, O_RDWR|O_CREAT, s->seal, &s->system_storage.metrics, &s->system_journal);
349 if (r >= 0) {
350 server_add_acls(s->system_journal, 0);
351 (void) cache_space_refresh(s, &s->system_storage);
352 patch_min_use(&s->system_storage);
353 } else {
354 if (!IN_SET(r, -ENOENT, -EROFS))
355 log_warning_errno(r, "Failed to open system journal: %m");
356
357 r = 0;
358 }
359
360 /* If the runtime journal is open, and we're post-flush, we're recovering from a failed
361 * system journal rotate (ENOSPC) for which the runtime journal was reopened.
362 *
363 * Perform an implicit flush to var, leaving the runtime journal closed, now that the system
364 * journal is back.
365 */
366 if (!flush_requested)
367 (void) server_flush_to_var(s, true);
368 }
369
370 if (!s->runtime_journal &&
371 (s->storage != STORAGE_NONE)) {
372
373 fn = strjoina(s->runtime_storage.path, "/system.journal");
374
375 if (s->system_journal && !relinquish_requested) {
376
377 /* Try to open the runtime journal, but only
378 * if it already exists, so that we can flush
379 * it into the system journal */
380
381 r = open_journal(s, false, fn, O_RDWR, false, &s->runtime_storage.metrics, &s->runtime_journal);
382 if (r < 0) {
383 if (r != -ENOENT)
384 log_warning_errno(r, "Failed to open runtime journal: %m");
385
386 r = 0;
387 }
388
389 } else {
390
391 /* OK, we really need the runtime journal, so create it if necessary. */
392
393 (void) mkdir_parents(s->runtime_storage.path, 0755);
394 (void) mkdir(s->runtime_storage.path, 0750);
395
396 r = open_journal(s, true, fn, O_RDWR|O_CREAT, false, &s->runtime_storage.metrics, &s->runtime_journal);
397 if (r < 0)
398 return log_error_errno(r, "Failed to open runtime journal: %m");
399 }
400
401 if (s->runtime_journal) {
402 server_add_acls(s->runtime_journal, 0);
403 (void) cache_space_refresh(s, &s->runtime_storage);
404 patch_min_use(&s->runtime_storage);
405 }
406 }
407
408 return r;
409 }
410
find_journal(Server * s,uid_t uid)411 static ManagedJournalFile* find_journal(Server *s, uid_t uid) {
412 _cleanup_free_ char *p = NULL;
413 ManagedJournalFile *f;
414 int r;
415
416 assert(s);
417
418 /* A rotate that fails to create the new journal (ENOSPC) leaves the rotated journal as NULL. Unless
419 * we revisit opening, even after space is made available we'll continue to return NULL indefinitely.
420 *
421 * system_journal_open() is a noop if the journals are already open, so we can just call it here to
422 * recover from failed rotates (or anything else that's left the journals as NULL).
423 *
424 * Fixes https://github.com/systemd/systemd/issues/3968 */
425 (void) system_journal_open(s, false, false);
426
427 /* We split up user logs only on /var, not on /run. If the runtime file is open, we write to it
428 * exclusively, in order to guarantee proper order as soon as we flush /run to /var and close the
429 * runtime file. */
430
431 if (s->runtime_journal)
432 return s->runtime_journal;
433
434 /* If we are not in persistent mode, then we need return NULL immediately rather than opening a
435 * persistent journal of any sort.
436 *
437 * Fixes https://github.com/systemd/systemd/issues/20390 */
438 if (!IN_SET(s->storage, STORAGE_AUTO, STORAGE_PERSISTENT))
439 return NULL;
440
441 if (uid_for_system_journal(uid))
442 return s->system_journal;
443
444 f = ordered_hashmap_get(s->user_journals, UID_TO_PTR(uid));
445 if (f)
446 return f;
447
448 if (asprintf(&p, "%s/user-" UID_FMT ".journal", s->system_storage.path, uid) < 0) {
449 log_oom();
450 return s->system_journal;
451 }
452
453 /* Too many open? Then let's close one (or more) */
454 while (ordered_hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
455 assert_se(f = ordered_hashmap_steal_first(s->user_journals));
456 (void) managed_journal_file_close(f);
457 }
458
459 r = open_journal(s, true, p, O_RDWR|O_CREAT, s->seal, &s->system_storage.metrics, &f);
460 if (r < 0)
461 return s->system_journal;
462
463 r = ordered_hashmap_put(s->user_journals, UID_TO_PTR(uid), f);
464 if (r < 0) {
465 (void) managed_journal_file_close(f);
466 return s->system_journal;
467 }
468
469 server_add_acls(f, uid);
470 return f;
471 }
472
do_rotate(Server * s,ManagedJournalFile ** f,const char * name,bool seal,uint32_t uid)473 static int do_rotate(
474 Server *s,
475 ManagedJournalFile **f,
476 const char* name,
477 bool seal,
478 uint32_t uid) {
479
480 JournalFileFlags file_flags;
481 int r;
482
483 assert(s);
484
485 if (!*f)
486 return -EINVAL;
487
488 file_flags =
489 (s->compress.enabled ? JOURNAL_COMPRESS : 0)|
490 (seal ? JOURNAL_SEAL : 0);
491
492 r = managed_journal_file_rotate(f, s->mmap, file_flags, s->compress.threshold_bytes, s->deferred_closes);
493 if (r < 0) {
494 if (*f)
495 return log_error_errno(r, "Failed to rotate %s: %m", (*f)->file->path);
496 else
497 return log_error_errno(r, "Failed to create new %s journal: %m", name);
498 }
499
500 server_add_acls(*f, uid);
501 return r;
502 }
503
server_process_deferred_closes(Server * s)504 static void server_process_deferred_closes(Server *s) {
505 ManagedJournalFile *f;
506
507 /* Perform any deferred closes which aren't still offlining. */
508 SET_FOREACH(f, s->deferred_closes) {
509 if (managed_journal_file_is_offlining(f))
510 continue;
511
512 (void) set_remove(s->deferred_closes, f);
513 (void) managed_journal_file_close(f);
514 }
515 }
516
server_vacuum_deferred_closes(Server * s)517 static void server_vacuum_deferred_closes(Server *s) {
518 assert(s);
519
520 /* Make some room in the deferred closes list, so that it doesn't grow without bounds */
521 if (set_size(s->deferred_closes) < DEFERRED_CLOSES_MAX)
522 return;
523
524 /* Let's first remove all journal files that might already have completed closing */
525 server_process_deferred_closes(s);
526
527 /* And now, let's close some more until we reach the limit again. */
528 while (set_size(s->deferred_closes) >= DEFERRED_CLOSES_MAX) {
529 ManagedJournalFile *f;
530
531 assert_se(f = set_steal_first(s->deferred_closes));
532 managed_journal_file_close(f);
533 }
534 }
535
vacuum_offline_user_journals(Server * s)536 static int vacuum_offline_user_journals(Server *s) {
537 _cleanup_closedir_ DIR *d = NULL;
538 int r;
539
540 assert(s);
541
542 d = opendir(s->system_storage.path);
543 if (!d) {
544 if (errno == ENOENT)
545 return 0;
546
547 return log_error_errno(errno, "Failed to open %s: %m", s->system_storage.path);
548 }
549
550 for (;;) {
551 _cleanup_free_ char *u = NULL, *full = NULL;
552 _cleanup_close_ int fd = -1;
553 const char *a, *b;
554 struct dirent *de;
555 ManagedJournalFile *f;
556 uid_t uid;
557
558 errno = 0;
559 de = readdir_no_dot(d);
560 if (!de) {
561 if (errno != 0)
562 log_warning_errno(errno, "Failed to enumerate %s, ignoring: %m", s->system_storage.path);
563
564 break;
565 }
566
567 a = startswith(de->d_name, "user-");
568 if (!a)
569 continue;
570 b = endswith(de->d_name, ".journal");
571 if (!b)
572 continue;
573
574 u = strndup(a, b-a);
575 if (!u)
576 return log_oom();
577
578 r = parse_uid(u, &uid);
579 if (r < 0) {
580 log_debug_errno(r, "Failed to parse UID from file name '%s', ignoring: %m", de->d_name);
581 continue;
582 }
583
584 /* Already rotated in the above loop? i.e. is it an open user journal? */
585 if (ordered_hashmap_contains(s->user_journals, UID_TO_PTR(uid)))
586 continue;
587
588 full = path_join(s->system_storage.path, de->d_name);
589 if (!full)
590 return log_oom();
591
592 fd = openat(dirfd(d), de->d_name, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW|O_NONBLOCK);
593 if (fd < 0) {
594 log_full_errno(IN_SET(errno, ELOOP, ENOENT) ? LOG_DEBUG : LOG_WARNING, errno,
595 "Failed to open journal file '%s' for rotation: %m", full);
596 continue;
597 }
598
599 /* Make some room in the set of deferred close()s */
600 server_vacuum_deferred_closes(s);
601
602 /* Open the file briefly, so that we can archive it */
603 r = managed_journal_file_open(
604 fd,
605 full,
606 O_RDWR,
607 (s->compress.enabled ? JOURNAL_COMPRESS : 0) |
608 (s->seal ? JOURNAL_SEAL : 0),
609 0640,
610 s->compress.threshold_bytes,
611 &s->system_storage.metrics,
612 s->mmap,
613 s->deferred_closes,
614 NULL,
615 &f);
616 if (r < 0) {
617 log_warning_errno(r, "Failed to read journal file %s for rotation, trying to move it out of the way: %m", full);
618
619 r = journal_file_dispose(dirfd(d), de->d_name);
620 if (r < 0)
621 log_warning_errno(r, "Failed to move %s out of the way, ignoring: %m", full);
622 else
623 log_debug("Successfully moved %s out of the way.", full);
624
625 continue;
626 }
627
628 TAKE_FD(fd); /* Donated to managed_journal_file_open() */
629
630 r = journal_file_archive(f->file, NULL);
631 if (r < 0)
632 log_debug_errno(r, "Failed to archive journal file '%s', ignoring: %m", full);
633
634 managed_journal_file_initiate_close(f, s->deferred_closes);
635 f = NULL;
636 }
637
638 return 0;
639 }
640
server_rotate(Server * s)641 void server_rotate(Server *s) {
642 ManagedJournalFile *f;
643 void *k;
644 int r;
645
646 log_debug("Rotating...");
647
648 /* First, rotate the system journal (either in its runtime flavour or in its runtime flavour) */
649 (void) do_rotate(s, &s->runtime_journal, "runtime", false, 0);
650 (void) do_rotate(s, &s->system_journal, "system", s->seal, 0);
651
652 /* Then, rotate all user journals we have open (keeping them open) */
653 ORDERED_HASHMAP_FOREACH_KEY(f, k, s->user_journals) {
654 r = do_rotate(s, &f, "user", s->seal, PTR_TO_UID(k));
655 if (r >= 0)
656 ordered_hashmap_replace(s->user_journals, k, f);
657 else if (!f)
658 /* Old file has been closed and deallocated */
659 ordered_hashmap_remove(s->user_journals, k);
660 }
661
662 /* Finally, also rotate all user journals we currently do not have open. (But do so only if we
663 * actually have access to /var, i.e. are not in the log-to-runtime-journal mode). */
664 if (!s->runtime_journal)
665 (void) vacuum_offline_user_journals(s);
666
667 server_process_deferred_closes(s);
668 }
669
server_sync(Server * s)670 void server_sync(Server *s) {
671 ManagedJournalFile *f;
672 int r;
673
674 if (s->system_journal) {
675 r = managed_journal_file_set_offline(s->system_journal, false);
676 if (r < 0)
677 log_warning_errno(r, "Failed to sync system journal, ignoring: %m");
678 }
679
680 ORDERED_HASHMAP_FOREACH(f, s->user_journals) {
681 r = managed_journal_file_set_offline(f, false);
682 if (r < 0)
683 log_warning_errno(r, "Failed to sync user journal, ignoring: %m");
684 }
685
686 if (s->sync_event_source) {
687 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_OFF);
688 if (r < 0)
689 log_error_errno(r, "Failed to disable sync timer source: %m");
690 }
691
692 s->sync_scheduled = false;
693 }
694
do_vacuum(Server * s,JournalStorage * storage,bool verbose)695 static void do_vacuum(Server *s, JournalStorage *storage, bool verbose) {
696
697 int r;
698
699 assert(s);
700 assert(storage);
701
702 (void) cache_space_refresh(s, storage);
703
704 if (verbose)
705 server_space_usage_message(s, storage);
706
707 r = journal_directory_vacuum(storage->path, storage->space.limit,
708 storage->metrics.n_max_files, s->max_retention_usec,
709 &s->oldest_file_usec, verbose);
710 if (r < 0 && r != -ENOENT)
711 log_warning_errno(r, "Failed to vacuum %s, ignoring: %m", storage->path);
712
713 cache_space_invalidate(&storage->space);
714 }
715
server_vacuum(Server * s,bool verbose)716 int server_vacuum(Server *s, bool verbose) {
717 assert(s);
718
719 log_debug("Vacuuming...");
720
721 s->oldest_file_usec = 0;
722
723 if (s->system_journal)
724 do_vacuum(s, &s->system_storage, verbose);
725 if (s->runtime_journal)
726 do_vacuum(s, &s->runtime_storage, verbose);
727
728 return 0;
729 }
730
server_cache_machine_id(Server * s)731 static void server_cache_machine_id(Server *s) {
732 sd_id128_t id;
733 int r;
734
735 assert(s);
736
737 r = sd_id128_get_machine(&id);
738 if (r < 0)
739 return;
740
741 sd_id128_to_string(id, stpcpy(s->machine_id_field, "_MACHINE_ID="));
742 }
743
server_cache_boot_id(Server * s)744 static void server_cache_boot_id(Server *s) {
745 sd_id128_t id;
746 int r;
747
748 assert(s);
749
750 r = sd_id128_get_boot(&id);
751 if (r < 0)
752 return;
753
754 sd_id128_to_string(id, stpcpy(s->boot_id_field, "_BOOT_ID="));
755 }
756
server_cache_hostname(Server * s)757 static void server_cache_hostname(Server *s) {
758 _cleanup_free_ char *t = NULL;
759 char *x;
760
761 assert(s);
762
763 t = gethostname_malloc();
764 if (!t)
765 return;
766
767 x = strjoin("_HOSTNAME=", t);
768 if (!x)
769 return;
770
771 free_and_replace(s->hostname_field, x);
772 }
773
shall_try_append_again(JournalFile * f,int r)774 static bool shall_try_append_again(JournalFile *f, int r) {
775 switch (r) {
776
777 case -E2BIG: /* Hit configured limit */
778 case -EFBIG: /* Hit fs limit */
779 case -EDQUOT: /* Quota limit hit */
780 case -ENOSPC: /* Disk full */
781 log_debug("%s: Allocation limit reached, rotating.", f->path);
782 return true;
783
784 case -EIO: /* I/O error of some kind (mmap) */
785 log_warning("%s: IO error, rotating.", f->path);
786 return true;
787
788 case -EHOSTDOWN: /* Other machine */
789 log_info("%s: Journal file from other machine, rotating.", f->path);
790 return true;
791
792 case -EBUSY: /* Unclean shutdown */
793 log_info("%s: Unclean shutdown, rotating.", f->path);
794 return true;
795
796 case -EPROTONOSUPPORT: /* Unsupported feature */
797 log_info("%s: Unsupported feature, rotating.", f->path);
798 return true;
799
800 case -EBADMSG: /* Corrupted */
801 case -ENODATA: /* Truncated */
802 case -ESHUTDOWN: /* Already archived */
803 log_warning("%s: Journal file corrupted, rotating.", f->path);
804 return true;
805
806 case -EIDRM: /* Journal file has been deleted */
807 log_warning("%s: Journal file has been deleted, rotating.", f->path);
808 return true;
809
810 case -ETXTBSY: /* Journal file is from the future */
811 log_warning("%s: Journal file is from the future, rotating.", f->path);
812 return true;
813
814 case -EAFNOSUPPORT:
815 log_warning("%s: underlying file system does not support memory mapping or another required file system feature.", f->path);
816 return false;
817
818 default:
819 return false;
820 }
821 }
822
write_to_journal(Server * s,uid_t uid,struct iovec * iovec,size_t n,int priority)823 static void write_to_journal(Server *s, uid_t uid, struct iovec *iovec, size_t n, int priority) {
824 bool vacuumed = false, rotate = false;
825 struct dual_timestamp ts;
826 ManagedJournalFile *f;
827 int r;
828
829 assert(s);
830 assert(iovec);
831 assert(n > 0);
832
833 /* Get the closest, linearized time we have for this log event from the event loop. (Note that we do not use
834 * the source time, and not even the time the event was originally seen, but instead simply the time we started
835 * processing it, as we want strictly linear ordering in what we write out.) */
836 assert_se(sd_event_now(s->event, CLOCK_REALTIME, &ts.realtime) >= 0);
837 assert_se(sd_event_now(s->event, CLOCK_MONOTONIC, &ts.monotonic) >= 0);
838
839 if (ts.realtime < s->last_realtime_clock) {
840 /* When the time jumps backwards, let's immediately rotate. Of course, this should not happen during
841 * regular operation. However, when it does happen, then we should make sure that we start fresh files
842 * to ensure that the entries in the journal files are strictly ordered by time, in order to ensure
843 * bisection works correctly. */
844
845 log_info("Time jumped backwards, rotating.");
846 rotate = true;
847 } else {
848
849 f = find_journal(s, uid);
850 if (!f)
851 return;
852
853 if (journal_file_rotate_suggested(f->file, s->max_file_usec, LOG_INFO)) {
854 log_info("%s: Journal header limits reached or header out-of-date, rotating.", f->file->path);
855 rotate = true;
856 }
857 }
858
859 if (rotate) {
860 server_rotate(s);
861 server_vacuum(s, false);
862 vacuumed = true;
863
864 f = find_journal(s, uid);
865 if (!f)
866 return;
867 }
868
869 s->last_realtime_clock = ts.realtime;
870
871 r = journal_file_append_entry(f->file, &ts, NULL, iovec, n, &s->seqnum, NULL, NULL);
872 if (r >= 0) {
873 server_schedule_sync(s, priority);
874 return;
875 }
876
877 if (vacuumed || !shall_try_append_again(f->file, r)) {
878 log_error_errno(r, "Failed to write entry (%zu items, %zu bytes), ignoring: %m", n, IOVEC_TOTAL_SIZE(iovec, n));
879 return;
880 }
881
882 if (r == -E2BIG)
883 log_debug("Journal file %s is full, rotating to a new file", f->file->path);
884 else
885 log_info_errno(r, "Failed to write entry to %s (%zu items, %zu bytes), rotating before retrying: %m", f->file->path, n, IOVEC_TOTAL_SIZE(iovec, n));
886
887 server_rotate(s);
888 server_vacuum(s, false);
889
890 f = find_journal(s, uid);
891 if (!f)
892 return;
893
894 log_debug("Retrying write.");
895 r = journal_file_append_entry(f->file, &ts, NULL, iovec, n, &s->seqnum, NULL, NULL);
896 if (r < 0)
897 log_error_errno(r, "Failed to write entry to %s (%zu items, %zu bytes) despite vacuuming, ignoring: %m", f->file->path, n, IOVEC_TOTAL_SIZE(iovec, n));
898 else
899 server_schedule_sync(s, priority);
900 }
901
902 #define IOVEC_ADD_NUMERIC_FIELD(iovec, n, value, type, isset, format, field) \
903 if (isset(value)) { \
904 char *k; \
905 k = newa(char, STRLEN(field "=") + DECIMAL_STR_MAX(type) + 1); \
906 sprintf(k, field "=" format, value); \
907 iovec[n++] = IOVEC_MAKE_STRING(k); \
908 }
909
910 #define IOVEC_ADD_STRING_FIELD(iovec, n, value, field) \
911 if (!isempty(value)) { \
912 char *k; \
913 k = strjoina(field "=", value); \
914 iovec[n++] = IOVEC_MAKE_STRING(k); \
915 }
916
917 #define IOVEC_ADD_ID128_FIELD(iovec, n, value, field) \
918 if (!sd_id128_is_null(value)) { \
919 char *k; \
920 k = newa(char, STRLEN(field "=") + SD_ID128_STRING_MAX); \
921 sd_id128_to_string(value, stpcpy(k, field "=")); \
922 iovec[n++] = IOVEC_MAKE_STRING(k); \
923 }
924
925 #define IOVEC_ADD_SIZED_FIELD(iovec, n, value, value_size, field) \
926 if (value_size > 0) { \
927 char *k; \
928 k = newa(char, STRLEN(field "=") + value_size + 1); \
929 *((char*) mempcpy(stpcpy(k, field "="), value, value_size)) = 0; \
930 iovec[n++] = IOVEC_MAKE_STRING(k); \
931 } \
932
dispatch_message_real(Server * s,struct iovec * iovec,size_t n,size_t m,const ClientContext * c,const struct timeval * tv,int priority,pid_t object_pid)933 static void dispatch_message_real(
934 Server *s,
935 struct iovec *iovec, size_t n, size_t m,
936 const ClientContext *c,
937 const struct timeval *tv,
938 int priority,
939 pid_t object_pid) {
940
941 char source_time[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)];
942 _unused_ _cleanup_free_ char *cmdline1 = NULL, *cmdline2 = NULL;
943 uid_t journal_uid;
944 ClientContext *o;
945
946 assert(s);
947 assert(iovec);
948 assert(n > 0);
949 assert(n +
950 N_IOVEC_META_FIELDS +
951 (pid_is_valid(object_pid) ? N_IOVEC_OBJECT_FIELDS : 0) +
952 client_context_extra_fields_n_iovec(c) <= m);
953
954 if (c) {
955 IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->pid, pid_t, pid_is_valid, PID_FMT, "_PID");
956 IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->uid, uid_t, uid_is_valid, UID_FMT, "_UID");
957 IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->gid, gid_t, gid_is_valid, GID_FMT, "_GID");
958
959 IOVEC_ADD_STRING_FIELD(iovec, n, c->comm, "_COMM"); /* At most TASK_COMM_LENGTH (16 bytes) */
960 IOVEC_ADD_STRING_FIELD(iovec, n, c->exe, "_EXE"); /* A path, so at most PATH_MAX (4096 bytes) */
961
962 if (c->cmdline)
963 /* At most _SC_ARG_MAX (2MB usually), which is too much to put on stack.
964 * Let's use a heap allocation for this one. */
965 cmdline1 = set_iovec_string_field(iovec, &n, "_CMDLINE=", c->cmdline);
966
967 IOVEC_ADD_STRING_FIELD(iovec, n, c->capeff, "_CAP_EFFECTIVE"); /* Read from /proc/.../status */
968 IOVEC_ADD_SIZED_FIELD(iovec, n, c->label, c->label_size, "_SELINUX_CONTEXT");
969 IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->auditid, uint32_t, audit_session_is_valid, "%" PRIu32, "_AUDIT_SESSION");
970 IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->loginuid, uid_t, uid_is_valid, UID_FMT, "_AUDIT_LOGINUID");
971
972 IOVEC_ADD_STRING_FIELD(iovec, n, c->cgroup, "_SYSTEMD_CGROUP"); /* A path */
973 IOVEC_ADD_STRING_FIELD(iovec, n, c->session, "_SYSTEMD_SESSION");
974 IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->owner_uid, uid_t, uid_is_valid, UID_FMT, "_SYSTEMD_OWNER_UID");
975 IOVEC_ADD_STRING_FIELD(iovec, n, c->unit, "_SYSTEMD_UNIT"); /* Unit names are bounded by UNIT_NAME_MAX */
976 IOVEC_ADD_STRING_FIELD(iovec, n, c->user_unit, "_SYSTEMD_USER_UNIT");
977 IOVEC_ADD_STRING_FIELD(iovec, n, c->slice, "_SYSTEMD_SLICE");
978 IOVEC_ADD_STRING_FIELD(iovec, n, c->user_slice, "_SYSTEMD_USER_SLICE");
979
980 IOVEC_ADD_ID128_FIELD(iovec, n, c->invocation_id, "_SYSTEMD_INVOCATION_ID");
981
982 if (c->extra_fields_n_iovec > 0) {
983 memcpy(iovec + n, c->extra_fields_iovec, c->extra_fields_n_iovec * sizeof(struct iovec));
984 n += c->extra_fields_n_iovec;
985 }
986 }
987
988 assert(n <= m);
989
990 if (pid_is_valid(object_pid) && client_context_get(s, object_pid, NULL, NULL, 0, NULL, &o) >= 0) {
991
992 IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->pid, pid_t, pid_is_valid, PID_FMT, "OBJECT_PID");
993 IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->uid, uid_t, uid_is_valid, UID_FMT, "OBJECT_UID");
994 IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->gid, gid_t, gid_is_valid, GID_FMT, "OBJECT_GID");
995
996 /* See above for size limits, only ->cmdline may be large, so use a heap allocation for it. */
997 IOVEC_ADD_STRING_FIELD(iovec, n, o->comm, "OBJECT_COMM");
998 IOVEC_ADD_STRING_FIELD(iovec, n, o->exe, "OBJECT_EXE");
999 if (o->cmdline)
1000 cmdline2 = set_iovec_string_field(iovec, &n, "OBJECT_CMDLINE=", o->cmdline);
1001
1002 IOVEC_ADD_STRING_FIELD(iovec, n, o->capeff, "OBJECT_CAP_EFFECTIVE");
1003 IOVEC_ADD_SIZED_FIELD(iovec, n, o->label, o->label_size, "OBJECT_SELINUX_CONTEXT");
1004 IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->auditid, uint32_t, audit_session_is_valid, "%" PRIu32, "OBJECT_AUDIT_SESSION");
1005 IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->loginuid, uid_t, uid_is_valid, UID_FMT, "OBJECT_AUDIT_LOGINUID");
1006
1007 IOVEC_ADD_STRING_FIELD(iovec, n, o->cgroup, "OBJECT_SYSTEMD_CGROUP");
1008 IOVEC_ADD_STRING_FIELD(iovec, n, o->session, "OBJECT_SYSTEMD_SESSION");
1009 IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->owner_uid, uid_t, uid_is_valid, UID_FMT, "OBJECT_SYSTEMD_OWNER_UID");
1010 IOVEC_ADD_STRING_FIELD(iovec, n, o->unit, "OBJECT_SYSTEMD_UNIT");
1011 IOVEC_ADD_STRING_FIELD(iovec, n, o->user_unit, "OBJECT_SYSTEMD_USER_UNIT");
1012 IOVEC_ADD_STRING_FIELD(iovec, n, o->slice, "OBJECT_SYSTEMD_SLICE");
1013 IOVEC_ADD_STRING_FIELD(iovec, n, o->user_slice, "OBJECT_SYSTEMD_USER_SLICE");
1014
1015 IOVEC_ADD_ID128_FIELD(iovec, n, o->invocation_id, "OBJECT_SYSTEMD_INVOCATION_ID=");
1016 }
1017
1018 assert(n <= m);
1019
1020 if (tv) {
1021 sprintf(source_time, "_SOURCE_REALTIME_TIMESTAMP=" USEC_FMT, timeval_load(tv));
1022 iovec[n++] = IOVEC_MAKE_STRING(source_time);
1023 }
1024
1025 /* Note that strictly speaking storing the boot id here is
1026 * redundant since the entry includes this in-line
1027 * anyway. However, we need this indexed, too. */
1028 if (!isempty(s->boot_id_field))
1029 iovec[n++] = IOVEC_MAKE_STRING(s->boot_id_field);
1030
1031 if (!isempty(s->machine_id_field))
1032 iovec[n++] = IOVEC_MAKE_STRING(s->machine_id_field);
1033
1034 if (!isempty(s->hostname_field))
1035 iovec[n++] = IOVEC_MAKE_STRING(s->hostname_field);
1036
1037 if (!isempty(s->namespace_field))
1038 iovec[n++] = IOVEC_MAKE_STRING(s->namespace_field);
1039
1040 assert(n <= m);
1041
1042 if (s->split_mode == SPLIT_UID && c && uid_is_valid(c->uid))
1043 /* Split up strictly by (non-root) UID */
1044 journal_uid = c->uid;
1045 else if (s->split_mode == SPLIT_LOGIN && c && c->uid > 0 && uid_is_valid(c->owner_uid))
1046 /* Split up by login UIDs. We do this only if the
1047 * realuid is not root, in order not to accidentally
1048 * leak privileged information to the user that is
1049 * logged by a privileged process that is part of an
1050 * unprivileged session. */
1051 journal_uid = c->owner_uid;
1052 else
1053 journal_uid = 0;
1054
1055 write_to_journal(s, journal_uid, iovec, n, priority);
1056 }
1057
server_driver_message(Server * s,pid_t object_pid,const char * message_id,const char * format,...)1058 void server_driver_message(Server *s, pid_t object_pid, const char *message_id, const char *format, ...) {
1059
1060 struct iovec *iovec;
1061 size_t n = 0, k, m;
1062 va_list ap;
1063 int r;
1064
1065 assert(s);
1066 assert(format);
1067
1068 m = N_IOVEC_META_FIELDS + 5 + N_IOVEC_PAYLOAD_FIELDS + client_context_extra_fields_n_iovec(s->my_context) + N_IOVEC_OBJECT_FIELDS;
1069 iovec = newa(struct iovec, m);
1070
1071 assert_cc(3 == LOG_FAC(LOG_DAEMON));
1072 iovec[n++] = IOVEC_MAKE_STRING("SYSLOG_FACILITY=3");
1073 iovec[n++] = IOVEC_MAKE_STRING("SYSLOG_IDENTIFIER=systemd-journald");
1074
1075 iovec[n++] = IOVEC_MAKE_STRING("_TRANSPORT=driver");
1076 assert_cc(6 == LOG_INFO);
1077 iovec[n++] = IOVEC_MAKE_STRING("PRIORITY=6");
1078
1079 if (message_id)
1080 iovec[n++] = IOVEC_MAKE_STRING(message_id);
1081 k = n;
1082
1083 va_start(ap, format);
1084 r = log_format_iovec(iovec, m, &n, false, 0, format, ap);
1085 /* Error handling below */
1086 va_end(ap);
1087
1088 if (r >= 0)
1089 dispatch_message_real(s, iovec, n, m, s->my_context, NULL, LOG_INFO, object_pid);
1090
1091 while (k < n)
1092 free(iovec[k++].iov_base);
1093
1094 if (r < 0) {
1095 /* We failed to format the message. Emit a warning instead. */
1096 char buf[LINE_MAX];
1097
1098 xsprintf(buf, "MESSAGE=Entry printing failed: %s", strerror_safe(r));
1099
1100 n = 3;
1101 iovec[n++] = IOVEC_MAKE_STRING("PRIORITY=4");
1102 iovec[n++] = IOVEC_MAKE_STRING(buf);
1103 dispatch_message_real(s, iovec, n, m, s->my_context, NULL, LOG_INFO, object_pid);
1104 }
1105 }
1106
server_dispatch_message(Server * s,struct iovec * iovec,size_t n,size_t m,ClientContext * c,const struct timeval * tv,int priority,pid_t object_pid)1107 void server_dispatch_message(
1108 Server *s,
1109 struct iovec *iovec, size_t n, size_t m,
1110 ClientContext *c,
1111 const struct timeval *tv,
1112 int priority,
1113 pid_t object_pid) {
1114
1115 uint64_t available = 0;
1116 int rl;
1117
1118 assert(s);
1119 assert(iovec || n == 0);
1120
1121 if (n == 0)
1122 return;
1123
1124 if (LOG_PRI(priority) > s->max_level_store)
1125 return;
1126
1127 /* Stop early in case the information will not be stored
1128 * in a journal. */
1129 if (s->storage == STORAGE_NONE)
1130 return;
1131
1132 if (c && c->unit) {
1133 (void) determine_space(s, &available, NULL);
1134
1135 rl = journal_ratelimit_test(s->ratelimit, c->unit, c->log_ratelimit_interval, c->log_ratelimit_burst, priority & LOG_PRIMASK, available);
1136 if (rl == 0)
1137 return;
1138
1139 /* Write a suppression message if we suppressed something */
1140 if (rl > 1)
1141 server_driver_message(s, c->pid,
1142 "MESSAGE_ID=" SD_MESSAGE_JOURNAL_DROPPED_STR,
1143 LOG_MESSAGE("Suppressed %i messages from %s", rl - 1, c->unit),
1144 "N_DROPPED=%i", rl - 1,
1145 NULL);
1146 }
1147
1148 dispatch_message_real(s, iovec, n, m, c, tv, priority, object_pid);
1149 }
1150
server_flush_to_var(Server * s,bool require_flag_file)1151 int server_flush_to_var(Server *s, bool require_flag_file) {
1152 sd_journal *j = NULL;
1153 const char *fn;
1154 unsigned n = 0;
1155 usec_t start;
1156 int r, k;
1157
1158 assert(s);
1159
1160 if (!IN_SET(s->storage, STORAGE_AUTO, STORAGE_PERSISTENT))
1161 return 0;
1162
1163 if (s->namespace) /* Flushing concept does not exist for namespace instances */
1164 return 0;
1165
1166 if (!s->runtime_journal) /* Nothing to flush? */
1167 return 0;
1168
1169 if (require_flag_file && !flushed_flag_is_set(s))
1170 return 0;
1171
1172 (void) system_journal_open(s, true, false);
1173
1174 if (!s->system_journal)
1175 return 0;
1176
1177 log_debug("Flushing to %s...", s->system_storage.path);
1178
1179 start = now(CLOCK_MONOTONIC);
1180
1181 r = sd_journal_open(&j, SD_JOURNAL_RUNTIME_ONLY);
1182 if (r < 0)
1183 return log_error_errno(r, "Failed to read runtime journal: %m");
1184
1185 sd_journal_set_data_threshold(j, 0);
1186
1187 SD_JOURNAL_FOREACH(j) {
1188 Object *o = NULL;
1189 JournalFile *f;
1190
1191 f = j->current_file;
1192 assert(f && f->current_offset > 0);
1193
1194 n++;
1195
1196 r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
1197 if (r < 0) {
1198 log_error_errno(r, "Can't read entry: %m");
1199 goto finish;
1200 }
1201
1202 r = journal_file_copy_entry(f, s->system_journal->file, o, f->current_offset);
1203 if (r >= 0)
1204 continue;
1205
1206 if (!shall_try_append_again(s->system_journal->file, r)) {
1207 log_error_errno(r, "Can't write entry: %m");
1208 goto finish;
1209 }
1210
1211 log_info("Rotating system journal.");
1212
1213 server_rotate(s);
1214 server_vacuum(s, false);
1215
1216 if (!s->system_journal) {
1217 log_notice("Didn't flush runtime journal since rotation of system journal wasn't successful.");
1218 r = -EIO;
1219 goto finish;
1220 }
1221
1222 log_debug("Retrying write.");
1223 r = journal_file_copy_entry(f, s->system_journal->file, o, f->current_offset);
1224 if (r < 0) {
1225 log_error_errno(r, "Can't write entry: %m");
1226 goto finish;
1227 }
1228 }
1229
1230 r = 0;
1231
1232 finish:
1233 if (s->system_journal)
1234 journal_file_post_change(s->system_journal->file);
1235
1236 s->runtime_journal = managed_journal_file_close(s->runtime_journal);
1237
1238 if (r >= 0)
1239 (void) rm_rf(s->runtime_storage.path, REMOVE_ROOT);
1240
1241 sd_journal_close(j);
1242
1243 server_driver_message(s, 0, NULL,
1244 LOG_MESSAGE("Time spent on flushing to %s is %s for %u entries.",
1245 s->system_storage.path,
1246 FORMAT_TIMESPAN(usec_sub_unsigned(now(CLOCK_MONOTONIC), start), 0),
1247 n),
1248 NULL);
1249
1250 fn = strjoina(s->runtime_directory, "/flushed");
1251 k = touch(fn);
1252 if (k < 0)
1253 log_warning_errno(k, "Failed to touch %s, ignoring: %m", fn);
1254
1255 server_refresh_idle_timer(s);
1256 return r;
1257 }
1258
server_relinquish_var(Server * s)1259 static int server_relinquish_var(Server *s) {
1260 const char *fn;
1261 assert(s);
1262
1263 if (s->storage == STORAGE_NONE)
1264 return 0;
1265
1266 if (s->namespace) /* Concept does not exist for namespaced instances */
1267 return -EOPNOTSUPP;
1268
1269 if (s->runtime_journal && !s->system_journal)
1270 return 0;
1271
1272 log_debug("Relinquishing %s...", s->system_storage.path);
1273
1274 (void) system_journal_open(s, false, true);
1275
1276 s->system_journal = managed_journal_file_close(s->system_journal);
1277 ordered_hashmap_clear_with_destructor(s->user_journals, managed_journal_file_close);
1278 set_clear_with_destructor(s->deferred_closes, managed_journal_file_close);
1279
1280 fn = strjoina(s->runtime_directory, "/flushed");
1281 if (unlink(fn) < 0 && errno != ENOENT)
1282 log_warning_errno(errno, "Failed to unlink %s, ignoring: %m", fn);
1283
1284 server_refresh_idle_timer(s);
1285 return 0;
1286 }
1287
server_process_datagram(sd_event_source * es,int fd,uint32_t revents,void * userdata)1288 int server_process_datagram(
1289 sd_event_source *es,
1290 int fd,
1291 uint32_t revents,
1292 void *userdata) {
1293
1294 size_t label_len = 0, m;
1295 Server *s = userdata;
1296 struct ucred *ucred = NULL;
1297 struct timeval *tv = NULL;
1298 struct cmsghdr *cmsg;
1299 char *label = NULL;
1300 struct iovec iovec;
1301 ssize_t n;
1302 int *fds = NULL, v = 0;
1303 size_t n_fds = 0;
1304
1305 /* We use NAME_MAX space for the SELinux label here. The kernel currently enforces no limit, but
1306 * according to suggestions from the SELinux people this will change and it will probably be
1307 * identical to NAME_MAX. For now we use that, but this should be updated one day when the final
1308 * limit is known.
1309 *
1310 * Here, we need to explicitly initialize the buffer with zero, as glibc has a bug in
1311 * __convert_scm_timestamps(), which assumes the buffer is initialized. See #20741. */
1312 CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct ucred)) +
1313 CMSG_SPACE_TIMEVAL +
1314 CMSG_SPACE(sizeof(int)) + /* fd */
1315 CMSG_SPACE(NAME_MAX) /* selinux label */) control = {};
1316
1317 union sockaddr_union sa = {};
1318
1319 struct msghdr msghdr = {
1320 .msg_iov = &iovec,
1321 .msg_iovlen = 1,
1322 .msg_control = &control,
1323 .msg_controllen = sizeof(control),
1324 .msg_name = &sa,
1325 .msg_namelen = sizeof(sa),
1326 };
1327
1328 assert(s);
1329 assert(fd == s->native_fd || fd == s->syslog_fd || fd == s->audit_fd);
1330
1331 if (revents != EPOLLIN)
1332 return log_error_errno(SYNTHETIC_ERRNO(EIO),
1333 "Got invalid event from epoll for datagram fd: %" PRIx32,
1334 revents);
1335
1336 /* Try to get the right size, if we can. (Not all sockets support SIOCINQ, hence we just try, but don't rely on
1337 * it.) */
1338 (void) ioctl(fd, SIOCINQ, &v);
1339
1340 /* Fix it up, if it is too small. We use the same fixed value as auditd here. Awful! */
1341 m = PAGE_ALIGN(MAX3((size_t) v + 1,
1342 (size_t) LINE_MAX,
1343 ALIGN(sizeof(struct nlmsghdr)) + ALIGN((size_t) MAX_AUDIT_MESSAGE_LENGTH)) + 1);
1344
1345 if (!GREEDY_REALLOC(s->buffer, m))
1346 return log_oom();
1347
1348 iovec = IOVEC_MAKE(s->buffer, MALLOC_ELEMENTSOF(s->buffer) - 1); /* Leave room for trailing NUL we add later */
1349
1350 n = recvmsg_safe(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
1351 if (n < 0) {
1352 if (ERRNO_IS_TRANSIENT(n))
1353 return 0;
1354 if (n == -EXFULL) {
1355 log_warning("Got message with truncated control data (too many fds sent?), ignoring.");
1356 return 0;
1357 }
1358 return log_error_errno(n, "recvmsg() failed: %m");
1359 }
1360
1361 CMSG_FOREACH(cmsg, &msghdr)
1362 if (cmsg->cmsg_level == SOL_SOCKET &&
1363 cmsg->cmsg_type == SCM_CREDENTIALS &&
1364 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
1365 assert(!ucred);
1366 ucred = (struct ucred*) CMSG_DATA(cmsg);
1367 } else if (cmsg->cmsg_level == SOL_SOCKET &&
1368 cmsg->cmsg_type == SCM_SECURITY) {
1369 assert(!label);
1370 label = (char*) CMSG_DATA(cmsg);
1371 label_len = cmsg->cmsg_len - CMSG_LEN(0);
1372 } else if (cmsg->cmsg_level == SOL_SOCKET &&
1373 cmsg->cmsg_type == SO_TIMESTAMP &&
1374 cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval))) {
1375 assert(!tv);
1376 tv = (struct timeval*) CMSG_DATA(cmsg);
1377 } else if (cmsg->cmsg_level == SOL_SOCKET &&
1378 cmsg->cmsg_type == SCM_RIGHTS) {
1379 assert(!fds);
1380 fds = (int*) CMSG_DATA(cmsg);
1381 n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
1382 }
1383
1384 /* And a trailing NUL, just in case */
1385 s->buffer[n] = 0;
1386
1387 if (fd == s->syslog_fd) {
1388 if (n > 0 && n_fds == 0)
1389 server_process_syslog_message(s, s->buffer, n, ucred, tv, label, label_len);
1390 else if (n_fds > 0)
1391 log_warning("Got file descriptors via syslog socket. Ignoring.");
1392
1393 } else if (fd == s->native_fd) {
1394 if (n > 0 && n_fds == 0)
1395 server_process_native_message(s, s->buffer, n, ucred, tv, label, label_len);
1396 else if (n == 0 && n_fds == 1)
1397 server_process_native_file(s, fds[0], ucred, tv, label, label_len);
1398 else if (n_fds > 0)
1399 log_warning("Got too many file descriptors via native socket. Ignoring.");
1400
1401 } else {
1402 assert(fd == s->audit_fd);
1403
1404 if (n > 0 && n_fds == 0)
1405 server_process_audit_message(s, s->buffer, n, ucred, &sa, msghdr.msg_namelen);
1406 else if (n_fds > 0)
1407 log_warning("Got file descriptors via audit socket. Ignoring.");
1408 }
1409
1410 close_many(fds, n_fds);
1411
1412 server_refresh_idle_timer(s);
1413 return 0;
1414 }
1415
server_full_flush(Server * s)1416 static void server_full_flush(Server *s) {
1417 assert(s);
1418
1419 (void) server_flush_to_var(s, false);
1420 server_sync(s);
1421 server_vacuum(s, false);
1422
1423 server_space_usage_message(s, NULL);
1424
1425 server_refresh_idle_timer(s);
1426 }
1427
dispatch_sigusr1(sd_event_source * es,const struct signalfd_siginfo * si,void * userdata)1428 static int dispatch_sigusr1(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1429 Server *s = userdata;
1430
1431 assert(s);
1432
1433 if (s->namespace) {
1434 log_error("Received SIGUSR1 signal from PID " PID_FMT ", but flushing runtime journals not supported for namespaced instances.", si->ssi_pid);
1435 return 0;
1436 }
1437
1438 log_info("Received SIGUSR1 signal from PID " PID_FMT ", as request to flush runtime journal.", si->ssi_pid);
1439 server_full_flush(s);
1440
1441 return 0;
1442 }
1443
server_full_rotate(Server * s)1444 static void server_full_rotate(Server *s) {
1445 const char *fn;
1446 int r;
1447
1448 assert(s);
1449
1450 server_rotate(s);
1451 server_vacuum(s, true);
1452
1453 if (s->system_journal)
1454 patch_min_use(&s->system_storage);
1455 if (s->runtime_journal)
1456 patch_min_use(&s->runtime_storage);
1457
1458 /* Let clients know when the most recent rotation happened. */
1459 fn = strjoina(s->runtime_directory, "/rotated");
1460 r = write_timestamp_file_atomic(fn, now(CLOCK_MONOTONIC));
1461 if (r < 0)
1462 log_warning_errno(r, "Failed to write %s, ignoring: %m", fn);
1463 }
1464
dispatch_sigusr2(sd_event_source * es,const struct signalfd_siginfo * si,void * userdata)1465 static int dispatch_sigusr2(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1466 Server *s = userdata;
1467
1468 assert(s);
1469
1470 log_info("Received SIGUSR2 signal from PID " PID_FMT ", as request to rotate journal, rotating.", si->ssi_pid);
1471 server_full_rotate(s);
1472
1473 return 0;
1474 }
1475
dispatch_sigterm(sd_event_source * es,const struct signalfd_siginfo * si,void * userdata)1476 static int dispatch_sigterm(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1477 _cleanup_(sd_event_source_disable_unrefp) sd_event_source *news = NULL;
1478 Server *s = userdata;
1479 int r;
1480
1481 assert(s);
1482
1483 log_received_signal(LOG_INFO, si);
1484
1485 (void) sd_event_source_set_enabled(es, false); /* Make sure this handler is called at most once */
1486
1487 /* So on one hand we want to ensure that SIGTERMs are definitely handled in appropriate, bounded
1488 * time. On the other hand we want that everything pending is first comprehensively processed and
1489 * written to disk. These goals are incompatible, hence we try to find a middle ground: we'll process
1490 * SIGTERM with high priority, but from the handler (this one right here) we'll install two new event
1491 * sources: one low priority idle one that will issue the exit once everything else is processed (and
1492 * which is hopefully the regular, clean codepath); and one high priority timer that acts as safety
1493 * net: if our idle handler isn't run within 10s, we'll exit anyway.
1494 *
1495 * TLDR: we'll exit either when everything is processed, or after 10s max, depending on what happens
1496 * first.
1497 *
1498 * Note that exiting before the idle event is hit doesn't typically mean that we lose any data, as
1499 * messages will remain queued in the sockets they came in from, and thus can be processed when we
1500 * start up next – unless we are going down for the final system shutdown, in which case everything
1501 * is lost. */
1502
1503 r = sd_event_add_defer(s->event, &news, NULL, NULL); /* NULL handler means → exit when triggered */
1504 if (r < 0) {
1505 log_error_errno(r, "Failed to allocate exit idle event handler: %m");
1506 goto fail;
1507 }
1508
1509 (void) sd_event_source_set_description(news, "exit-idle");
1510
1511 /* Run everything relevant before this. */
1512 r = sd_event_source_set_priority(news, SD_EVENT_PRIORITY_NORMAL+20);
1513 if (r < 0) {
1514 log_error_errno(r, "Failed to adjust priority of exit idle event handler: %m");
1515 goto fail;
1516 }
1517
1518 /* Give up ownership, so that this event source is freed automatically when the event loop is freed. */
1519 r = sd_event_source_set_floating(news, true);
1520 if (r < 0) {
1521 log_error_errno(r, "Failed to make exit idle event handler floating: %m");
1522 goto fail;
1523 }
1524
1525 news = sd_event_source_unref(news);
1526
1527 r = sd_event_add_time_relative(s->event, &news, CLOCK_MONOTONIC, 10 * USEC_PER_SEC, 0, NULL, NULL);
1528 if (r < 0) {
1529 log_error_errno(r, "Failed to allocate exit timeout event handler: %m");
1530 goto fail;
1531 }
1532
1533 (void) sd_event_source_set_description(news, "exit-timeout");
1534
1535 r = sd_event_source_set_priority(news, SD_EVENT_PRIORITY_IMPORTANT-20); /* This is a safety net, with highest priority */
1536 if (r < 0) {
1537 log_error_errno(r, "Failed to adjust priority of exit timeout event handler: %m");
1538 goto fail;
1539 }
1540
1541 r = sd_event_source_set_floating(news, true);
1542 if (r < 0) {
1543 log_error_errno(r, "Failed to make exit timeout event handler floating: %m");
1544 goto fail;
1545 }
1546
1547 news = sd_event_source_unref(news);
1548
1549 log_debug("Exit event sources are now pending.");
1550 return 0;
1551
1552 fail:
1553 sd_event_exit(s->event, 0);
1554 return 0;
1555 }
1556
server_full_sync(Server * s)1557 static void server_full_sync(Server *s) {
1558 const char *fn;
1559 int r;
1560
1561 assert(s);
1562
1563 server_sync(s);
1564
1565 /* Let clients know when the most recent sync happened. */
1566 fn = strjoina(s->runtime_directory, "/synced");
1567 r = write_timestamp_file_atomic(fn, now(CLOCK_MONOTONIC));
1568 if (r < 0)
1569 log_warning_errno(r, "Failed to write %s, ignoring: %m", fn);
1570
1571 return;
1572 }
1573
dispatch_sigrtmin1(sd_event_source * es,const struct signalfd_siginfo * si,void * userdata)1574 static int dispatch_sigrtmin1(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) {
1575 Server *s = userdata;
1576
1577 assert(s);
1578
1579 log_debug("Received SIGRTMIN1 signal from PID " PID_FMT ", as request to sync.", si->ssi_pid );
1580 server_full_sync(s);
1581
1582 return 0;
1583 }
1584
setup_signals(Server * s)1585 static int setup_signals(Server *s) {
1586 int r;
1587
1588 assert(s);
1589
1590 assert_se(sigprocmask_many(SIG_SETMASK, NULL, SIGINT, SIGTERM, SIGUSR1, SIGUSR2, SIGRTMIN+1, -1) >= 0);
1591
1592 r = sd_event_add_signal(s->event, &s->sigusr1_event_source, SIGUSR1, dispatch_sigusr1, s);
1593 if (r < 0)
1594 return r;
1595
1596 r = sd_event_add_signal(s->event, &s->sigusr2_event_source, SIGUSR2, dispatch_sigusr2, s);
1597 if (r < 0)
1598 return r;
1599
1600 r = sd_event_add_signal(s->event, &s->sigterm_event_source, SIGTERM, dispatch_sigterm, s);
1601 if (r < 0)
1602 return r;
1603
1604 /* Let's process SIGTERM early, so that we definitely react to it */
1605 r = sd_event_source_set_priority(s->sigterm_event_source, SD_EVENT_PRIORITY_IMPORTANT-10);
1606 if (r < 0)
1607 return r;
1608
1609 /* When journald is invoked on the terminal (when debugging), it's useful if C-c is handled
1610 * equivalent to SIGTERM. */
1611 r = sd_event_add_signal(s->event, &s->sigint_event_source, SIGINT, dispatch_sigterm, s);
1612 if (r < 0)
1613 return r;
1614
1615 r = sd_event_source_set_priority(s->sigint_event_source, SD_EVENT_PRIORITY_IMPORTANT-10);
1616 if (r < 0)
1617 return r;
1618
1619 /* SIGRTMIN+1 causes an immediate sync. We process this very late, so that everything else queued at
1620 * this point is really written to disk. Clients can watch /run/systemd/journal/synced with inotify
1621 * until its mtime changes to see when a sync happened. */
1622 r = sd_event_add_signal(s->event, &s->sigrtmin1_event_source, SIGRTMIN+1, dispatch_sigrtmin1, s);
1623 if (r < 0)
1624 return r;
1625
1626 r = sd_event_source_set_priority(s->sigrtmin1_event_source, SD_EVENT_PRIORITY_NORMAL+15);
1627 if (r < 0)
1628 return r;
1629
1630 return 0;
1631 }
1632
parse_proc_cmdline_item(const char * key,const char * value,void * data)1633 static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
1634 Server *s = data;
1635 int r;
1636
1637 assert(s);
1638
1639 if (proc_cmdline_key_streq(key, "systemd.journald.forward_to_syslog")) {
1640
1641 r = value ? parse_boolean(value) : true;
1642 if (r < 0)
1643 log_warning("Failed to parse forward to syslog switch \"%s\". Ignoring.", value);
1644 else
1645 s->forward_to_syslog = r;
1646
1647 } else if (proc_cmdline_key_streq(key, "systemd.journald.forward_to_kmsg")) {
1648
1649 r = value ? parse_boolean(value) : true;
1650 if (r < 0)
1651 log_warning("Failed to parse forward to kmsg switch \"%s\". Ignoring.", value);
1652 else
1653 s->forward_to_kmsg = r;
1654
1655 } else if (proc_cmdline_key_streq(key, "systemd.journald.forward_to_console")) {
1656
1657 r = value ? parse_boolean(value) : true;
1658 if (r < 0)
1659 log_warning("Failed to parse forward to console switch \"%s\". Ignoring.", value);
1660 else
1661 s->forward_to_console = r;
1662
1663 } else if (proc_cmdline_key_streq(key, "systemd.journald.forward_to_wall")) {
1664
1665 r = value ? parse_boolean(value) : true;
1666 if (r < 0)
1667 log_warning("Failed to parse forward to wall switch \"%s\". Ignoring.", value);
1668 else
1669 s->forward_to_wall = r;
1670
1671 } else if (proc_cmdline_key_streq(key, "systemd.journald.max_level_console")) {
1672
1673 if (proc_cmdline_value_missing(key, value))
1674 return 0;
1675
1676 r = log_level_from_string(value);
1677 if (r < 0)
1678 log_warning("Failed to parse max level console value \"%s\". Ignoring.", value);
1679 else
1680 s->max_level_console = r;
1681
1682 } else if (proc_cmdline_key_streq(key, "systemd.journald.max_level_store")) {
1683
1684 if (proc_cmdline_value_missing(key, value))
1685 return 0;
1686
1687 r = log_level_from_string(value);
1688 if (r < 0)
1689 log_warning("Failed to parse max level store value \"%s\". Ignoring.", value);
1690 else
1691 s->max_level_store = r;
1692
1693 } else if (proc_cmdline_key_streq(key, "systemd.journald.max_level_syslog")) {
1694
1695 if (proc_cmdline_value_missing(key, value))
1696 return 0;
1697
1698 r = log_level_from_string(value);
1699 if (r < 0)
1700 log_warning("Failed to parse max level syslog value \"%s\". Ignoring.", value);
1701 else
1702 s->max_level_syslog = r;
1703
1704 } else if (proc_cmdline_key_streq(key, "systemd.journald.max_level_kmsg")) {
1705
1706 if (proc_cmdline_value_missing(key, value))
1707 return 0;
1708
1709 r = log_level_from_string(value);
1710 if (r < 0)
1711 log_warning("Failed to parse max level kmsg value \"%s\". Ignoring.", value);
1712 else
1713 s->max_level_kmsg = r;
1714
1715 } else if (proc_cmdline_key_streq(key, "systemd.journald.max_level_wall")) {
1716
1717 if (proc_cmdline_value_missing(key, value))
1718 return 0;
1719
1720 r = log_level_from_string(value);
1721 if (r < 0)
1722 log_warning("Failed to parse max level wall value \"%s\". Ignoring.", value);
1723 else
1724 s->max_level_wall = r;
1725
1726 } else if (startswith(key, "systemd.journald"))
1727 log_warning("Unknown journald kernel command line option \"%s\". Ignoring.", key);
1728
1729 /* do not warn about state here, since probably systemd already did */
1730 return 0;
1731 }
1732
server_parse_config_file(Server * s)1733 static int server_parse_config_file(Server *s) {
1734 int r;
1735
1736 assert(s);
1737
1738 if (s->namespace) {
1739 const char *namespaced, *dropin_dirname;
1740
1741 /* If we are running in namespace mode, load the namespace specific configuration file, and nothing else */
1742 namespaced = strjoina(PKGSYSCONFDIR "/journald@", s->namespace, ".conf");
1743 dropin_dirname = strjoina("journald@", s->namespace, ".conf.d");
1744
1745 r = config_parse_many(
1746 STRV_MAKE_CONST(namespaced),
1747 (const char* const*) CONF_PATHS_STRV("systemd"),
1748 dropin_dirname,
1749 "Journal\0",
1750 config_item_perf_lookup, journald_gperf_lookup,
1751 CONFIG_PARSE_WARN, s, NULL);
1752 if (r < 0)
1753 return r;
1754
1755 return 0;
1756 }
1757
1758 return config_parse_many_nulstr(
1759 PKGSYSCONFDIR "/journald.conf",
1760 CONF_PATHS_NULSTR("systemd/journald.conf.d"),
1761 "Journal\0",
1762 config_item_perf_lookup, journald_gperf_lookup,
1763 CONFIG_PARSE_WARN, s, NULL);
1764 }
1765
server_dispatch_sync(sd_event_source * es,usec_t t,void * userdata)1766 static int server_dispatch_sync(sd_event_source *es, usec_t t, void *userdata) {
1767 Server *s = userdata;
1768
1769 assert(s);
1770
1771 server_sync(s);
1772 return 0;
1773 }
1774
server_schedule_sync(Server * s,int priority)1775 int server_schedule_sync(Server *s, int priority) {
1776 int r;
1777
1778 assert(s);
1779
1780 if (priority <= LOG_CRIT) {
1781 /* Immediately sync to disk when this is of priority CRIT, ALERT, EMERG */
1782 server_sync(s);
1783 return 0;
1784 }
1785
1786 if (s->sync_scheduled)
1787 return 0;
1788
1789 if (s->sync_interval_usec > 0) {
1790
1791 if (!s->sync_event_source) {
1792 r = sd_event_add_time_relative(
1793 s->event,
1794 &s->sync_event_source,
1795 CLOCK_MONOTONIC,
1796 s->sync_interval_usec, 0,
1797 server_dispatch_sync, s);
1798 if (r < 0)
1799 return r;
1800
1801 r = sd_event_source_set_priority(s->sync_event_source, SD_EVENT_PRIORITY_IMPORTANT);
1802 } else {
1803 r = sd_event_source_set_time_relative(s->sync_event_source, s->sync_interval_usec);
1804 if (r < 0)
1805 return r;
1806
1807 r = sd_event_source_set_enabled(s->sync_event_source, SD_EVENT_ONESHOT);
1808 }
1809 if (r < 0)
1810 return r;
1811
1812 s->sync_scheduled = true;
1813 }
1814
1815 return 0;
1816 }
1817
dispatch_hostname_change(sd_event_source * es,int fd,uint32_t revents,void * userdata)1818 static int dispatch_hostname_change(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
1819 Server *s = userdata;
1820
1821 assert(s);
1822
1823 server_cache_hostname(s);
1824 return 0;
1825 }
1826
server_open_hostname(Server * s)1827 static int server_open_hostname(Server *s) {
1828 int r;
1829
1830 assert(s);
1831
1832 s->hostname_fd = open("/proc/sys/kernel/hostname",
1833 O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
1834 if (s->hostname_fd < 0)
1835 return log_error_errno(errno, "Failed to open /proc/sys/kernel/hostname: %m");
1836
1837 r = sd_event_add_io(s->event, &s->hostname_event_source, s->hostname_fd, 0, dispatch_hostname_change, s);
1838 if (r < 0) {
1839 /* kernels prior to 3.2 don't support polling this file. Ignore
1840 * the failure. */
1841 if (r == -EPERM) {
1842 log_warning_errno(r, "Failed to register hostname fd in event loop, ignoring: %m");
1843 s->hostname_fd = safe_close(s->hostname_fd);
1844 return 0;
1845 }
1846
1847 return log_error_errno(r, "Failed to register hostname fd in event loop: %m");
1848 }
1849
1850 r = sd_event_source_set_priority(s->hostname_event_source, SD_EVENT_PRIORITY_IMPORTANT-10);
1851 if (r < 0)
1852 return log_error_errno(r, "Failed to adjust priority of hostname event source: %m");
1853
1854 return 0;
1855 }
1856
dispatch_notify_event(sd_event_source * es,int fd,uint32_t revents,void * userdata)1857 static int dispatch_notify_event(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
1858 Server *s = userdata;
1859 int r;
1860
1861 assert(s);
1862 assert(s->notify_event_source == es);
1863 assert(s->notify_fd == fd);
1864
1865 /* The $NOTIFY_SOCKET is writable again, now send exactly one
1866 * message on it. Either it's the watchdog event, the initial
1867 * READY=1 event or an stdout stream event. If there's nothing
1868 * to write anymore, turn our event source off. The next time
1869 * there's something to send it will be turned on again. */
1870
1871 if (!s->sent_notify_ready) {
1872 static const char p[] = "READY=1\n"
1873 "STATUS=Processing requests...";
1874
1875 if (send(s->notify_fd, p, strlen(p), MSG_DONTWAIT) < 0) {
1876 if (errno == EAGAIN)
1877 return 0;
1878
1879 return log_error_errno(errno, "Failed to send READY=1 notification message: %m");
1880 }
1881
1882 s->sent_notify_ready = true;
1883 log_debug("Sent READY=1 notification.");
1884
1885 } else if (s->send_watchdog) {
1886 static const char p[] = "WATCHDOG=1";
1887
1888 if (send(s->notify_fd, p, strlen(p), MSG_DONTWAIT) < 0) {
1889 if (errno == EAGAIN)
1890 return 0;
1891
1892 return log_error_errno(errno, "Failed to send WATCHDOG=1 notification message: %m");
1893 }
1894
1895 s->send_watchdog = false;
1896 log_debug("Sent WATCHDOG=1 notification.");
1897
1898 } else if (s->stdout_streams_notify_queue)
1899 /* Dispatch one stream notification event */
1900 stdout_stream_send_notify(s->stdout_streams_notify_queue);
1901
1902 /* Leave us enabled if there's still more to do. */
1903 if (s->send_watchdog || s->stdout_streams_notify_queue)
1904 return 0;
1905
1906 /* There was nothing to do anymore, let's turn ourselves off. */
1907 r = sd_event_source_set_enabled(es, SD_EVENT_OFF);
1908 if (r < 0)
1909 return log_error_errno(r, "Failed to turn off notify event source: %m");
1910
1911 return 0;
1912 }
1913
dispatch_watchdog(sd_event_source * es,uint64_t usec,void * userdata)1914 static int dispatch_watchdog(sd_event_source *es, uint64_t usec, void *userdata) {
1915 Server *s = userdata;
1916 int r;
1917
1918 assert(s);
1919
1920 s->send_watchdog = true;
1921
1922 r = sd_event_source_set_enabled(s->notify_event_source, SD_EVENT_ON);
1923 if (r < 0)
1924 log_warning_errno(r, "Failed to turn on notify event source: %m");
1925
1926 r = sd_event_source_set_time(s->watchdog_event_source, usec + s->watchdog_usec / 2);
1927 if (r < 0)
1928 return log_error_errno(r, "Failed to restart watchdog event source: %m");
1929
1930 r = sd_event_source_set_enabled(s->watchdog_event_source, SD_EVENT_ON);
1931 if (r < 0)
1932 return log_error_errno(r, "Failed to enable watchdog event source: %m");
1933
1934 return 0;
1935 }
1936
server_connect_notify(Server * s)1937 static int server_connect_notify(Server *s) {
1938 union sockaddr_union sa;
1939 socklen_t sa_len;
1940 const char *e;
1941 int r;
1942
1943 assert(s);
1944 assert(s->notify_fd < 0);
1945 assert(!s->notify_event_source);
1946
1947 /*
1948 * So here's the problem: we'd like to send notification messages to PID 1, but we cannot do that via
1949 * sd_notify(), since that's synchronous, and we might end up blocking on it. Specifically: given
1950 * that PID 1 might block on dbus-daemon during IPC, and dbus-daemon is logging to us, and might
1951 * hence block on us, we might end up in a deadlock if we block on sending PID 1 notification
1952 * messages — by generating a full blocking circle. To avoid this, let's create a non-blocking
1953 * socket, and connect it to the notification socket, and then wait for POLLOUT before we send
1954 * anything. This should efficiently avoid any deadlocks, as we'll never block on PID 1, hence PID 1
1955 * can safely block on dbus-daemon which can safely block on us again.
1956 *
1957 * Don't think that this issue is real? It is, see: https://github.com/systemd/systemd/issues/1505
1958 */
1959
1960 e = getenv("NOTIFY_SOCKET");
1961 if (!e)
1962 return 0;
1963
1964 r = sockaddr_un_set_path(&sa.un, e);
1965 if (r < 0)
1966 return log_error_errno(r, "NOTIFY_SOCKET set to invalid value '%s': %m", e);
1967 sa_len = r;
1968
1969 s->notify_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
1970 if (s->notify_fd < 0)
1971 return log_error_errno(errno, "Failed to create notify socket: %m");
1972
1973 (void) fd_inc_sndbuf(s->notify_fd, NOTIFY_SNDBUF_SIZE);
1974
1975 r = connect(s->notify_fd, &sa.sa, sa_len);
1976 if (r < 0)
1977 return log_error_errno(errno, "Failed to connect to notify socket: %m");
1978
1979 r = sd_event_add_io(s->event, &s->notify_event_source, s->notify_fd, EPOLLOUT, dispatch_notify_event, s);
1980 if (r < 0)
1981 return log_error_errno(r, "Failed to watch notification socket: %m");
1982
1983 if (sd_watchdog_enabled(false, &s->watchdog_usec) > 0) {
1984 s->send_watchdog = true;
1985
1986 r = sd_event_add_time_relative(s->event, &s->watchdog_event_source, CLOCK_MONOTONIC, s->watchdog_usec/2, s->watchdog_usec/4, dispatch_watchdog, s);
1987 if (r < 0)
1988 return log_error_errno(r, "Failed to add watchdog time event: %m");
1989 }
1990
1991 /* This should fire pretty soon, which we'll use to send the READY=1 event. */
1992
1993 return 0;
1994 }
1995
synchronize_second_half(sd_event_source * event_source,void * userdata)1996 static int synchronize_second_half(sd_event_source *event_source, void *userdata) {
1997 Varlink *link = userdata;
1998 Server *s;
1999 int r;
2000
2001 assert(link);
2002 assert_se(s = varlink_get_userdata(link));
2003
2004 /* This is the "second half" of the Synchronize() varlink method. This function is called as deferred
2005 * event source at a low priority to ensure the synchronization completes after all queued log
2006 * messages are processed. */
2007 server_full_sync(s);
2008
2009 /* Let's get rid of the event source now, by marking it as non-floating again. It then has no ref
2010 * anymore and is immediately destroyed after we return from this function, i.e. from this event
2011 * source handler at the end. */
2012 r = sd_event_source_set_floating(event_source, false);
2013 if (r < 0)
2014 return log_error_errno(r, "Failed to mark event source as non-floating: %m");
2015
2016 return varlink_reply(link, NULL);
2017 }
2018
synchronize_destroy(void * userdata)2019 static void synchronize_destroy(void *userdata) {
2020 varlink_unref(userdata);
2021 }
2022
vl_method_synchronize(Varlink * link,JsonVariant * parameters,VarlinkMethodFlags flags,void * userdata)2023 static int vl_method_synchronize(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) {
2024 _cleanup_(sd_event_source_unrefp) sd_event_source *event_source = NULL;
2025 Server *s = userdata;
2026 int r;
2027
2028 assert(link);
2029 assert(s);
2030
2031 if (json_variant_elements(parameters) > 0)
2032 return varlink_error_invalid_parameter(link, parameters);
2033
2034 log_info("Received client request to rotate journal.");
2035
2036 /* We don't do the main work now, but instead enqueue a deferred event loop job which will do
2037 * it. That job is scheduled at low priority, so that we return from this method call only after all
2038 * queued but not processed log messages are written to disk, so that this method call returning can
2039 * be used as nice synchronization point. */
2040 r = sd_event_add_defer(s->event, &event_source, synchronize_second_half, link);
2041 if (r < 0)
2042 return log_error_errno(r, "Failed to allocate defer event source: %m");
2043
2044 r = sd_event_source_set_destroy_callback(event_source, synchronize_destroy);
2045 if (r < 0)
2046 return log_error_errno(r, "Failed to set event source destroy callback: %m");
2047
2048 varlink_ref(link); /* The varlink object is now left to the destroy callback to unref */
2049
2050 r = sd_event_source_set_priority(event_source, SD_EVENT_PRIORITY_NORMAL+15);
2051 if (r < 0)
2052 return log_error_errno(r, "Failed to set defer event source priority: %m");
2053
2054 /* Give up ownership of this event source. It will now be destroyed along with event loop itself,
2055 * unless it destroys itself earlier. */
2056 r = sd_event_source_set_floating(event_source, true);
2057 if (r < 0)
2058 return log_error_errno(r, "Failed to mark event source as floating: %m");
2059
2060 (void) sd_event_source_set_description(event_source, "deferred-sync");
2061
2062 return 0;
2063 }
2064
vl_method_rotate(Varlink * link,JsonVariant * parameters,VarlinkMethodFlags flags,void * userdata)2065 static int vl_method_rotate(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) {
2066 Server *s = userdata;
2067
2068 assert(link);
2069 assert(s);
2070
2071 if (json_variant_elements(parameters) > 0)
2072 return varlink_error_invalid_parameter(link, parameters);
2073
2074 log_info("Received client request to rotate journal, rotating.");
2075 server_full_rotate(s);
2076
2077 return varlink_reply(link, NULL);
2078 }
2079
vl_method_flush_to_var(Varlink * link,JsonVariant * parameters,VarlinkMethodFlags flags,void * userdata)2080 static int vl_method_flush_to_var(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) {
2081 Server *s = userdata;
2082
2083 assert(link);
2084 assert(s);
2085
2086 if (json_variant_elements(parameters) > 0)
2087 return varlink_error_invalid_parameter(link, parameters);
2088 if (s->namespace)
2089 return varlink_error(link, "io.systemd.Journal.NotSupportedByNamespaces", NULL);
2090
2091 log_info("Received client request to flush runtime journal.");
2092 server_full_flush(s);
2093
2094 return varlink_reply(link, NULL);
2095 }
2096
vl_method_relinquish_var(Varlink * link,JsonVariant * parameters,VarlinkMethodFlags flags,void * userdata)2097 static int vl_method_relinquish_var(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) {
2098 Server *s = userdata;
2099
2100 assert(link);
2101 assert(s);
2102
2103 if (json_variant_elements(parameters) > 0)
2104 return varlink_error_invalid_parameter(link, parameters);
2105 if (s->namespace)
2106 return varlink_error(link, "io.systemd.Journal.NotSupportedByNamespaces", NULL);
2107
2108 log_info("Received client request to relinquish %s access.", s->system_storage.path);
2109 server_relinquish_var(s);
2110
2111 return varlink_reply(link, NULL);
2112 }
2113
vl_connect(VarlinkServer * server,Varlink * link,void * userdata)2114 static int vl_connect(VarlinkServer *server, Varlink *link, void *userdata) {
2115 Server *s = userdata;
2116
2117 assert(server);
2118 assert(link);
2119 assert(s);
2120
2121 (void) server_start_or_stop_idle_timer(s); /* maybe we are no longer idle */
2122
2123 return 0;
2124 }
2125
vl_disconnect(VarlinkServer * server,Varlink * link,void * userdata)2126 static void vl_disconnect(VarlinkServer *server, Varlink *link, void *userdata) {
2127 Server *s = userdata;
2128
2129 assert(server);
2130 assert(link);
2131 assert(s);
2132
2133 (void) server_start_or_stop_idle_timer(s); /* maybe we are idle now */
2134 }
2135
server_open_varlink(Server * s,const char * socket,int fd)2136 static int server_open_varlink(Server *s, const char *socket, int fd) {
2137 int r;
2138
2139 assert(s);
2140
2141 r = varlink_server_new(&s->varlink_server, VARLINK_SERVER_ROOT_ONLY|VARLINK_SERVER_INHERIT_USERDATA);
2142 if (r < 0)
2143 return r;
2144
2145 varlink_server_set_userdata(s->varlink_server, s);
2146
2147 r = varlink_server_bind_method_many(
2148 s->varlink_server,
2149 "io.systemd.Journal.Synchronize", vl_method_synchronize,
2150 "io.systemd.Journal.Rotate", vl_method_rotate,
2151 "io.systemd.Journal.FlushToVar", vl_method_flush_to_var,
2152 "io.systemd.Journal.RelinquishVar", vl_method_relinquish_var);
2153 if (r < 0)
2154 return r;
2155
2156 r = varlink_server_bind_connect(s->varlink_server, vl_connect);
2157 if (r < 0)
2158 return r;
2159
2160 r = varlink_server_bind_disconnect(s->varlink_server, vl_disconnect);
2161 if (r < 0)
2162 return r;
2163
2164 if (fd < 0)
2165 r = varlink_server_listen_address(s->varlink_server, socket, 0600);
2166 else
2167 r = varlink_server_listen_fd(s->varlink_server, fd);
2168 if (r < 0)
2169 return r;
2170
2171 r = varlink_server_attach_event(s->varlink_server, s->event, SD_EVENT_PRIORITY_NORMAL);
2172 if (r < 0)
2173 return r;
2174
2175 return 0;
2176 }
2177
server_is_idle(Server * s)2178 static bool server_is_idle(Server *s) {
2179 assert(s);
2180
2181 /* The server for the main namespace is never idle */
2182 if (!s->namespace)
2183 return false;
2184
2185 /* If a retention maximum is set larger than the idle time we need to be running to enforce it, hence
2186 * turn off the idle logic. */
2187 if (s->max_retention_usec > IDLE_TIMEOUT_USEC)
2188 return false;
2189
2190 /* We aren't idle if we have a varlink client */
2191 if (varlink_server_current_connections(s->varlink_server) > 0)
2192 return false;
2193
2194 /* If we have stdout streams we aren't idle */
2195 if (s->n_stdout_streams > 0)
2196 return false;
2197
2198 return true;
2199 }
2200
server_idle_handler(sd_event_source * source,uint64_t usec,void * userdata)2201 static int server_idle_handler(sd_event_source *source, uint64_t usec, void *userdata) {
2202 Server *s = userdata;
2203
2204 assert(source);
2205 assert(s);
2206
2207 log_debug("Server is idle, exiting.");
2208 sd_event_exit(s->event, 0);
2209 return 0;
2210 }
2211
server_start_or_stop_idle_timer(Server * s)2212 int server_start_or_stop_idle_timer(Server *s) {
2213 _cleanup_(sd_event_source_unrefp) sd_event_source *source = NULL;
2214 int r;
2215
2216 assert(s);
2217
2218 if (!server_is_idle(s)) {
2219 s->idle_event_source = sd_event_source_disable_unref(s->idle_event_source);
2220 return 0;
2221 }
2222
2223 if (s->idle_event_source)
2224 return 1;
2225
2226 r = sd_event_add_time_relative(s->event, &source, CLOCK_MONOTONIC, IDLE_TIMEOUT_USEC, 0, server_idle_handler, s);
2227 if (r < 0)
2228 return log_error_errno(r, "Failed to allocate idle timer: %m");
2229
2230 r = sd_event_source_set_priority(source, SD_EVENT_PRIORITY_IDLE);
2231 if (r < 0)
2232 return log_error_errno(r, "Failed to set idle timer priority: %m");
2233
2234 (void) sd_event_source_set_description(source, "idle-timer");
2235
2236 s->idle_event_source = TAKE_PTR(source);
2237 return 1;
2238 }
2239
server_refresh_idle_timer(Server * s)2240 int server_refresh_idle_timer(Server *s) {
2241 int r;
2242
2243 assert(s);
2244
2245 if (!s->idle_event_source)
2246 return 0;
2247
2248 r = sd_event_source_set_time_relative(s->idle_event_source, IDLE_TIMEOUT_USEC);
2249 if (r < 0)
2250 return log_error_errno(r, "Failed to refresh idle timer: %m");
2251
2252 return 1;
2253 }
2254
set_namespace(Server * s,const char * namespace)2255 static int set_namespace(Server *s, const char *namespace) {
2256 assert(s);
2257
2258 if (!namespace)
2259 return 0;
2260
2261 if (!log_namespace_name_valid(namespace))
2262 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Specified namespace name not valid, refusing: %s", namespace);
2263
2264 s->namespace = strdup(namespace);
2265 if (!s->namespace)
2266 return log_oom();
2267
2268 s->namespace_field = strjoin("_NAMESPACE=", namespace);
2269 if (!s->namespace_field)
2270 return log_oom();
2271
2272 return 1;
2273 }
2274
server_init(Server * s,const char * namespace)2275 int server_init(Server *s, const char *namespace) {
2276 const char *native_socket, *syslog_socket, *stdout_socket, *varlink_socket, *e;
2277 _cleanup_fdset_free_ FDSet *fds = NULL;
2278 int n, r, fd, varlink_fd = -1;
2279 bool no_sockets;
2280
2281 assert(s);
2282
2283 *s = (Server) {
2284 .syslog_fd = -1,
2285 .native_fd = -1,
2286 .stdout_fd = -1,
2287 .dev_kmsg_fd = -1,
2288 .audit_fd = -1,
2289 .hostname_fd = -1,
2290 .notify_fd = -1,
2291
2292 .compress.enabled = true,
2293 .compress.threshold_bytes = UINT64_MAX,
2294 .seal = true,
2295
2296 .set_audit = true,
2297
2298 .watchdog_usec = USEC_INFINITY,
2299
2300 .sync_interval_usec = DEFAULT_SYNC_INTERVAL_USEC,
2301 .sync_scheduled = false,
2302
2303 .ratelimit_interval = DEFAULT_RATE_LIMIT_INTERVAL,
2304 .ratelimit_burst = DEFAULT_RATE_LIMIT_BURST,
2305
2306 .forward_to_wall = true,
2307
2308 .max_file_usec = DEFAULT_MAX_FILE_USEC,
2309
2310 .max_level_store = LOG_DEBUG,
2311 .max_level_syslog = LOG_DEBUG,
2312 .max_level_kmsg = LOG_NOTICE,
2313 .max_level_console = LOG_INFO,
2314 .max_level_wall = LOG_EMERG,
2315
2316 .line_max = DEFAULT_LINE_MAX,
2317
2318 .runtime_storage.name = "Runtime Journal",
2319 .system_storage.name = "System Journal",
2320
2321 .kmsg_own_ratelimit = {
2322 .interval = DEFAULT_KMSG_OWN_INTERVAL,
2323 .burst = DEFAULT_KMSG_OWN_BURST,
2324 },
2325 };
2326
2327 r = set_namespace(s, namespace);
2328 if (r < 0)
2329 return r;
2330
2331 /* By default, only read from /dev/kmsg if are the main namespace */
2332 s->read_kmsg = !s->namespace;
2333 s->storage = s->namespace ? STORAGE_PERSISTENT : STORAGE_AUTO;
2334
2335 journal_reset_metrics(&s->system_storage.metrics);
2336 journal_reset_metrics(&s->runtime_storage.metrics);
2337
2338 server_parse_config_file(s);
2339
2340 if (!s->namespace) {
2341 /* Parse kernel command line, but only if we are not a namespace instance */
2342 r = proc_cmdline_parse(parse_proc_cmdline_item, s, PROC_CMDLINE_STRIP_RD_PREFIX);
2343 if (r < 0)
2344 log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
2345 }
2346
2347 if (!!s->ratelimit_interval != !!s->ratelimit_burst) { /* One set to 0 and the other not? */
2348 log_debug("Setting both rate limit interval and burst from "USEC_FMT",%u to 0,0",
2349 s->ratelimit_interval, s->ratelimit_burst);
2350 s->ratelimit_interval = s->ratelimit_burst = 0;
2351 }
2352
2353 e = getenv("RUNTIME_DIRECTORY");
2354 if (e)
2355 s->runtime_directory = strdup(e);
2356 else if (s->namespace)
2357 s->runtime_directory = strjoin("/run/systemd/journal.", s->namespace);
2358 else
2359 s->runtime_directory = strdup("/run/systemd/journal");
2360 if (!s->runtime_directory)
2361 return log_oom();
2362
2363 (void) mkdir_p(s->runtime_directory, 0755);
2364
2365 s->user_journals = ordered_hashmap_new(NULL);
2366 if (!s->user_journals)
2367 return log_oom();
2368
2369 s->mmap = mmap_cache_new();
2370 if (!s->mmap)
2371 return log_oom();
2372
2373 s->deferred_closes = set_new(NULL);
2374 if (!s->deferred_closes)
2375 return log_oom();
2376
2377 r = sd_event_default(&s->event);
2378 if (r < 0)
2379 return log_error_errno(r, "Failed to create event loop: %m");
2380
2381 n = sd_listen_fds(true);
2382 if (n < 0)
2383 return log_error_errno(n, "Failed to read listening file descriptors from environment: %m");
2384
2385 native_socket = strjoina(s->runtime_directory, "/socket");
2386 stdout_socket = strjoina(s->runtime_directory, "/stdout");
2387 syslog_socket = strjoina(s->runtime_directory, "/dev-log");
2388 varlink_socket = strjoina(s->runtime_directory, "/io.systemd.journal");
2389
2390 for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
2391
2392 if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, native_socket, 0) > 0) {
2393
2394 if (s->native_fd >= 0)
2395 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
2396 "Too many native sockets passed.");
2397
2398 s->native_fd = fd;
2399
2400 } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, stdout_socket, 0) > 0) {
2401
2402 if (s->stdout_fd >= 0)
2403 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
2404 "Too many stdout sockets passed.");
2405
2406 s->stdout_fd = fd;
2407
2408 } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, syslog_socket, 0) > 0) {
2409
2410 if (s->syslog_fd >= 0)
2411 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
2412 "Too many /dev/log sockets passed.");
2413
2414 s->syslog_fd = fd;
2415
2416 } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, varlink_socket, 0) > 0) {
2417
2418 if (varlink_fd >= 0)
2419 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
2420 "Too many varlink sockets passed.");
2421
2422 varlink_fd = fd;
2423 } else if (sd_is_socket(fd, AF_NETLINK, SOCK_RAW, -1) > 0) {
2424
2425 if (s->audit_fd >= 0)
2426 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
2427 "Too many audit sockets passed.");
2428
2429 s->audit_fd = fd;
2430
2431 } else {
2432
2433 if (!fds) {
2434 fds = fdset_new();
2435 if (!fds)
2436 return log_oom();
2437 }
2438
2439 r = fdset_put(fds, fd);
2440 if (r < 0)
2441 return log_oom();
2442 }
2443 }
2444
2445 /* Try to restore streams, but don't bother if this fails */
2446 (void) server_restore_streams(s, fds);
2447
2448 if (fdset_size(fds) > 0) {
2449 log_warning("%u unknown file descriptors passed, closing.", fdset_size(fds));
2450 fds = fdset_free(fds);
2451 }
2452
2453 no_sockets = s->native_fd < 0 && s->stdout_fd < 0 && s->syslog_fd < 0 && s->audit_fd < 0 && varlink_fd < 0;
2454
2455 /* always open stdout, syslog, native, and kmsg sockets */
2456
2457 /* systemd-journald.socket: /run/systemd/journal/stdout */
2458 r = server_open_stdout_socket(s, stdout_socket);
2459 if (r < 0)
2460 return r;
2461
2462 /* systemd-journald-dev-log.socket: /run/systemd/journal/dev-log */
2463 r = server_open_syslog_socket(s, syslog_socket);
2464 if (r < 0)
2465 return r;
2466
2467 /* systemd-journald.socket: /run/systemd/journal/socket */
2468 r = server_open_native_socket(s, native_socket);
2469 if (r < 0)
2470 return r;
2471
2472 /* /dev/kmsg */
2473 r = server_open_dev_kmsg(s);
2474 if (r < 0)
2475 return r;
2476
2477 /* Unless we got *some* sockets and not audit, open audit socket */
2478 if (s->audit_fd >= 0 || no_sockets) {
2479 r = server_open_audit(s);
2480 if (r < 0)
2481 return r;
2482 }
2483
2484 r = server_open_varlink(s, varlink_socket, varlink_fd);
2485 if (r < 0)
2486 return r;
2487
2488 r = server_open_kernel_seqnum(s);
2489 if (r < 0)
2490 return r;
2491
2492 r = server_open_hostname(s);
2493 if (r < 0)
2494 return r;
2495
2496 r = setup_signals(s);
2497 if (r < 0)
2498 return r;
2499
2500 s->ratelimit = journal_ratelimit_new();
2501 if (!s->ratelimit)
2502 return log_oom();
2503
2504 r = cg_get_root_path(&s->cgroup_root);
2505 if (r < 0)
2506 return log_error_errno(r, "Failed to acquire cgroup root path: %m");
2507
2508 server_cache_hostname(s);
2509 server_cache_boot_id(s);
2510 server_cache_machine_id(s);
2511
2512 if (s->namespace)
2513 s->runtime_storage.path = strjoin("/run/log/journal/", SERVER_MACHINE_ID(s), ".", s->namespace);
2514 else
2515 s->runtime_storage.path = strjoin("/run/log/journal/", SERVER_MACHINE_ID(s));
2516 if (!s->runtime_storage.path)
2517 return log_oom();
2518
2519 e = getenv("LOGS_DIRECTORY");
2520 if (e)
2521 s->system_storage.path = strdup(e);
2522 else if (s->namespace)
2523 s->system_storage.path = strjoin("/var/log/journal/", SERVER_MACHINE_ID(s), ".", s->namespace);
2524 else
2525 s->system_storage.path = strjoin("/var/log/journal/", SERVER_MACHINE_ID(s));
2526 if (!s->system_storage.path)
2527 return log_oom();
2528
2529 (void) server_connect_notify(s);
2530
2531 (void) client_context_acquire_default(s);
2532
2533 r = system_journal_open(s, false, false);
2534 if (r < 0)
2535 return r;
2536
2537 server_start_or_stop_idle_timer(s);
2538 return 0;
2539 }
2540
server_maybe_append_tags(Server * s)2541 void server_maybe_append_tags(Server *s) {
2542 #if HAVE_GCRYPT
2543 ManagedJournalFile *f;
2544 usec_t n;
2545
2546 n = now(CLOCK_REALTIME);
2547
2548 if (s->system_journal)
2549 journal_file_maybe_append_tag(s->system_journal->file, n);
2550
2551 ORDERED_HASHMAP_FOREACH(f, s->user_journals)
2552 journal_file_maybe_append_tag(f->file, n);
2553 #endif
2554 }
2555
server_done(Server * s)2556 void server_done(Server *s) {
2557 assert(s);
2558
2559 free(s->namespace);
2560 free(s->namespace_field);
2561
2562 set_free_with_destructor(s->deferred_closes, managed_journal_file_close);
2563
2564 while (s->stdout_streams)
2565 stdout_stream_free(s->stdout_streams);
2566
2567 client_context_flush_all(s);
2568
2569 (void) managed_journal_file_close(s->system_journal);
2570 (void) managed_journal_file_close(s->runtime_journal);
2571
2572 ordered_hashmap_free_with_destructor(s->user_journals, managed_journal_file_close);
2573
2574 varlink_server_unref(s->varlink_server);
2575
2576 sd_event_source_unref(s->syslog_event_source);
2577 sd_event_source_unref(s->native_event_source);
2578 sd_event_source_unref(s->stdout_event_source);
2579 sd_event_source_unref(s->dev_kmsg_event_source);
2580 sd_event_source_unref(s->audit_event_source);
2581 sd_event_source_unref(s->sync_event_source);
2582 sd_event_source_unref(s->sigusr1_event_source);
2583 sd_event_source_unref(s->sigusr2_event_source);
2584 sd_event_source_unref(s->sigterm_event_source);
2585 sd_event_source_unref(s->sigint_event_source);
2586 sd_event_source_unref(s->sigrtmin1_event_source);
2587 sd_event_source_unref(s->hostname_event_source);
2588 sd_event_source_unref(s->notify_event_source);
2589 sd_event_source_unref(s->watchdog_event_source);
2590 sd_event_source_unref(s->idle_event_source);
2591 sd_event_unref(s->event);
2592
2593 safe_close(s->syslog_fd);
2594 safe_close(s->native_fd);
2595 safe_close(s->stdout_fd);
2596 safe_close(s->dev_kmsg_fd);
2597 safe_close(s->audit_fd);
2598 safe_close(s->hostname_fd);
2599 safe_close(s->notify_fd);
2600
2601 if (s->ratelimit)
2602 journal_ratelimit_free(s->ratelimit);
2603
2604 if (s->kernel_seqnum)
2605 munmap(s->kernel_seqnum, sizeof(uint64_t));
2606
2607 free(s->buffer);
2608 free(s->tty_path);
2609 free(s->cgroup_root);
2610 free(s->hostname_field);
2611 free(s->runtime_storage.path);
2612 free(s->system_storage.path);
2613 free(s->runtime_directory);
2614
2615 mmap_cache_unref(s->mmap);
2616 }
2617
2618 static const char* const storage_table[_STORAGE_MAX] = {
2619 [STORAGE_AUTO] = "auto",
2620 [STORAGE_VOLATILE] = "volatile",
2621 [STORAGE_PERSISTENT] = "persistent",
2622 [STORAGE_NONE] = "none"
2623 };
2624
2625 DEFINE_STRING_TABLE_LOOKUP(storage, Storage);
2626 DEFINE_CONFIG_PARSE_ENUM(config_parse_storage, storage, Storage, "Failed to parse storage setting");
2627
2628 static const char* const split_mode_table[_SPLIT_MAX] = {
2629 [SPLIT_LOGIN] = "login",
2630 [SPLIT_UID] = "uid",
2631 [SPLIT_NONE] = "none",
2632 };
2633
2634 DEFINE_STRING_TABLE_LOOKUP(split_mode, SplitMode);
2635 DEFINE_CONFIG_PARSE_ENUM(config_parse_split_mode, split_mode, SplitMode, "Failed to parse split mode setting");
2636
config_parse_line_max(const char * unit,const char * filename,unsigned line,const char * section,unsigned section_line,const char * lvalue,int ltype,const char * rvalue,void * data,void * userdata)2637 int config_parse_line_max(
2638 const char* unit,
2639 const char *filename,
2640 unsigned line,
2641 const char *section,
2642 unsigned section_line,
2643 const char *lvalue,
2644 int ltype,
2645 const char *rvalue,
2646 void *data,
2647 void *userdata) {
2648
2649 size_t *sz = data;
2650 int r;
2651
2652 assert(filename);
2653 assert(lvalue);
2654 assert(rvalue);
2655 assert(data);
2656
2657 if (isempty(rvalue))
2658 /* Empty assignment means default */
2659 *sz = DEFAULT_LINE_MAX;
2660 else {
2661 uint64_t v;
2662
2663 r = parse_size(rvalue, 1024, &v);
2664 if (r < 0) {
2665 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse LineMax= value, ignoring: %s", rvalue);
2666 return 0;
2667 }
2668
2669 if (v < 79) {
2670 /* Why specify 79 here as minimum line length? Simply, because the most common traditional
2671 * terminal size is 80ch, and it might make sense to break one character before the natural
2672 * line break would occur on that. */
2673 log_syntax(unit, LOG_WARNING, filename, line, 0, "LineMax= too small, clamping to 79: %s", rvalue);
2674 *sz = 79;
2675 } else if (v > (uint64_t) (SSIZE_MAX-1)) {
2676 /* So, why specify SSIZE_MAX-1 here? Because that's one below the largest size value read()
2677 * can return, and we need one extra byte for the trailing NUL byte. Of course IRL such large
2678 * memory allocations will fail anyway, hence this limit is mostly theoretical anyway, as we'll
2679 * fail much earlier anyway. */
2680 log_syntax(unit, LOG_WARNING, filename, line, 0, "LineMax= too large, clamping to %" PRIu64 ": %s", (uint64_t) (SSIZE_MAX-1), rvalue);
2681 *sz = SSIZE_MAX-1;
2682 } else
2683 *sz = (size_t) v;
2684 }
2685
2686 return 0;
2687 }
2688
config_parse_compress(const char * unit,const char * filename,unsigned line,const char * section,unsigned section_line,const char * lvalue,int ltype,const char * rvalue,void * data,void * userdata)2689 int config_parse_compress(
2690 const char* unit,
2691 const char *filename,
2692 unsigned line,
2693 const char *section,
2694 unsigned section_line,
2695 const char *lvalue,
2696 int ltype,
2697 const char *rvalue,
2698 void *data,
2699 void *userdata) {
2700
2701 JournalCompressOptions* compress = data;
2702 int r;
2703
2704 if (isempty(rvalue)) {
2705 compress->enabled = true;
2706 compress->threshold_bytes = UINT64_MAX;
2707 } else if (streq(rvalue, "1")) {
2708 log_syntax(unit, LOG_WARNING, filename, line, 0,
2709 "Compress= ambiguously specified as 1, enabling compression with default threshold");
2710 compress->enabled = true;
2711 } else if (streq(rvalue, "0")) {
2712 log_syntax(unit, LOG_WARNING, filename, line, 0,
2713 "Compress= ambiguously specified as 0, disabling compression");
2714 compress->enabled = false;
2715 } else {
2716 r = parse_boolean(rvalue);
2717 if (r < 0) {
2718 r = parse_size(rvalue, 1024, &compress->threshold_bytes);
2719 if (r < 0)
2720 log_syntax(unit, LOG_WARNING, filename, line, r,
2721 "Failed to parse Compress= value, ignoring: %s", rvalue);
2722 else
2723 compress->enabled = true;
2724 } else
2725 compress->enabled = r;
2726 }
2727
2728 return 0;
2729 }
2730