1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2011 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 #include <sys/epoll.h>
23 #include <sys/socket.h>
25 #include <sys/signalfd.h>
29 #include <sys/ioctl.h>
30 #include <linux/sockios.h>
31 #include <sys/statvfs.h>
33 #include <systemd/sd-journal.h>
34 #include <systemd/sd-messages.h>
35 #include <systemd/sd-daemon.h>
38 #include <systemd/sd-login.h>
43 #include "journal-file.h"
44 #include "socket-util.h"
45 #include "cgroup-util.h"
47 #include "journal-rate-limit.h"
48 #include "journal-internal.h"
49 #include "conf-parser.h"
56 #include <acl/libacl.h>
61 #include <selinux/selinux.h>
64 #define USER_JOURNALS_MAX 1024
65 #define STDOUT_STREAMS_MAX 4096
67 #define DEFAULT_RATE_LIMIT_INTERVAL (10*USEC_PER_SEC)
68 #define DEFAULT_RATE_LIMIT_BURST 200
70 #define RECHECK_AVAILABLE_SPACE_USEC (30*USEC_PER_SEC)
72 #define N_IOVEC_META_FIELDS 17
74 #define ENTRY_SIZE_MAX (1024*1024*32)
76 typedef enum StdoutStreamState {
77 STDOUT_STREAM_IDENTIFIER,
78 STDOUT_STREAM_UNIT_ID,
79 STDOUT_STREAM_PRIORITY,
80 STDOUT_STREAM_LEVEL_PREFIX,
81 STDOUT_STREAM_FORWARD_TO_SYSLOG,
82 STDOUT_STREAM_FORWARD_TO_KMSG,
83 STDOUT_STREAM_FORWARD_TO_CONSOLE,
89 StdoutStreamState state;
95 security_context_t security_context;
102 bool forward_to_syslog:1;
103 bool forward_to_kmsg:1;
104 bool forward_to_console:1;
106 char buffer[LINE_MAX+1];
109 LIST_FIELDS(StdoutStream, stdout_stream);
112 static const char* const storage_table[] = {
113 [STORAGE_AUTO] = "auto",
114 [STORAGE_VOLATILE] = "volatile",
115 [STORAGE_PERSISTENT] = "persistent",
116 [STORAGE_NONE] = "none"
119 DEFINE_STRING_TABLE_LOOKUP(storage, Storage);
120 DEFINE_CONFIG_PARSE_ENUM(config_parse_storage, storage, Storage, "Failed to parse storage setting");
122 static uint64_t available_space(Server *s) {
127 uint64_t sum = 0, avail = 0, ss_avail = 0;
133 ts = now(CLOCK_MONOTONIC);
135 if (s->cached_available_space_timestamp + RECHECK_AVAILABLE_SPACE_USEC > ts)
136 return s->cached_available_space;
138 r = sd_id128_get_machine(&machine);
142 if (s->system_journal) {
143 f = "/var/log/journal/";
144 m = &s->system_metrics;
146 f = "/run/log/journal/";
147 m = &s->runtime_metrics;
152 p = strappend(f, sd_id128_to_string(machine, ids));
162 if (fstatvfs(dirfd(d), &ss) < 0)
167 struct dirent buf, *de;
169 r = readdir_r(d, &buf, &de);
176 if (!endswith(de->d_name, ".journal") &&
177 !endswith(de->d_name, ".journal~"))
180 if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0)
183 if (!S_ISREG(st.st_mode))
186 sum += (uint64_t) st.st_blocks * 512UL;
189 avail = sum >= m->max_use ? 0 : m->max_use - sum;
191 ss_avail = ss.f_bsize * ss.f_bavail;
193 ss_avail = ss_avail < m->keep_free ? 0 : ss_avail - m->keep_free;
195 if (ss_avail < avail)
198 s->cached_available_space = avail;
199 s->cached_available_space_timestamp = ts;
207 static void server_read_file_gid(Server *s) {
208 const char *adm = "adm";
213 if (s->file_gid_valid)
216 r = get_group_creds(&adm, &s->file_gid);
218 log_warning("Failed to resolve 'adm' group: %s", strerror(-r));
220 /* if we couldn't read the gid, then it will be 0, but that's
221 * fine and we shouldn't try to resolve the group again, so
222 * let's just pretend it worked right-away. */
223 s->file_gid_valid = true;
226 static void server_fix_perms(Server *s, JournalFile *f, uid_t uid) {
231 acl_permset_t permset;
236 server_read_file_gid(s);
238 r = fchmod_and_fchown(f->fd, 0640, 0, s->file_gid);
240 log_warning("Failed to fix access mode/rights on %s, ignoring: %s", f->path, strerror(-r));
246 acl = acl_get_fd(f->fd);
248 log_warning("Failed to read ACL on %s, ignoring: %m", f->path);
252 r = acl_find_uid(acl, uid, &entry);
255 if (acl_create_entry(&acl, &entry) < 0 ||
256 acl_set_tag_type(entry, ACL_USER) < 0 ||
257 acl_set_qualifier(entry, &uid) < 0) {
258 log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
263 if (acl_get_permset(entry, &permset) < 0 ||
264 acl_add_perm(permset, ACL_READ) < 0 ||
265 acl_calc_mask(&acl) < 0) {
266 log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
270 if (acl_set_fd(f->fd, acl) < 0)
271 log_warning("Failed to set ACL on %s, ignoring: %m", f->path);
278 static JournalFile* find_journal(Server *s, uid_t uid) {
287 /* We split up user logs only on /var, not on /run. If the
288 * runtime file is open, we write to it exclusively, in order
289 * to guarantee proper order as soon as we flush /run to
290 * /var and close the runtime file. */
292 if (s->runtime_journal)
293 return s->runtime_journal;
296 return s->system_journal;
298 r = sd_id128_get_machine(&machine);
300 return s->system_journal;
302 f = hashmap_get(s->user_journals, UINT32_TO_PTR(uid));
306 if (asprintf(&p, "/var/log/journal/%s/user-%lu.journal", sd_id128_to_string(machine, ids), (unsigned long) uid) < 0)
307 return s->system_journal;
309 while (hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
310 /* Too many open? Then let's close one */
311 f = hashmap_steal_first(s->user_journals);
313 journal_file_close(f);
316 r = journal_file_open_reliably(p, O_RDWR|O_CREAT, 0640, &s->system_metrics, s->system_journal, &f);
320 return s->system_journal;
322 server_fix_perms(s, f, uid);
324 r = hashmap_put(s->user_journals, UINT32_TO_PTR(uid), f);
326 journal_file_close(f);
327 return s->system_journal;
333 static void server_rotate(Server *s) {
339 log_info("Rotating...");
341 if (s->runtime_journal) {
342 r = journal_file_rotate(&s->runtime_journal);
344 if (s->runtime_journal)
345 log_error("Failed to rotate %s: %s", s->runtime_journal->path, strerror(-r));
347 log_error("Failed to create new runtime journal: %s", strerror(-r));
349 server_fix_perms(s, s->runtime_journal, 0);
352 if (s->system_journal) {
353 r = journal_file_rotate(&s->system_journal);
355 if (s->system_journal)
356 log_error("Failed to rotate %s: %s", s->system_journal->path, strerror(-r));
358 log_error("Failed to create new system journal: %s", strerror(-r));
361 server_fix_perms(s, s->system_journal, 0);
364 HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
365 r = journal_file_rotate(&f);
368 log_error("Failed to rotate %s: %s", f->path, strerror(-r));
370 log_error("Failed to create user journal: %s", strerror(-r));
372 hashmap_replace(s->user_journals, k, f);
373 server_fix_perms(s, s->system_journal, PTR_TO_UINT32(k));
378 static void server_vacuum(Server *s) {
384 log_info("Vacuuming...");
386 r = sd_id128_get_machine(&machine);
388 log_error("Failed to get machine ID: %s", strerror(-r));
392 sd_id128_to_string(machine, ids);
394 if (s->system_journal) {
395 if (asprintf(&p, "/var/log/journal/%s", ids) < 0) {
400 r = journal_directory_vacuum(p, s->system_metrics.max_use, s->system_metrics.keep_free);
401 if (r < 0 && r != -ENOENT)
402 log_error("Failed to vacuum %s: %s", p, strerror(-r));
406 if (s->runtime_journal) {
407 if (asprintf(&p, "/run/log/journal/%s", ids) < 0) {
412 r = journal_directory_vacuum(p, s->runtime_metrics.max_use, s->runtime_metrics.keep_free);
413 if (r < 0 && r != -ENOENT)
414 log_error("Failed to vacuum %s: %s", p, strerror(-r));
418 s->cached_available_space_timestamp = 0;
421 static char *shortened_cgroup_path(pid_t pid) {
423 char *process_path, *init_path, *path;
427 r = cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, pid, &process_path);
431 r = cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, 1, &init_path);
437 if (endswith(init_path, "/system"))
438 init_path[strlen(init_path) - 7] = 0;
439 else if (streq(init_path, "/"))
442 if (startswith(process_path, init_path)) {
445 p = strdup(process_path + strlen(init_path));
463 static void write_to_journal(Server *s, uid_t uid, struct iovec *iovec, unsigned n) {
465 bool vacuumed = false;
472 f = find_journal(s, uid);
476 if (journal_file_rotate_suggested(f)) {
477 log_info("Journal header limits reached or header out-of-date, rotating.");
482 f = find_journal(s, uid);
488 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
493 (r != -E2BIG && /* hit limit */
494 r != -EFBIG && /* hit fs limit */
495 r != -EDQUOT && /* quota hit */
496 r != -ENOSPC && /* disk full */
497 r != -EBADMSG && /* corrupted */
498 r != -ENODATA && /* truncated */
499 r != -EHOSTDOWN && /* other machine */
500 r != -EPROTONOSUPPORT && /* unsupported feature */
501 r != -EBUSY && /* unclean shutdown */
502 r != -ESHUTDOWN /* already archived */)) {
503 log_error("Failed to write entry, ignoring: %s", strerror(-r));
507 if (r == -E2BIG || r == -EFBIG || r == EDQUOT || r == ENOSPC)
508 log_info("Allocation limit reached, rotating.");
509 else if (r == -EHOSTDOWN)
510 log_info("Journal file from other machine, rotating.");
511 else if (r == -EBUSY)
512 log_info("Unlcean shutdown, rotating.");
514 log_warning("Journal file corrupted, rotating.");
520 f = find_journal(s, uid);
524 log_info("Retrying write.");
528 static void dispatch_message_real(
530 struct iovec *iovec, unsigned n, unsigned m,
533 const char *label, size_t label_len,
534 const char *unit_id) {
536 char *pid = NULL, *uid = NULL, *gid = NULL,
537 *source_time = NULL, *boot_id = NULL, *machine_id = NULL,
538 *comm = NULL, *cmdline = NULL, *hostname = NULL,
539 *audit_session = NULL, *audit_loginuid = NULL,
540 *exe = NULL, *cgroup = NULL, *session = NULL,
541 *owner_uid = NULL, *unit = NULL, *selinux_context = NULL;
547 uid_t loginuid = 0, realuid = 0;
552 assert(n + N_IOVEC_META_FIELDS <= m);
560 realuid = ucred->uid;
562 if (asprintf(&pid, "_PID=%lu", (unsigned long) ucred->pid) >= 0)
563 IOVEC_SET_STRING(iovec[n++], pid);
565 if (asprintf(&uid, "_UID=%lu", (unsigned long) ucred->uid) >= 0)
566 IOVEC_SET_STRING(iovec[n++], uid);
568 if (asprintf(&gid, "_GID=%lu", (unsigned long) ucred->gid) >= 0)
569 IOVEC_SET_STRING(iovec[n++], gid);
571 r = get_process_comm(ucred->pid, &t);
573 comm = strappend("_COMM=", t);
577 IOVEC_SET_STRING(iovec[n++], comm);
580 r = get_process_exe(ucred->pid, &t);
582 exe = strappend("_EXE=", t);
586 IOVEC_SET_STRING(iovec[n++], exe);
589 r = get_process_cmdline(ucred->pid, LINE_MAX, false, &t);
591 cmdline = strappend("_CMDLINE=", t);
595 IOVEC_SET_STRING(iovec[n++], cmdline);
598 r = audit_session_from_pid(ucred->pid, &audit);
600 if (asprintf(&audit_session, "_AUDIT_SESSION=%lu", (unsigned long) audit) >= 0)
601 IOVEC_SET_STRING(iovec[n++], audit_session);
603 r = audit_loginuid_from_pid(ucred->pid, &loginuid);
605 if (asprintf(&audit_loginuid, "_AUDIT_LOGINUID=%lu", (unsigned long) loginuid) >= 0)
606 IOVEC_SET_STRING(iovec[n++], audit_loginuid);
608 t = shortened_cgroup_path(ucred->pid);
610 cgroup = strappend("_SYSTEMD_CGROUP=", t);
614 IOVEC_SET_STRING(iovec[n++], cgroup);
618 if (sd_pid_get_session(ucred->pid, &t) >= 0) {
619 session = strappend("_SYSTEMD_SESSION=", t);
623 IOVEC_SET_STRING(iovec[n++], session);
626 if (sd_pid_get_owner_uid(ucred->uid, &owner) >= 0)
627 if (asprintf(&owner_uid, "_SYSTEMD_OWNER_UID=%lu", (unsigned long) owner) >= 0)
628 IOVEC_SET_STRING(iovec[n++], owner_uid);
631 if (cg_pid_get_unit(ucred->pid, &t) >= 0) {
632 unit = strappend("_SYSTEMD_UNIT=", t);
635 unit = strappend("_SYSTEMD_UNIT=", unit_id);
638 IOVEC_SET_STRING(iovec[n++], unit);
642 selinux_context = malloc(sizeof("_SELINUX_CONTEXT=") + label_len);
643 if (selinux_context) {
644 memcpy(selinux_context, "_SELINUX_CONTEXT=", sizeof("_SELINUX_CONTEXT=")-1);
645 memcpy(selinux_context+sizeof("_SELINUX_CONTEXT=")-1, label, label_len);
646 selinux_context[sizeof("_SELINUX_CONTEXT=")-1+label_len] = 0;
647 IOVEC_SET_STRING(iovec[n++], selinux_context);
650 security_context_t con;
652 if (getpidcon(ucred->pid, &con) >= 0) {
653 selinux_context = strappend("_SELINUX_CONTEXT=", con);
655 IOVEC_SET_STRING(iovec[n++], selinux_context);
664 if (asprintf(&source_time, "_SOURCE_REALTIME_TIMESTAMP=%llu",
665 (unsigned long long) timeval_load(tv)) >= 0)
666 IOVEC_SET_STRING(iovec[n++], source_time);
669 /* Note that strictly speaking storing the boot id here is
670 * redundant since the entry includes this in-line
671 * anyway. However, we need this indexed, too. */
672 r = sd_id128_get_boot(&id);
674 if (asprintf(&boot_id, "_BOOT_ID=%s", sd_id128_to_string(id, idbuf)) >= 0)
675 IOVEC_SET_STRING(iovec[n++], boot_id);
677 r = sd_id128_get_machine(&id);
679 if (asprintf(&machine_id, "_MACHINE_ID=%s", sd_id128_to_string(id, idbuf)) >= 0)
680 IOVEC_SET_STRING(iovec[n++], machine_id);
682 t = gethostname_malloc();
684 hostname = strappend("_HOSTNAME=", t);
687 IOVEC_SET_STRING(iovec[n++], hostname);
692 write_to_journal(s, realuid == 0 ? 0 : loginuid, iovec, n);
705 free(audit_loginuid);
710 free(selinux_context);
713 static void driver_message(Server *s, sd_id128_t message_id, const char *format, ...) {
714 char mid[11 + 32 + 1];
715 char buffer[16 + LINE_MAX + 1];
716 struct iovec iovec[N_IOVEC_META_FIELDS + 4];
724 IOVEC_SET_STRING(iovec[n++], "PRIORITY=6");
725 IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=driver");
727 memcpy(buffer, "MESSAGE=", 8);
728 va_start(ap, format);
729 vsnprintf(buffer + 8, sizeof(buffer) - 8, format, ap);
731 char_array_0(buffer);
732 IOVEC_SET_STRING(iovec[n++], buffer);
734 snprintf(mid, sizeof(mid), "MESSAGE_ID=" SD_ID128_FORMAT_STR, SD_ID128_FORMAT_VAL(message_id));
736 IOVEC_SET_STRING(iovec[n++], mid);
739 ucred.pid = getpid();
740 ucred.uid = getuid();
741 ucred.gid = getgid();
743 dispatch_message_real(s, iovec, n, ELEMENTSOF(iovec), &ucred, NULL, NULL, 0, NULL);
746 static void dispatch_message(Server *s,
747 struct iovec *iovec, unsigned n, unsigned m,
750 const char *label, size_t label_len,
754 char *path = NULL, *c;
757 assert(iovec || n == 0);
762 if (LOG_PRI(priority) > s->max_level_store)
768 path = shortened_cgroup_path(ucred->pid);
772 /* example: /user/lennart/3/foobar
773 * /system/dbus.service/foobar
775 * So let's cut of everything past the third /, since that is
776 * wher user directories start */
778 c = strchr(path, '/');
780 c = strchr(c+1, '/');
782 c = strchr(c+1, '/');
788 rl = journal_rate_limit_test(s->rate_limit, path, priority & LOG_PRIMASK, available_space(s));
795 /* Write a suppression message if we suppressed something */
797 driver_message(s, SD_MESSAGE_JOURNAL_DROPPED, "Suppressed %u messages from %s", rl - 1, path);
802 dispatch_message_real(s, iovec, n, m, ucred, tv, label, label_len, unit_id);
805 static void forward_syslog_iovec(Server *s, const struct iovec *iovec, unsigned n_iovec, struct ucred *ucred, struct timeval *tv) {
806 struct msghdr msghdr;
807 struct cmsghdr *cmsg;
809 struct cmsghdr cmsghdr;
810 uint8_t buf[CMSG_SPACE(sizeof(struct ucred))];
812 union sockaddr_union sa;
819 msghdr.msg_iov = (struct iovec*) iovec;
820 msghdr.msg_iovlen = n_iovec;
823 sa.un.sun_family = AF_UNIX;
824 strncpy(sa.un.sun_path, "/run/systemd/journal/syslog", sizeof(sa.un.sun_path));
825 msghdr.msg_name = &sa;
826 msghdr.msg_namelen = offsetof(union sockaddr_union, un.sun_path) + strlen(sa.un.sun_path);
830 msghdr.msg_control = &control;
831 msghdr.msg_controllen = sizeof(control);
833 cmsg = CMSG_FIRSTHDR(&msghdr);
834 cmsg->cmsg_level = SOL_SOCKET;
835 cmsg->cmsg_type = SCM_CREDENTIALS;
836 cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
837 memcpy(CMSG_DATA(cmsg), ucred, sizeof(struct ucred));
838 msghdr.msg_controllen = cmsg->cmsg_len;
841 /* Forward the syslog message we received via /dev/log to
842 * /run/systemd/syslog. Unfortunately we currently can't set
843 * the SO_TIMESTAMP auxiliary data, and hence we don't. */
845 if (sendmsg(s->syslog_fd, &msghdr, MSG_NOSIGNAL) >= 0)
848 /* The socket is full? I guess the syslog implementation is
849 * too slow, and we shouldn't wait for that... */
853 if (ucred && errno == ESRCH) {
856 /* Hmm, presumably the sender process vanished
857 * by now, so let's fix it as good as we
862 memcpy(CMSG_DATA(cmsg), &u, sizeof(struct ucred));
864 if (sendmsg(s->syslog_fd, &msghdr, MSG_NOSIGNAL) >= 0)
872 log_debug("Failed to forward syslog message: %m");
875 static void forward_syslog_raw(Server *s, int priority, const char *buffer, struct ucred *ucred, struct timeval *tv) {
881 if (LOG_PRI(priority) > s->max_level_syslog)
884 IOVEC_SET_STRING(iovec, buffer);
885 forward_syslog_iovec(s, &iovec, 1, ucred, tv);
888 static void forward_syslog(Server *s, int priority, const char *identifier, const char *message, struct ucred *ucred, struct timeval *tv) {
889 struct iovec iovec[5];
890 char header_priority[6], header_time[64], header_pid[16];
894 char *ident_buf = NULL;
897 assert(priority >= 0);
898 assert(priority <= 999);
901 if (LOG_PRI(priority) > s->max_level_syslog)
904 /* First: priority field */
905 snprintf(header_priority, sizeof(header_priority), "<%i>", priority);
906 char_array_0(header_priority);
907 IOVEC_SET_STRING(iovec[n++], header_priority);
909 /* Second: timestamp */
910 t = tv ? tv->tv_sec : ((time_t) (now(CLOCK_REALTIME) / USEC_PER_SEC));
914 if (strftime(header_time, sizeof(header_time), "%h %e %T ", tm) <= 0)
916 IOVEC_SET_STRING(iovec[n++], header_time);
918 /* Third: identifier and PID */
921 get_process_comm(ucred->pid, &ident_buf);
922 identifier = ident_buf;
925 snprintf(header_pid, sizeof(header_pid), "[%lu]: ", (unsigned long) ucred->pid);
926 char_array_0(header_pid);
929 IOVEC_SET_STRING(iovec[n++], identifier);
931 IOVEC_SET_STRING(iovec[n++], header_pid);
932 } else if (identifier) {
933 IOVEC_SET_STRING(iovec[n++], identifier);
934 IOVEC_SET_STRING(iovec[n++], ": ");
937 /* Fourth: message */
938 IOVEC_SET_STRING(iovec[n++], message);
940 forward_syslog_iovec(s, iovec, n, ucred, tv);
945 static int fixup_priority(int priority) {
947 if ((priority & LOG_FACMASK) == 0)
948 return (priority & LOG_PRIMASK) | LOG_USER;
953 static void forward_kmsg(Server *s, int priority, const char *identifier, const char *message, struct ucred *ucred) {
954 struct iovec iovec[5];
955 char header_priority[6], header_pid[16];
957 char *ident_buf = NULL;
960 assert(priority >= 0);
961 assert(priority <= 999);
964 if (_unlikely_(LOG_PRI(priority) > s->max_level_kmsg))
967 if (_unlikely_(s->dev_kmsg_fd < 0))
970 /* Never allow messages with kernel facility to be written to
971 * kmsg, regardless where the data comes from. */
972 priority = fixup_priority(priority);
974 /* First: priority field */
975 snprintf(header_priority, sizeof(header_priority), "<%i>", priority);
976 char_array_0(header_priority);
977 IOVEC_SET_STRING(iovec[n++], header_priority);
979 /* Second: identifier and PID */
982 get_process_comm(ucred->pid, &ident_buf);
983 identifier = ident_buf;
986 snprintf(header_pid, sizeof(header_pid), "[%lu]: ", (unsigned long) ucred->pid);
987 char_array_0(header_pid);
990 IOVEC_SET_STRING(iovec[n++], identifier);
992 IOVEC_SET_STRING(iovec[n++], header_pid);
993 } else if (identifier) {
994 IOVEC_SET_STRING(iovec[n++], identifier);
995 IOVEC_SET_STRING(iovec[n++], ": ");
998 /* Fourth: message */
999 IOVEC_SET_STRING(iovec[n++], message);
1000 IOVEC_SET_STRING(iovec[n++], "\n");
1002 if (writev(s->dev_kmsg_fd, iovec, n) < 0)
1003 log_debug("Failed to write to /dev/kmsg for logging: %s", strerror(errno));
1008 static void forward_console(Server *s, int priority, const char *identifier, const char *message, struct ucred *ucred) {
1009 struct iovec iovec[4];
1010 char header_pid[16];
1012 char *ident_buf = NULL;
1018 if (LOG_PRI(priority) > s->max_level_console)
1021 /* First: identifier and PID */
1024 get_process_comm(ucred->pid, &ident_buf);
1025 identifier = ident_buf;
1028 snprintf(header_pid, sizeof(header_pid), "[%lu]: ", (unsigned long) ucred->pid);
1029 char_array_0(header_pid);
1032 IOVEC_SET_STRING(iovec[n++], identifier);
1034 IOVEC_SET_STRING(iovec[n++], header_pid);
1035 } else if (identifier) {
1036 IOVEC_SET_STRING(iovec[n++], identifier);
1037 IOVEC_SET_STRING(iovec[n++], ": ");
1040 /* Third: message */
1041 IOVEC_SET_STRING(iovec[n++], message);
1042 IOVEC_SET_STRING(iovec[n++], "\n");
1044 tty = s->tty_path ? s->tty_path : "/dev/console";
1046 fd = open_terminal(tty, O_WRONLY|O_NOCTTY|O_CLOEXEC);
1048 log_debug("Failed to open %s for logging: %s", tty, strerror(errno));
1052 if (writev(fd, iovec, n) < 0)
1053 log_debug("Failed to write to %s for logging: %s", tty, strerror(errno));
1055 close_nointr_nofail(fd);
1061 static void read_identifier(const char **buf, char **identifier, char **pid) {
1072 p += strspn(p, WHITESPACE);
1073 l = strcspn(p, WHITESPACE);
1082 if (p[l-1] == ']') {
1088 t = strndup(p+k+1, l-k-2);
1108 *buf += strspn(*buf, WHITESPACE);
1111 static void process_syslog_message(Server *s, const char *buf, struct ucred *ucred, struct timeval *tv, const char *label, size_t label_len) {
1112 char *message = NULL, *syslog_priority = NULL, *syslog_facility = NULL, *syslog_identifier = NULL, *syslog_pid = NULL;
1113 struct iovec iovec[N_IOVEC_META_FIELDS + 6];
1115 int priority = LOG_USER | LOG_INFO;
1116 char *identifier = NULL, *pid = NULL;
1123 parse_syslog_priority((char**) &buf, &priority);
1125 if (s->forward_to_syslog)
1126 forward_syslog_raw(s, priority, orig, ucred, tv);
1128 skip_syslog_date((char**) &buf);
1129 read_identifier(&buf, &identifier, &pid);
1131 if (s->forward_to_kmsg)
1132 forward_kmsg(s, priority, identifier, buf, ucred);
1134 if (s->forward_to_console)
1135 forward_console(s, priority, identifier, buf, ucred);
1137 IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=syslog");
1139 if (asprintf(&syslog_priority, "PRIORITY=%i", priority & LOG_PRIMASK) >= 0)
1140 IOVEC_SET_STRING(iovec[n++], syslog_priority);
1142 if (priority & LOG_FACMASK)
1143 if (asprintf(&syslog_facility, "SYSLOG_FACILITY=%i", LOG_FAC(priority)) >= 0)
1144 IOVEC_SET_STRING(iovec[n++], syslog_facility);
1147 syslog_identifier = strappend("SYSLOG_IDENTIFIER=", identifier);
1148 if (syslog_identifier)
1149 IOVEC_SET_STRING(iovec[n++], syslog_identifier);
1153 syslog_pid = strappend("SYSLOG_PID=", pid);
1155 IOVEC_SET_STRING(iovec[n++], syslog_pid);
1158 message = strappend("MESSAGE=", buf);
1160 IOVEC_SET_STRING(iovec[n++], message);
1162 dispatch_message(s, iovec, n, ELEMENTSOF(iovec), ucred, tv, label, label_len, NULL, priority);
1167 free(syslog_priority);
1168 free(syslog_facility);
1169 free(syslog_identifier);
1173 static bool valid_user_field(const char *p, size_t l) {
1176 /* We kinda enforce POSIX syntax recommendations for
1177 environment variables here, but make a couple of additional
1180 http://pubs.opengroup.org/onlinepubs/000095399/basedefs/xbd_chap08.html */
1182 /* No empty field names */
1186 /* Don't allow names longer than 64 chars */
1190 /* Variables starting with an underscore are protected */
1194 /* Don't allow digits as first character */
1195 if (p[0] >= '0' && p[0] <= '9')
1198 /* Only allow A-Z0-9 and '_' */
1199 for (a = p; a < p + l; a++)
1200 if (!((*a >= 'A' && *a <= 'Z') ||
1201 (*a >= '0' && *a <= '9') ||
1208 static void process_native_message(
1210 const void *buffer, size_t buffer_size,
1211 struct ucred *ucred,
1213 const char *label, size_t label_len) {
1215 struct iovec *iovec = NULL;
1216 unsigned n = 0, m = 0, j, tn = (unsigned) -1;
1219 int priority = LOG_INFO;
1220 char *identifier = NULL, *message = NULL;
1223 assert(buffer || buffer_size == 0);
1226 remaining = buffer_size;
1228 while (remaining > 0) {
1231 e = memchr(p, '\n', remaining);
1234 /* Trailing noise, let's ignore it, and flush what we collected */
1235 log_debug("Received message with trailing noise, ignoring.");
1240 /* Entry separator */
1241 dispatch_message(s, iovec, n, m, ucred, tv, label, label_len, NULL, priority);
1243 priority = LOG_INFO;
1250 if (*p == '.' || *p == '#') {
1251 /* Ignore control commands for now, and
1253 remaining -= (e - p) + 1;
1258 /* A property follows */
1260 if (n+N_IOVEC_META_FIELDS >= m) {
1264 u = MAX((n+N_IOVEC_META_FIELDS+1) * 2U, 4U);
1265 c = realloc(iovec, u * sizeof(struct iovec));
1275 q = memchr(p, '=', e - p);
1277 if (valid_user_field(p, q - p)) {
1282 /* If the field name starts with an
1283 * underscore, skip the variable,
1284 * since that indidates a trusted
1286 iovec[n].iov_base = (char*) p;
1287 iovec[n].iov_len = l;
1290 /* We need to determine the priority
1291 * of this entry for the rate limiting
1294 memcmp(p, "PRIORITY=", 9) == 0 &&
1295 p[9] >= '0' && p[9] <= '9')
1296 priority = (priority & LOG_FACMASK) | (p[9] - '0');
1299 memcmp(p, "SYSLOG_FACILITY=", 16) == 0 &&
1300 p[16] >= '0' && p[16] <= '9')
1301 priority = (priority & LOG_PRIMASK) | ((p[16] - '0') << 3);
1304 memcmp(p, "SYSLOG_FACILITY=", 16) == 0 &&
1305 p[16] >= '0' && p[16] <= '9' &&
1306 p[17] >= '0' && p[17] <= '9')
1307 priority = (priority & LOG_PRIMASK) | (((p[16] - '0')*10 + (p[17] - '0')) << 3);
1310 memcmp(p, "SYSLOG_IDENTIFIER=", 18) == 0) {
1313 t = strndup(p + 18, l - 18);
1318 } else if (l >= 8 &&
1319 memcmp(p, "MESSAGE=", 8) == 0) {
1322 t = strndup(p + 8, l - 8);
1330 remaining -= (e - p) + 1;
1338 if (remaining < e - p + 1 + sizeof(uint64_t) + 1) {
1339 log_debug("Failed to parse message, ignoring.");
1343 memcpy(&l_le, e + 1, sizeof(uint64_t));
1346 if (remaining < e - p + 1 + sizeof(uint64_t) + l + 1 ||
1347 e[1+sizeof(uint64_t)+l] != '\n') {
1348 log_debug("Failed to parse message, ignoring.");
1352 k = malloc((e - p) + 1 + l);
1358 memcpy(k, p, e - p);
1360 memcpy(k + (e - p) + 1, e + 1 + sizeof(uint64_t), l);
1362 if (valid_user_field(p, e - p)) {
1363 iovec[n].iov_base = k;
1364 iovec[n].iov_len = (e - p) + 1 + l;
1369 remaining -= (e - p) + 1 + sizeof(uint64_t) + l + 1;
1370 p = e + 1 + sizeof(uint64_t) + l + 1;
1378 IOVEC_SET_STRING(iovec[tn], "_TRANSPORT=journal");
1381 if (s->forward_to_syslog)
1382 forward_syslog(s, priority, identifier, message, ucred, tv);
1384 if (s->forward_to_kmsg)
1385 forward_kmsg(s, priority, identifier, message, ucred);
1387 if (s->forward_to_console)
1388 forward_console(s, priority, identifier, message, ucred);
1391 dispatch_message(s, iovec, n, m, ucred, tv, label, label_len, NULL, priority);
1394 for (j = 0; j < n; j++) {
1398 if (iovec[j].iov_base < buffer ||
1399 (const uint8_t*) iovec[j].iov_base >= (const uint8_t*) buffer + buffer_size)
1400 free(iovec[j].iov_base);
1408 static void process_native_file(
1411 struct ucred *ucred,
1413 const char *label, size_t label_len) {
1422 /* Data is in the passed file, since it didn't fit in a
1423 * datagram. We can't map the file here, since clients might
1424 * then truncate it and trigger a SIGBUS for us. So let's
1425 * stupidly read it */
1427 if (fstat(fd, &st) < 0) {
1428 log_error("Failed to stat passed file, ignoring: %m");
1432 if (!S_ISREG(st.st_mode)) {
1433 log_error("File passed is not regular. Ignoring.");
1437 if (st.st_size <= 0)
1440 if (st.st_size > ENTRY_SIZE_MAX) {
1441 log_error("File passed too large. Ignoring.");
1445 p = malloc(st.st_size);
1451 n = pread(fd, p, st.st_size, 0);
1453 log_error("Failed to read file, ignoring: %s", strerror(-n));
1455 process_native_message(s, p, n, ucred, tv, label, label_len);
1460 static int stdout_stream_log(StdoutStream *s, const char *p) {
1461 struct iovec iovec[N_IOVEC_META_FIELDS + 5];
1462 char *message = NULL, *syslog_priority = NULL, *syslog_facility = NULL, *syslog_identifier = NULL;
1466 size_t label_len = 0;
1474 priority = s->priority;
1476 if (s->level_prefix)
1477 parse_syslog_priority((char**) &p, &priority);
1479 if (s->forward_to_syslog || s->server->forward_to_syslog)
1480 forward_syslog(s->server, fixup_priority(priority), s->identifier, p, &s->ucred, NULL);
1482 if (s->forward_to_kmsg || s->server->forward_to_kmsg)
1483 forward_kmsg(s->server, priority, s->identifier, p, &s->ucred);
1485 if (s->forward_to_console || s->server->forward_to_console)
1486 forward_console(s->server, priority, s->identifier, p, &s->ucred);
1488 IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=stdout");
1490 if (asprintf(&syslog_priority, "PRIORITY=%i", priority & LOG_PRIMASK) >= 0)
1491 IOVEC_SET_STRING(iovec[n++], syslog_priority);
1493 if (priority & LOG_FACMASK)
1494 if (asprintf(&syslog_facility, "SYSLOG_FACILITY=%i", LOG_FAC(priority)) >= 0)
1495 IOVEC_SET_STRING(iovec[n++], syslog_facility);
1497 if (s->identifier) {
1498 syslog_identifier = strappend("SYSLOG_IDENTIFIER=", s->identifier);
1499 if (syslog_identifier)
1500 IOVEC_SET_STRING(iovec[n++], syslog_identifier);
1503 message = strappend("MESSAGE=", p);
1505 IOVEC_SET_STRING(iovec[n++], message);
1508 if (s->security_context) {
1509 label = (char*) s->security_context;
1510 label_len = strlen((char*) s->security_context);
1514 dispatch_message(s->server, iovec, n, ELEMENTSOF(iovec), &s->ucred, NULL, label, label_len, s->unit_id, priority);
1517 free(syslog_priority);
1518 free(syslog_facility);
1519 free(syslog_identifier);
1524 static int stdout_stream_line(StdoutStream *s, char *p) {
1534 case STDOUT_STREAM_IDENTIFIER:
1536 s->identifier = NULL;
1538 s->identifier = strdup(p);
1543 s->state = STDOUT_STREAM_UNIT_ID;
1546 case STDOUT_STREAM_UNIT_ID:
1547 if (s->ucred.uid == 0) {
1551 s->unit_id = strdup(p);
1557 s->state = STDOUT_STREAM_PRIORITY;
1560 case STDOUT_STREAM_PRIORITY:
1561 r = safe_atoi(p, &s->priority);
1562 if (r < 0 || s->priority <= 0 || s->priority >= 999) {
1563 log_warning("Failed to parse log priority line.");
1567 s->state = STDOUT_STREAM_LEVEL_PREFIX;
1570 case STDOUT_STREAM_LEVEL_PREFIX:
1571 r = parse_boolean(p);
1573 log_warning("Failed to parse level prefix line.");
1577 s->level_prefix = !!r;
1578 s->state = STDOUT_STREAM_FORWARD_TO_SYSLOG;
1581 case STDOUT_STREAM_FORWARD_TO_SYSLOG:
1582 r = parse_boolean(p);
1584 log_warning("Failed to parse forward to syslog line.");
1588 s->forward_to_syslog = !!r;
1589 s->state = STDOUT_STREAM_FORWARD_TO_KMSG;
1592 case STDOUT_STREAM_FORWARD_TO_KMSG:
1593 r = parse_boolean(p);
1595 log_warning("Failed to parse copy to kmsg line.");
1599 s->forward_to_kmsg = !!r;
1600 s->state = STDOUT_STREAM_FORWARD_TO_CONSOLE;
1603 case STDOUT_STREAM_FORWARD_TO_CONSOLE:
1604 r = parse_boolean(p);
1606 log_warning("Failed to parse copy to console line.");
1610 s->forward_to_console = !!r;
1611 s->state = STDOUT_STREAM_RUNNING;
1614 case STDOUT_STREAM_RUNNING:
1615 return stdout_stream_log(s, p);
1618 assert_not_reached("Unknown stream state");
1621 static int stdout_stream_scan(StdoutStream *s, bool force_flush) {
1629 remaining = s->length;
1634 end = memchr(p, '\n', remaining);
1637 else if (remaining >= sizeof(s->buffer) - 1) {
1638 end = p + sizeof(s->buffer) - 1;
1645 r = stdout_stream_line(s, p);
1653 if (force_flush && remaining > 0) {
1655 r = stdout_stream_line(s, p);
1663 if (p > s->buffer) {
1664 memmove(s->buffer, p, remaining);
1665 s->length = remaining;
1671 static int stdout_stream_process(StdoutStream *s) {
1677 l = read(s->fd, s->buffer+s->length, sizeof(s->buffer)-1-s->length);
1680 if (errno == EAGAIN)
1683 log_warning("Failed to read from stream: %m");
1688 r = stdout_stream_scan(s, true);
1696 r = stdout_stream_scan(s, false);
1704 static void stdout_stream_free(StdoutStream *s) {
1708 assert(s->server->n_stdout_streams > 0);
1709 s->server->n_stdout_streams --;
1710 LIST_REMOVE(StdoutStream, stdout_stream, s->server->stdout_streams, s);
1715 epoll_ctl(s->server->epoll_fd, EPOLL_CTL_DEL, s->fd, NULL);
1717 close_nointr_nofail(s->fd);
1721 if (s->security_context)
1722 freecon(s->security_context);
1725 free(s->identifier);
1729 static int stdout_stream_new(Server *s) {
1730 StdoutStream *stream;
1733 struct epoll_event ev;
1737 fd = accept4(s->stdout_fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
1739 if (errno == EAGAIN)
1742 log_error("Failed to accept stdout connection: %m");
1746 if (s->n_stdout_streams >= STDOUT_STREAMS_MAX) {
1747 log_warning("Too many stdout streams, refusing connection.");
1748 close_nointr_nofail(fd);
1752 stream = new0(StdoutStream, 1);
1754 close_nointr_nofail(fd);
1760 len = sizeof(stream->ucred);
1761 if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &stream->ucred, &len) < 0) {
1762 log_error("Failed to determine peer credentials: %m");
1768 if (getpeercon(fd, &stream->security_context) < 0 && errno != ENOPROTOOPT)
1769 log_error("Failed to determine peer security context: %m");
1772 if (shutdown(fd, SHUT_WR) < 0) {
1773 log_error("Failed to shutdown writing side of socket: %m");
1779 ev.data.ptr = stream;
1780 ev.events = EPOLLIN;
1781 if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, fd, &ev) < 0) {
1782 log_error("Failed to add stream to event loop: %m");
1788 LIST_PREPEND(StdoutStream, stdout_stream, s->stdout_streams, stream);
1789 s->n_stdout_streams ++;
1794 stdout_stream_free(stream);
1798 static bool is_us(const char *pid) {
1803 if (parse_pid(pid, &t) < 0)
1806 return t == getpid();
1809 static void dev_kmsg_record(Server *s, char *p, size_t l) {
1810 struct iovec iovec[N_IOVEC_META_FIELDS + 7];
1811 char *message = NULL, *syslog_priority = NULL, *syslog_pid = NULL, *syslog_facility = NULL, *syslog_identifier = NULL, *source_time = NULL;
1815 char *identifier = NULL, *pid = NULL, *e, *f;
1824 e = memchr(p, ',', l);
1829 r = safe_atoi(p, &priority);
1830 if (r < 0 || priority < 0 || priority > 999)
1833 if (s->forward_to_kmsg && (priority & LOG_FACMASK) != LOG_KERN)
1838 e = memchr(p, ',', l);
1843 r = safe_atou64(p, &serial);
1849 f = memchr(p, ';', l);
1852 /* Kernel 3.6 has the flags field, kernel 3.5 lacks that */
1853 e = memchr(p, ',', l);
1858 r = parse_usec(p, &usec);
1864 e = memchr(p, '\n', l);
1868 if (asprintf(&source_time, "_SOURCE_MONOTONIC_TIMESTAMP=%llu",
1869 (unsigned long long) usec) >= 0)
1870 IOVEC_SET_STRING(iovec[n++], source_time);
1872 IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=kernel");
1874 if (asprintf(&syslog_priority, "PRIORITY=%i", priority & LOG_PRIMASK) >= 0)
1875 IOVEC_SET_STRING(iovec[n++], syslog_priority);
1877 if ((priority & LOG_FACMASK) == LOG_KERN)
1878 IOVEC_SET_STRING(iovec[n++], "SYSLOG_IDENTIFIER=kernel");
1880 read_identifier((const char**) &p, &identifier, &pid);
1882 /* Avoid any messages we generated ourselves via
1883 * log_info() and friends. */
1884 if (pid && is_us(pid))
1888 syslog_identifier = strappend("SYSLOG_IDENTIFIER=", identifier);
1889 if (syslog_identifier)
1890 IOVEC_SET_STRING(iovec[n++], syslog_identifier);
1894 syslog_pid = strappend("SYSLOG_PID=", pid);
1896 IOVEC_SET_STRING(iovec[n++], syslog_pid);
1899 if (asprintf(&syslog_facility, "SYSLOG_FACILITY=%i", LOG_FAC(priority)) >= 0)
1900 IOVEC_SET_STRING(iovec[n++], syslog_facility);
1903 message = strappend("MESSAGE=", p);
1905 IOVEC_SET_STRING(iovec[n++], message);
1907 dispatch_message(s, iovec, n, ELEMENTSOF(iovec), NULL, NULL, NULL, 0, NULL, priority);
1911 free(syslog_priority);
1912 free(syslog_identifier);
1914 free(syslog_facility);
1920 static int system_journal_open(Server *s) {
1926 r = sd_id128_get_machine(&machine);
1930 sd_id128_to_string(machine, ids);
1932 if (!s->system_journal &&
1933 (s->storage == STORAGE_PERSISTENT || s->storage == STORAGE_AUTO) &&
1934 access("/run/systemd/journal/flushed", F_OK) >= 0) {
1936 /* If in auto mode: first try to create the machine
1937 * path, but not the prefix.
1939 * If in persistent mode: create /var/log/journal and
1940 * the machine path */
1942 if (s->storage == STORAGE_PERSISTENT)
1943 (void) mkdir("/var/log/journal/", 0755);
1945 fn = strappend("/var/log/journal/", ids);
1949 (void) mkdir(fn, 0755);
1952 fn = strjoin("/var/log/journal/", ids, "/system.journal", NULL);
1956 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, &s->system_metrics, NULL, &s->system_journal);
1960 s->system_journal->compress = s->compress;
1962 server_fix_perms(s, s->system_journal, 0);
1965 if (r != -ENOENT && r != -EROFS)
1966 log_warning("Failed to open system journal: %s", strerror(-r));
1972 if (!s->runtime_journal &&
1973 (s->storage != STORAGE_NONE)) {
1975 fn = strjoin("/run/log/journal/", ids, "/system.journal", NULL);
1979 if (s->system_journal) {
1981 /* Try to open the runtime journal, but only
1982 * if it already exists, so that we can flush
1983 * it into the system journal */
1985 r = journal_file_open(fn, O_RDWR, 0640, &s->runtime_metrics, NULL, &s->runtime_journal);
1990 log_warning("Failed to open runtime journal: %s", strerror(-r));
1997 /* OK, we really need the runtime journal, so create
1998 * it if necessary. */
2000 (void) mkdir_parents(fn, 0755);
2001 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, &s->runtime_metrics, NULL, &s->runtime_journal);
2005 log_error("Failed to open runtime journal: %s", strerror(-r));
2010 if (s->runtime_journal) {
2011 s->runtime_journal->compress = s->compress;
2013 server_fix_perms(s, s->runtime_journal, 0);
2020 static int server_flush_to_var(Server *s) {
2028 if (s->storage != STORAGE_AUTO &&
2029 s->storage != STORAGE_PERSISTENT)
2032 if (!s->runtime_journal)
2035 system_journal_open(s);
2037 if (!s->system_journal)
2040 log_info("Flushing to /var...");
2042 r = sd_id128_get_machine(&machine);
2044 log_error("Failed to get machine id: %s", strerror(-r));
2048 r = sd_journal_open(&j, SD_JOURNAL_RUNTIME_ONLY);
2050 log_error("Failed to read runtime journal: %s", strerror(-r));
2054 SD_JOURNAL_FOREACH(j) {
2057 f = j->current_file;
2058 assert(f && f->current_offset > 0);
2060 r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
2062 log_error("Can't read entry: %s", strerror(-r));
2066 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
2068 log_info("Allocation limit reached.");
2070 journal_file_post_change(s->system_journal);
2074 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
2078 log_error("Can't write entry: %s", strerror(-r));
2084 journal_file_post_change(s->system_journal);
2086 journal_file_close(s->runtime_journal);
2087 s->runtime_journal = NULL;
2090 rm_rf("/run/log/journal", false, true, false);
2095 static int server_read_dev_kmsg(Server *s) {
2096 char buffer[8192+1]; /* the kernel-side limit per record is 8K currently */
2100 assert(s->dev_kmsg_fd >= 0);
2102 l = read(s->dev_kmsg_fd, buffer, sizeof(buffer) - 1);
2106 /* Old kernels who don't allow reading from /dev/kmsg
2107 * return EINVAL when we try. So handle this cleanly,
2108 * but don' try to ever read from it again. */
2109 if (errno == EINVAL) {
2110 epoll_ctl(s->epoll_fd, EPOLL_CTL_DEL, s->dev_kmsg_fd, NULL);
2114 if (errno == EAGAIN || errno == EINTR)
2117 log_error("Failed to read from kernel: %m");
2121 dev_kmsg_record(s, buffer, l);
2125 static int server_flush_dev_kmsg(Server *s) {
2130 if (s->dev_kmsg_fd < 0)
2133 if (!s->dev_kmsg_readable)
2136 log_info("Flushing /dev/kmsg...");
2139 r = server_read_dev_kmsg(s);
2150 static int process_event(Server *s, struct epoll_event *ev) {
2154 if (ev->data.fd == s->signal_fd) {
2155 struct signalfd_siginfo sfsi;
2158 if (ev->events != EPOLLIN) {
2159 log_info("Got invalid event from epoll.");
2163 n = read(s->signal_fd, &sfsi, sizeof(sfsi));
2164 if (n != sizeof(sfsi)) {
2169 if (errno == EINTR || errno == EAGAIN)
2175 log_info("Received SIG%s", signal_to_string(sfsi.ssi_signo));
2177 if (sfsi.ssi_signo == SIGUSR1) {
2178 touch("/run/systemd/journal/flushed");
2179 server_flush_to_var(s);
2183 if (sfsi.ssi_signo == SIGUSR2) {
2191 } else if (ev->data.fd == s->dev_kmsg_fd) {
2194 if (ev->events != EPOLLIN) {
2195 log_info("Got invalid event from epoll.");
2199 r = server_read_dev_kmsg(s);
2205 } else if (ev->data.fd == s->native_fd ||
2206 ev->data.fd == s->syslog_fd) {
2208 if (ev->events != EPOLLIN) {
2209 log_info("Got invalid event from epoll.");
2214 struct msghdr msghdr;
2216 struct ucred *ucred = NULL;
2217 struct timeval *tv = NULL;
2218 struct cmsghdr *cmsg;
2220 size_t label_len = 0;
2222 struct cmsghdr cmsghdr;
2224 /* We use NAME_MAX space for the
2225 * SELinux label here. The kernel
2226 * currently enforces no limit, but
2227 * according to suggestions from the
2228 * SELinux people this will change and
2229 * it will probably be identical to
2230 * NAME_MAX. For now we use that, but
2231 * this should be updated one day when
2232 * the final limit is known.*/
2233 uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
2234 CMSG_SPACE(sizeof(struct timeval)) +
2235 CMSG_SPACE(sizeof(int)) + /* fd */
2236 CMSG_SPACE(NAME_MAX)]; /* selinux label */
2243 if (ioctl(ev->data.fd, SIOCINQ, &v) < 0) {
2244 log_error("SIOCINQ failed: %m");
2248 if (s->buffer_size < (size_t) v) {
2252 l = MAX(LINE_MAX + (size_t) v, s->buffer_size * 2);
2253 b = realloc(s->buffer, l+1);
2256 log_error("Couldn't increase buffer.");
2265 iovec.iov_base = s->buffer;
2266 iovec.iov_len = s->buffer_size;
2270 msghdr.msg_iov = &iovec;
2271 msghdr.msg_iovlen = 1;
2272 msghdr.msg_control = &control;
2273 msghdr.msg_controllen = sizeof(control);
2275 n = recvmsg(ev->data.fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
2278 if (errno == EINTR || errno == EAGAIN)
2281 log_error("recvmsg() failed: %m");
2285 for (cmsg = CMSG_FIRSTHDR(&msghdr); cmsg; cmsg = CMSG_NXTHDR(&msghdr, cmsg)) {
2287 if (cmsg->cmsg_level == SOL_SOCKET &&
2288 cmsg->cmsg_type == SCM_CREDENTIALS &&
2289 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
2290 ucred = (struct ucred*) CMSG_DATA(cmsg);
2291 else if (cmsg->cmsg_level == SOL_SOCKET &&
2292 cmsg->cmsg_type == SCM_SECURITY) {
2293 label = (char*) CMSG_DATA(cmsg);
2294 label_len = cmsg->cmsg_len - CMSG_LEN(0);
2295 } else if (cmsg->cmsg_level == SOL_SOCKET &&
2296 cmsg->cmsg_type == SO_TIMESTAMP &&
2297 cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval)))
2298 tv = (struct timeval*) CMSG_DATA(cmsg);
2299 else if (cmsg->cmsg_level == SOL_SOCKET &&
2300 cmsg->cmsg_type == SCM_RIGHTS) {
2301 fds = (int*) CMSG_DATA(cmsg);
2302 n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
2306 if (ev->data.fd == s->syslog_fd) {
2309 if (n > 0 && n_fds == 0) {
2310 e = memchr(s->buffer, '\n', n);
2316 process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len);
2317 } else if (n_fds > 0)
2318 log_warning("Got file descriptors via syslog socket. Ignoring.");
2321 if (n > 0 && n_fds == 0)
2322 process_native_message(s, s->buffer, n, ucred, tv, label, label_len);
2323 else if (n == 0 && n_fds == 1)
2324 process_native_file(s, fds[0], ucred, tv, label, label_len);
2326 log_warning("Got too many file descriptors via native socket. Ignoring.");
2329 close_many(fds, n_fds);
2334 } else if (ev->data.fd == s->stdout_fd) {
2336 if (ev->events != EPOLLIN) {
2337 log_info("Got invalid event from epoll.");
2341 stdout_stream_new(s);
2345 StdoutStream *stream;
2347 if ((ev->events|EPOLLIN|EPOLLHUP) != (EPOLLIN|EPOLLHUP)) {
2348 log_info("Got invalid event from epoll.");
2352 /* If it is none of the well-known fds, it must be an
2353 * stdout stream fd. Note that this is a bit ugly here
2354 * (since we rely that none of the well-known fds
2355 * could be interpreted as pointer), but nonetheless
2356 * safe, since the well-known fds would never get an
2357 * fd > 4096, i.e. beyond the first memory page */
2359 stream = ev->data.ptr;
2361 if (stdout_stream_process(stream) <= 0)
2362 stdout_stream_free(stream);
2367 log_error("Unknown event.");
2371 static int open_syslog_socket(Server *s) {
2372 union sockaddr_union sa;
2374 struct epoll_event ev;
2378 if (s->syslog_fd < 0) {
2380 s->syslog_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
2381 if (s->syslog_fd < 0) {
2382 log_error("socket() failed: %m");
2387 sa.un.sun_family = AF_UNIX;
2388 strncpy(sa.un.sun_path, "/dev/log", sizeof(sa.un.sun_path));
2390 unlink(sa.un.sun_path);
2392 r = bind(s->syslog_fd, &sa.sa, offsetof(union sockaddr_union, un.sun_path) + strlen(sa.un.sun_path));
2394 log_error("bind() failed: %m");
2398 chmod(sa.un.sun_path, 0666);
2400 fd_nonblock(s->syslog_fd, 1);
2403 r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one));
2405 log_error("SO_PASSCRED failed: %m");
2411 r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one));
2413 log_warning("SO_PASSSEC failed: %m");
2417 r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_TIMESTAMP, &one, sizeof(one));
2419 log_error("SO_TIMESTAMP failed: %m");
2424 ev.events = EPOLLIN;
2425 ev.data.fd = s->syslog_fd;
2426 if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->syslog_fd, &ev) < 0) {
2427 log_error("Failed to add syslog server fd to epoll object: %m");
2434 static int open_native_socket(Server*s) {
2435 union sockaddr_union sa;
2437 struct epoll_event ev;
2441 if (s->native_fd < 0) {
2443 s->native_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
2444 if (s->native_fd < 0) {
2445 log_error("socket() failed: %m");
2450 sa.un.sun_family = AF_UNIX;
2451 strncpy(sa.un.sun_path, "/run/systemd/journal/socket", sizeof(sa.un.sun_path));
2453 unlink(sa.un.sun_path);
2455 r = bind(s->native_fd, &sa.sa, offsetof(union sockaddr_union, un.sun_path) + strlen(sa.un.sun_path));
2457 log_error("bind() failed: %m");
2461 chmod(sa.un.sun_path, 0666);
2463 fd_nonblock(s->native_fd, 1);
2466 r = setsockopt(s->native_fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one));
2468 log_error("SO_PASSCRED failed: %m");
2474 r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one));
2476 log_warning("SO_PASSSEC failed: %m");
2480 r = setsockopt(s->native_fd, SOL_SOCKET, SO_TIMESTAMP, &one, sizeof(one));
2482 log_error("SO_TIMESTAMP failed: %m");
2487 ev.events = EPOLLIN;
2488 ev.data.fd = s->native_fd;
2489 if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->native_fd, &ev) < 0) {
2490 log_error("Failed to add native server fd to epoll object: %m");
2497 static int open_stdout_socket(Server *s) {
2498 union sockaddr_union sa;
2500 struct epoll_event ev;
2504 if (s->stdout_fd < 0) {
2506 s->stdout_fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
2507 if (s->stdout_fd < 0) {
2508 log_error("socket() failed: %m");
2513 sa.un.sun_family = AF_UNIX;
2514 strncpy(sa.un.sun_path, "/run/systemd/journal/stdout", sizeof(sa.un.sun_path));
2516 unlink(sa.un.sun_path);
2518 r = bind(s->stdout_fd, &sa.sa, offsetof(union sockaddr_union, un.sun_path) + strlen(sa.un.sun_path));
2520 log_error("bind() failed: %m");
2524 chmod(sa.un.sun_path, 0666);
2526 if (listen(s->stdout_fd, SOMAXCONN) < 0) {
2527 log_error("liste() failed: %m");
2531 fd_nonblock(s->stdout_fd, 1);
2534 ev.events = EPOLLIN;
2535 ev.data.fd = s->stdout_fd;
2536 if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->stdout_fd, &ev) < 0) {
2537 log_error("Failed to add stdout server fd to epoll object: %m");
2544 static int open_dev_kmsg(Server *s) {
2545 struct epoll_event ev;
2549 s->dev_kmsg_fd = open("/dev/kmsg", O_RDWR|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
2550 if (s->dev_kmsg_fd < 0) {
2551 log_warning("Failed to open /dev/kmsg, ignoring: %m");
2556 ev.events = EPOLLIN;
2557 ev.data.fd = s->dev_kmsg_fd;
2558 if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->dev_kmsg_fd, &ev) < 0) {
2560 /* This will fail with EPERM on older kernels where
2561 * /dev/kmsg is not readable. */
2565 log_error("Failed to add /dev/kmsg fd to epoll object: %m");
2569 s->dev_kmsg_readable = true;
2574 static int open_signalfd(Server *s) {
2576 struct epoll_event ev;
2580 assert_se(sigemptyset(&mask) == 0);
2581 sigset_add_many(&mask, SIGINT, SIGTERM, SIGUSR1, SIGUSR2, -1);
2582 assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);
2584 s->signal_fd = signalfd(-1, &mask, SFD_NONBLOCK|SFD_CLOEXEC);
2585 if (s->signal_fd < 0) {
2586 log_error("signalfd(): %m");
2591 ev.events = EPOLLIN;
2592 ev.data.fd = s->signal_fd;
2594 if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->signal_fd, &ev) < 0) {
2595 log_error("epoll_ctl(): %m");
2602 static int server_parse_proc_cmdline(Server *s) {
2603 char *line, *w, *state;
2607 if (detect_container(NULL) > 0)
2610 r = read_one_line_file("/proc/cmdline", &line);
2612 log_warning("Failed to read /proc/cmdline, ignoring: %s", strerror(-r));
2616 FOREACH_WORD_QUOTED(w, l, line, state) {
2619 word = strndup(w, l);
2625 if (startswith(word, "systemd.journald.forward_to_syslog=")) {
2626 r = parse_boolean(word + 35);
2628 log_warning("Failed to parse forward to syslog switch %s. Ignoring.", word + 35);
2630 s->forward_to_syslog = r;
2631 } else if (startswith(word, "systemd.journald.forward_to_kmsg=")) {
2632 r = parse_boolean(word + 33);
2634 log_warning("Failed to parse forward to kmsg switch %s. Ignoring.", word + 33);
2636 s->forward_to_kmsg = r;
2637 } else if (startswith(word, "systemd.journald.forward_to_console=")) {
2638 r = parse_boolean(word + 36);
2640 log_warning("Failed to parse forward to console switch %s. Ignoring.", word + 36);
2642 s->forward_to_console = r;
2643 } else if (startswith(word, "systemd.journald"))
2644 log_warning("Invalid systemd.journald parameter. Ignoring.");
2656 static int server_parse_config_file(Server *s) {
2663 fn = "/etc/systemd/journald.conf";
2664 f = fopen(fn, "re");
2666 if (errno == ENOENT)
2669 log_warning("Failed to open configuration file %s: %m", fn);
2673 r = config_parse(fn, f, "Journal\0", config_item_perf_lookup, (void*) journald_gperf_lookup, false, s);
2675 log_warning("Failed to parse configuration file: %s", strerror(-r));
2682 static int server_init(Server *s) {
2688 s->syslog_fd = s->native_fd = s->stdout_fd = s->signal_fd = s->epoll_fd = s->dev_kmsg_fd = -1;
2691 s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL;
2692 s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST;
2694 s->forward_to_syslog = true;
2696 s->max_level_store = LOG_DEBUG;
2697 s->max_level_syslog = LOG_DEBUG;
2698 s->max_level_kmsg = LOG_NOTICE;
2699 s->max_level_console = LOG_INFO;
2701 memset(&s->system_metrics, 0xFF, sizeof(s->system_metrics));
2702 memset(&s->runtime_metrics, 0xFF, sizeof(s->runtime_metrics));
2704 server_parse_config_file(s);
2705 server_parse_proc_cmdline(s);
2707 s->user_journals = hashmap_new(trivial_hash_func, trivial_compare_func);
2708 if (!s->user_journals)
2711 s->epoll_fd = epoll_create1(EPOLL_CLOEXEC);
2712 if (s->epoll_fd < 0) {
2713 log_error("Failed to create epoll object: %m");
2717 n = sd_listen_fds(true);
2719 log_error("Failed to read listening file descriptors from environment: %s", strerror(-n));
2723 for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
2725 if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/socket", 0) > 0) {
2727 if (s->native_fd >= 0) {
2728 log_error("Too many native sockets passed.");
2734 } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, "/run/systemd/journal/stdout", 0) > 0) {
2736 if (s->stdout_fd >= 0) {
2737 log_error("Too many stdout sockets passed.");
2743 } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0) {
2745 if (s->syslog_fd >= 0) {
2746 log_error("Too many /dev/log sockets passed.");
2753 log_error("Unknown socket passed.");
2758 r = open_syslog_socket(s);
2762 r = open_native_socket(s);
2766 r = open_stdout_socket(s);
2770 r = open_dev_kmsg(s);
2774 r = open_signalfd(s);
2778 s->rate_limit = journal_rate_limit_new(s->rate_limit_interval, s->rate_limit_burst);
2782 r = system_journal_open(s);
2789 static void server_done(Server *s) {
2793 while (s->stdout_streams)
2794 stdout_stream_free(s->stdout_streams);
2796 if (s->system_journal)
2797 journal_file_close(s->system_journal);
2799 if (s->runtime_journal)
2800 journal_file_close(s->runtime_journal);
2802 while ((f = hashmap_steal_first(s->user_journals)))
2803 journal_file_close(f);
2805 hashmap_free(s->user_journals);
2807 if (s->epoll_fd >= 0)
2808 close_nointr_nofail(s->epoll_fd);
2810 if (s->signal_fd >= 0)
2811 close_nointr_nofail(s->signal_fd);
2813 if (s->syslog_fd >= 0)
2814 close_nointr_nofail(s->syslog_fd);
2816 if (s->native_fd >= 0)
2817 close_nointr_nofail(s->native_fd);
2819 if (s->stdout_fd >= 0)
2820 close_nointr_nofail(s->stdout_fd);
2822 if (s->dev_kmsg_fd >= 0)
2823 close_nointr_nofail(s->dev_kmsg_fd);
2826 journal_rate_limit_free(s->rate_limit);
2832 int main(int argc, char *argv[]) {
2836 /* if (getppid() != 1) { */
2837 /* log_error("This program should be invoked by init only."); */
2838 /* return EXIT_FAILURE; */
2842 log_error("This program does not take arguments.");
2843 return EXIT_FAILURE;
2846 log_set_target(LOG_TARGET_SAFE);
2847 log_set_facility(LOG_SYSLOG);
2848 log_parse_environment();
2853 r = server_init(&server);
2857 server_vacuum(&server);
2858 server_flush_to_var(&server);
2859 server_flush_dev_kmsg(&server);
2861 log_debug("systemd-journald running as pid %lu", (unsigned long) getpid());
2862 driver_message(&server, SD_MESSAGE_JOURNAL_START, "Journal started");
2866 "STATUS=Processing requests...");
2869 struct epoll_event event;
2871 r = epoll_wait(server.epoll_fd, &event, 1, -1);
2877 log_error("epoll_wait() failed: %m");
2883 r = process_event(&server, &event);
2890 log_debug("systemd-journald stopped as pid %lu", (unsigned long) getpid());
2891 driver_message(&server, SD_MESSAGE_JOURNAL_STOP, "Journal stopped");
2895 "STATUS=Shutting down...");
2897 server_done(&server);
2899 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;