1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2011 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 #include <sys/epoll.h>
23 #include <sys/socket.h>
25 #include <sys/signalfd.h>
29 #include <acl/libacl.h>
31 #include <sys/ioctl.h>
32 #include <linux/sockios.h>
35 #include "journal-file.h"
36 #include "sd-daemon.h"
37 #include "socket-util.h"
39 #include "cgroup-util.h"
41 #define USER_JOURNALS_MAX 1024
43 typedef struct Server {
49 JournalFile *runtime_journal;
50 JournalFile *system_journal;
51 Hashmap *user_journals;
59 static void fix_perms(JournalFile *f, uid_t uid) {
62 acl_permset_t permset;
67 r = fchmod_and_fchown(f->fd, 0640, 0, 0);
69 log_warning("Failed to fix access mode/rights on %s, ignoring: %s", f->path, strerror(-r));
74 acl = acl_get_fd(f->fd);
76 log_warning("Failed to read ACL on %s, ignoring: %m", f->path);
80 r = acl_find_uid(acl, uid, &entry);
83 if (acl_create_entry(&acl, &entry) < 0 ||
84 acl_set_tag_type(entry, ACL_USER) < 0 ||
85 acl_set_qualifier(entry, &uid) < 0) {
86 log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
91 if (acl_get_permset(entry, &permset) < 0 ||
92 acl_add_perm(permset, ACL_READ) < 0 ||
93 acl_calc_mask(&acl) < 0) {
94 log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
98 if (acl_set_fd(f->fd, acl) < 0)
99 log_warning("Failed to set ACL on %s, ignoring: %m", f->path);
105 static JournalFile* find_journal(Server *s, uid_t uid) {
114 /* We split up user logs only on /var, not on /run */
115 if (!s->system_journal)
116 return s->runtime_journal;
119 return s->system_journal;
121 r = sd_id128_get_machine(&machine);
123 return s->system_journal;
125 f = hashmap_get(s->user_journals, UINT32_TO_PTR(uid));
129 if (asprintf(&p, "/var/log/journal/%s/user-%lu.journal", sd_id128_to_string(machine, ids), (unsigned long) uid) < 0)
130 return s->system_journal;
132 while (hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
133 /* Too many open? Then let's close one */
134 f = hashmap_steal_first(s->user_journals);
136 journal_file_close(f);
139 r = journal_file_open(p, O_RDWR|O_CREAT, 0640, s->system_journal, &f);
143 return s->system_journal;
147 r = hashmap_put(s->user_journals, UINT32_TO_PTR(uid), f);
149 journal_file_close(f);
150 return s->system_journal;
156 static void dispatch_message(Server *s, struct iovec *iovec, unsigned n, unsigned m, struct ucred *ucred, struct timeval *tv) {
157 char *pid = NULL, *uid = NULL, *gid = NULL,
158 *source_time = NULL, *boot_id = NULL, *machine_id = NULL,
159 *comm = NULL, *cmdline = NULL, *hostname = NULL,
160 *audit_session = NULL, *audit_loginuid = NULL,
161 *exe = NULL, *cgroup = NULL;
167 uid_t loginuid = 0, realuid = 0;
171 assert(iovec || n == 0);
182 realuid = ucred->uid;
184 if (asprintf(&pid, "_PID=%lu", (unsigned long) ucred->pid) >= 0)
185 IOVEC_SET_STRING(iovec[n++], pid);
187 if (asprintf(&uid, "_UID=%lu", (unsigned long) ucred->uid) >= 0)
188 IOVEC_SET_STRING(iovec[n++], uid);
190 if (asprintf(&gid, "_GID=%lu", (unsigned long) ucred->gid) >= 0)
191 IOVEC_SET_STRING(iovec[n++], gid);
193 r = get_process_comm(ucred->pid, &t);
195 comm = strappend("_COMM=", t);
197 IOVEC_SET_STRING(iovec[n++], comm);
201 r = get_process_exe(ucred->pid, &t);
203 exe = strappend("_EXE=", t);
205 IOVEC_SET_STRING(iovec[n++], exe);
209 r = get_process_cmdline(ucred->pid, LINE_MAX, false, &t);
211 cmdline = strappend("_CMDLINE=", t);
213 IOVEC_SET_STRING(iovec[n++], cmdline);
217 r = audit_session_from_pid(ucred->pid, &session);
219 if (asprintf(&audit_session, "_AUDIT_SESSION=%lu", (unsigned long) session) >= 0)
220 IOVEC_SET_STRING(iovec[n++], audit_session);
222 r = audit_loginuid_from_pid(ucred->pid, &loginuid);
224 if (asprintf(&audit_loginuid, "_AUDIT_LOGINUID=%lu", (unsigned long) loginuid) >= 0)
225 IOVEC_SET_STRING(iovec[n++], audit_loginuid);
227 r = cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, ucred->pid, &path);
229 cgroup = strappend("_SYSTEMD_CGROUP=", path);
231 IOVEC_SET_STRING(iovec[n++], cgroup);
237 if (asprintf(&source_time, "_SOURCE_REALTIME_TIMESTAMP=%llu",
238 (unsigned long long) timeval_load(tv)) >= 0)
239 IOVEC_SET_STRING(iovec[n++], source_time);
242 /* Note that strictly speaking storing the boot id here is
243 * redundant since the entry includes this in-line
244 * anyway. However, we need this indexed, too. */
245 r = sd_id128_get_boot(&id);
247 if (asprintf(&boot_id, "_BOOT_ID=%s", sd_id128_to_string(id, idbuf)) >= 0)
248 IOVEC_SET_STRING(iovec[n++], boot_id);
250 r = sd_id128_get_machine(&id);
252 if (asprintf(&machine_id, "_MACHINE_ID=%s", sd_id128_to_string(id, idbuf)) >= 0)
253 IOVEC_SET_STRING(iovec[n++], machine_id);
255 t = gethostname_malloc();
257 hostname = strappend("_HOSTNAME=", t);
259 IOVEC_SET_STRING(iovec[n++], hostname);
265 f = find_journal(s, realuid == 0 ? 0 : loginuid);
267 log_warning("Dropping message, as we can't find a place to store the data.");
269 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
272 log_error("Failed to write entry, ignoring: %s", strerror(-r));
286 free(audit_loginuid);
291 static void process_syslog_message(Server *s, const char *buf, struct ucred *ucred, struct timeval *tv) {
292 char *message = NULL, *syslog_priority = NULL, *syslog_facility = NULL;
293 struct iovec iovec[16];
295 int priority = LOG_USER | LOG_INFO;
300 parse_syslog_priority((char**) &buf, &priority);
301 skip_syslog_date((char**) &buf);
303 if (asprintf(&syslog_priority, "PRIORITY=%i", priority & LOG_PRIMASK) >= 0)
304 IOVEC_SET_STRING(iovec[n++], syslog_priority);
306 if (asprintf(&syslog_facility, "SYSLOG_FACILITY=%i", LOG_FAC(priority)) >= 0)
307 IOVEC_SET_STRING(iovec[n++], syslog_facility);
309 message = strappend("MESSAGE=", buf);
311 IOVEC_SET_STRING(iovec[n++], message);
313 dispatch_message(s, iovec, n, ELEMENTSOF(iovec), ucred, tv);
316 free(syslog_facility);
317 free(syslog_priority);
320 static void process_native_message(Server *s, const void *buffer, size_t buffer_size, struct ucred *ucred, struct timeval *tv) {
321 struct iovec *iovec = NULL;
322 unsigned n = 0, m = 0, j;
327 assert(buffer || n == 0);
330 remaining = buffer_size;
332 while (remaining > 0) {
335 e = memchr(p, '\n', remaining);
338 /* Trailing noise, let's ignore it, and flush what we collected */
339 log_debug("Received message with trailing noise, ignoring.");
344 /* Entry separator */
345 dispatch_message(s, iovec, n, m, ucred, tv);
354 /* Control command, ignore for now */
355 remaining -= (e - p) + 1;
360 /* A property follows */
366 u = MAX((n+13U) * 2U, 4U);
367 c = realloc(iovec, u * sizeof(struct iovec));
369 log_error("Out of memory");
377 q = memchr(p, '=', e - p);
380 /* If the field name starts with an
381 * underscore, skip the variable,
382 * since that indidates a trusted
384 iovec[n].iov_base = (char*) p;
385 iovec[n].iov_len = e - p;
389 remaining -= (e - p) + 1;
396 if (remaining < e - p + 1 + sizeof(uint64_t) + 1) {
397 log_debug("Failed to parse message, ignoring.");
401 memcpy(&l, e + 1, sizeof(uint64_t));
404 if (remaining < e - p + 1 + sizeof(uint64_t) + l + 1 ||
405 e[1+sizeof(uint64_t)+l] != '\n') {
406 log_debug("Failed to parse message, ignoring.");
410 k = malloc((e - p) + 1 + l);
412 log_error("Out of memory");
418 memcpy(k + (e - p) + 1, e + 1 + sizeof(uint64_t), l);
421 iovec[n].iov_base = k;
422 iovec[n].iov_len = (e - p) + 1 + l;
427 remaining -= (e - p) + 1 + sizeof(uint64_t) + l + 1;
428 p = e + 1 + sizeof(uint64_t) + l + 1;
432 dispatch_message(s, iovec, n, m, ucred, tv);
434 for (j = 0; j < n; j++)
435 if (iovec[j].iov_base < buffer ||
436 (const uint8_t*) iovec[j].iov_base >= (const uint8_t*) buffer + buffer_size)
437 free(iovec[j].iov_base);
440 static int process_event(Server *s, struct epoll_event *ev) {
443 if (ev->events != EPOLLIN) {
444 log_info("Got invalid event from epoll.");
448 if (ev->data.fd == s->signal_fd) {
449 struct signalfd_siginfo sfsi;
452 n = read(s->signal_fd, &sfsi, sizeof(sfsi));
453 if (n != sizeof(sfsi)) {
458 if (errno == EINTR || errno == EAGAIN)
464 log_debug("Received SIG%s", signal_to_string(sfsi.ssi_signo));
469 if (ev->data.fd == s->native_fd ||
470 ev->data.fd == s->syslog_fd) {
472 struct msghdr msghdr;
474 struct ucred *ucred = NULL;
475 struct timeval *tv = NULL;
476 struct cmsghdr *cmsg;
478 struct cmsghdr cmsghdr;
479 uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
480 CMSG_SPACE(sizeof(struct timeval))];
485 if (ioctl(ev->data.fd, SIOCINQ, &v) < 0) {
486 log_error("SIOCINQ failed: %m");
493 if (s->buffer_size < (size_t) v) {
497 l = MAX(LINE_MAX + (size_t) v, s->buffer_size * 2);
498 b = realloc(s->buffer, l+1);
501 log_error("Couldn't increase buffer.");
510 iovec.iov_base = s->buffer;
511 iovec.iov_len = s->buffer_size;
515 msghdr.msg_iov = &iovec;
516 msghdr.msg_iovlen = 1;
517 msghdr.msg_control = &control;
518 msghdr.msg_controllen = sizeof(control);
520 n = recvmsg(ev->data.fd, &msghdr, MSG_DONTWAIT);
523 if (errno == EINTR || errno == EAGAIN)
526 log_error("recvmsg() failed: %m");
530 for (cmsg = CMSG_FIRSTHDR(&msghdr); cmsg; cmsg = CMSG_NXTHDR(&msghdr, cmsg)) {
532 if (cmsg->cmsg_level == SOL_SOCKET &&
533 cmsg->cmsg_type == SCM_CREDENTIALS &&
534 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
535 ucred = (struct ucred*) CMSG_DATA(cmsg);
536 else if (cmsg->cmsg_level == SOL_SOCKET &&
537 cmsg->cmsg_type == SO_TIMESTAMP &&
538 cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval)))
539 tv = (struct timeval*) CMSG_DATA(cmsg);
542 if (ev->data.fd == s->syslog_fd) {
545 e = memchr(s->buffer, '\n', n);
551 process_syslog_message(s, strstrip(s->buffer), ucred, tv);
553 process_native_message(s, s->buffer, n, ucred, tv);
559 log_error("Unknown event.");
563 static int system_journal_open(Server *s) {
569 r = sd_id128_get_machine(&machine);
573 /* First try to create the machine path, but not the prefix */
574 fn = strappend("/var/log/journal/", sd_id128_to_string(machine, ids));
577 (void) mkdir(fn, 0755);
580 /* The create the system journal file */
581 fn = join("/var/log/journal/", ids, "/system.journal", NULL);
585 r = journal_file_open(fn, O_RDWR|O_CREAT, 0640, NULL, &s->system_journal);
589 fix_perms(s->system_journal, 0);
593 if (r < 0 && r != -ENOENT) {
594 log_error("Failed to open system journal: %s", strerror(-r));
598 /* /var didn't work, so try /run, but this time we
599 * create the prefix too */
600 fn = join("/run/log/journal/", ids, "/system.journal", NULL);
604 (void) mkdir_parents(fn, 0755);
605 r = journal_file_open(fn, O_RDWR|O_CREAT, 0640, NULL, &s->runtime_journal);
609 log_error("Failed to open runtime journal: %s", strerror(-r));
613 fix_perms(s->runtime_journal, 0);
617 static int open_syslog_socket(Server *s) {
618 union sockaddr_union sa;
623 if (s->syslog_fd < 0) {
625 s->syslog_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0);
626 if (s->syslog_fd < 0) {
627 log_error("socket() failed: %m");
632 sa.un.sun_family = AF_UNIX;
633 strncpy(sa.un.sun_path, "/run/systemd/syslog", sizeof(sa.un.sun_path));
635 unlink(sa.un.sun_path);
637 r = bind(s->syslog_fd, &sa.sa, offsetof(union sockaddr_union, un.sun_path) + strlen(sa.un.sun_path));
639 log_error("bind() failed: %m");
643 chmod(sa.un.sun_path, 0666);
647 r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one));
649 log_error("SO_PASSCRED failed: %m");
654 r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_TIMESTAMP, &one, sizeof(one));
656 log_error("SO_TIMESTAMP failed: %m");
663 static int open_native_socket(Server*s) {
664 union sockaddr_union sa;
669 if (s->native_fd < 0) {
671 s->native_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0);
672 if (s->native_fd < 0) {
673 log_error("socket() failed: %m");
678 sa.un.sun_family = AF_UNIX;
679 strncpy(sa.un.sun_path, "/run/systemd/journal", sizeof(sa.un.sun_path));
681 unlink(sa.un.sun_path);
683 r = bind(s->native_fd, &sa.sa, offsetof(union sockaddr_union, un.sun_path) + strlen(sa.un.sun_path));
685 log_error("bind() failed: %m");
689 chmod(sa.un.sun_path, 0666);
693 r = setsockopt(s->native_fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one));
695 log_error("SO_PASSCRED failed: %m");
700 r = setsockopt(s->native_fd, SOL_SOCKET, SO_TIMESTAMP, &one, sizeof(one));
702 log_error("SO_TIMESTAMP failed: %m");
709 static int server_init(Server *s) {
711 struct epoll_event ev;
717 s->syslog_fd = s->native_fd = s->signal_fd = -1;
719 s->epoll_fd = epoll_create1(EPOLL_CLOEXEC);
720 if (s->epoll_fd < 0) {
721 log_error("Failed to create epoll object: %m");
725 n = sd_listen_fds(true);
727 log_error("Failed to read listening file descriptors from environment: %s", strerror(-n));
731 for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
733 if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0) {
735 if (s->syslog_fd >= 0) {
736 log_error("Too many /dev/log sockets passed.");
742 } else if (sd_is_socket(fd, AF_UNIX, SOCK_DGRAM, -1) > 0) {
744 if (s->native_fd >= 0) {
745 log_error("Too many native sockets passed.");
751 log_error("Unknown socket passed.");
756 r = open_syslog_socket(s);
762 ev.data.fd = s->syslog_fd;
763 if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->syslog_fd, &ev) < 0) {
764 log_error("Failed to add syslog server fd to epoll object: %m");
768 r = open_native_socket(s);
774 ev.data.fd = s->native_fd;
775 if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->native_fd, &ev) < 0) {
776 log_error("Failed to add native server fd to epoll object: %m");
780 s->user_journals = hashmap_new(trivial_hash_func, trivial_compare_func);
781 if (!s->user_journals) {
782 log_error("Out of memory.");
786 r = system_journal_open(s);
790 assert_se(sigemptyset(&mask) == 0);
791 sigset_add_many(&mask, SIGINT, SIGTERM, -1);
792 assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);
794 s->signal_fd = signalfd(-1, &mask, SFD_NONBLOCK|SFD_CLOEXEC);
795 if (s->signal_fd < 0) {
796 log_error("signalfd(): %m");
802 ev.data.fd = s->signal_fd;
804 if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->signal_fd, &ev) < 0) {
805 log_error("epoll_ctl(): %m");
812 static void server_done(Server *s) {
816 if (s->system_journal)
817 journal_file_close(s->system_journal);
819 if (s->runtime_journal)
820 journal_file_close(s->runtime_journal);
822 while ((f = hashmap_steal_first(s->user_journals)))
823 journal_file_close(f);
825 hashmap_free(s->user_journals);
827 if (s->epoll_fd >= 0)
828 close_nointr_nofail(s->epoll_fd);
830 if (s->signal_fd >= 0)
831 close_nointr_nofail(s->signal_fd);
833 if (s->syslog_fd >= 0)
834 close_nointr_nofail(s->syslog_fd);
836 if (s->native_fd >= 0)
837 close_nointr_nofail(s->native_fd);
840 int main(int argc, char *argv[]) {
844 /* if (getppid() != 1) { */
845 /* log_error("This program should be invoked by init only."); */
846 /* return EXIT_FAILURE; */
850 log_error("This program does not take arguments.");
854 log_set_target(LOG_TARGET_CONSOLE);
855 log_parse_environment();
860 r = server_init(&server);
864 log_debug("systemd-journald running as pid %lu", (unsigned long) getpid());
868 "STATUS=Processing messages...");
871 struct epoll_event event;
873 r = epoll_wait(server.epoll_fd, &event, 1, -1);
879 log_error("epoll_wait() failed: %m");
885 r = process_event(&server, &event);
894 "STATUS=Shutting down...");
896 server_done(&server);
898 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
~ianmdlvl / elogind.git / blob