1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2011 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 #include <sys/epoll.h>
23 #include <sys/socket.h>
25 #include <sys/signalfd.h>
29 #include <sys/ioctl.h>
30 #include <linux/sockios.h>
31 #include <sys/statvfs.h>
34 #include <systemd/sd-journal.h>
35 #include <systemd/sd-messages.h>
36 #include <systemd/sd-daemon.h>
39 #include <systemd/sd-login.h>
44 #include "journal-file.h"
45 #include "socket-util.h"
46 #include "cgroup-util.h"
48 #include "journal-rate-limit.h"
49 #include "journal-internal.h"
50 #include "journal-vacuum.h"
51 #include "journal-authenticate.h"
52 #include "conf-parser.h"
59 #include <acl/libacl.h>
64 #include <selinux/selinux.h>
67 #define USER_JOURNALS_MAX 1024
68 #define STDOUT_STREAMS_MAX 4096
70 #define DEFAULT_RATE_LIMIT_INTERVAL (10*USEC_PER_SEC)
71 #define DEFAULT_RATE_LIMIT_BURST 200
73 #define RECHECK_AVAILABLE_SPACE_USEC (30*USEC_PER_SEC)
75 #define N_IOVEC_META_FIELDS 17
76 #define N_IOVEC_KERNEL_FIELDS 64
78 #define ENTRY_SIZE_MAX (1024*1024*32)
80 typedef enum StdoutStreamState {
81 STDOUT_STREAM_IDENTIFIER,
82 STDOUT_STREAM_UNIT_ID,
83 STDOUT_STREAM_PRIORITY,
84 STDOUT_STREAM_LEVEL_PREFIX,
85 STDOUT_STREAM_FORWARD_TO_SYSLOG,
86 STDOUT_STREAM_FORWARD_TO_KMSG,
87 STDOUT_STREAM_FORWARD_TO_CONSOLE,
93 StdoutStreamState state;
99 security_context_t security_context;
106 bool forward_to_syslog:1;
107 bool forward_to_kmsg:1;
108 bool forward_to_console:1;
110 char buffer[LINE_MAX+1];
113 LIST_FIELDS(StdoutStream, stdout_stream);
116 static const char* const storage_table[] = {
117 [STORAGE_AUTO] = "auto",
118 [STORAGE_VOLATILE] = "volatile",
119 [STORAGE_PERSISTENT] = "persistent",
120 [STORAGE_NONE] = "none"
123 DEFINE_STRING_TABLE_LOOKUP(storage, Storage);
124 DEFINE_CONFIG_PARSE_ENUM(config_parse_storage, storage, Storage, "Failed to parse storage setting");
126 static uint64_t available_space(Server *s) {
131 uint64_t sum = 0, avail = 0, ss_avail = 0;
137 ts = now(CLOCK_MONOTONIC);
139 if (s->cached_available_space_timestamp + RECHECK_AVAILABLE_SPACE_USEC > ts)
140 return s->cached_available_space;
142 r = sd_id128_get_machine(&machine);
146 if (s->system_journal) {
147 f = "/var/log/journal/";
148 m = &s->system_metrics;
150 f = "/run/log/journal/";
151 m = &s->runtime_metrics;
156 p = strappend(f, sd_id128_to_string(machine, ids));
166 if (fstatvfs(dirfd(d), &ss) < 0)
171 struct dirent buf, *de;
173 r = readdir_r(d, &buf, &de);
180 if (!endswith(de->d_name, ".journal") &&
181 !endswith(de->d_name, ".journal~"))
184 if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0)
187 if (!S_ISREG(st.st_mode))
190 sum += (uint64_t) st.st_blocks * 512UL;
193 avail = sum >= m->max_use ? 0 : m->max_use - sum;
195 ss_avail = ss.f_bsize * ss.f_bavail;
197 ss_avail = ss_avail < m->keep_free ? 0 : ss_avail - m->keep_free;
199 if (ss_avail < avail)
202 s->cached_available_space = avail;
203 s->cached_available_space_timestamp = ts;
211 static void server_read_file_gid(Server *s) {
212 const char *adm = "adm";
217 if (s->file_gid_valid)
220 r = get_group_creds(&adm, &s->file_gid);
222 log_warning("Failed to resolve 'adm' group: %s", strerror(-r));
224 /* if we couldn't read the gid, then it will be 0, but that's
225 * fine and we shouldn't try to resolve the group again, so
226 * let's just pretend it worked right-away. */
227 s->file_gid_valid = true;
230 static void server_fix_perms(Server *s, JournalFile *f, uid_t uid) {
235 acl_permset_t permset;
240 server_read_file_gid(s);
242 r = fchmod_and_fchown(f->fd, 0640, 0, s->file_gid);
244 log_warning("Failed to fix access mode/rights on %s, ignoring: %s", f->path, strerror(-r));
250 acl = acl_get_fd(f->fd);
252 log_warning("Failed to read ACL on %s, ignoring: %m", f->path);
256 r = acl_find_uid(acl, uid, &entry);
259 if (acl_create_entry(&acl, &entry) < 0 ||
260 acl_set_tag_type(entry, ACL_USER) < 0 ||
261 acl_set_qualifier(entry, &uid) < 0) {
262 log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
267 if (acl_get_permset(entry, &permset) < 0 ||
268 acl_add_perm(permset, ACL_READ) < 0 ||
269 acl_calc_mask(&acl) < 0) {
270 log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
274 if (acl_set_fd(f->fd, acl) < 0)
275 log_warning("Failed to set ACL on %s, ignoring: %m", f->path);
282 static JournalFile* find_journal(Server *s, uid_t uid) {
290 /* We split up user logs only on /var, not on /run. If the
291 * runtime file is open, we write to it exclusively, in order
292 * to guarantee proper order as soon as we flush /run to
293 * /var and close the runtime file. */
295 if (s->runtime_journal)
296 return s->runtime_journal;
299 return s->system_journal;
301 r = sd_id128_get_machine(&machine);
303 return s->system_journal;
305 f = hashmap_get(s->user_journals, UINT32_TO_PTR(uid));
309 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/user-%lu.journal",
310 SD_ID128_FORMAT_VAL(machine), (unsigned long) uid) < 0)
311 return s->system_journal;
313 while (hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
314 /* Too many open? Then let's close one */
315 f = hashmap_steal_first(s->user_journals);
317 journal_file_close(f);
320 r = journal_file_open_reliably(p, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, s->system_journal, &f);
324 return s->system_journal;
326 server_fix_perms(s, f, uid);
328 r = hashmap_put(s->user_journals, UINT32_TO_PTR(uid), f);
330 journal_file_close(f);
331 return s->system_journal;
337 static void server_rotate(Server *s) {
343 log_info("Rotating...");
345 if (s->runtime_journal) {
346 r = journal_file_rotate(&s->runtime_journal, s->compress, false);
348 if (s->runtime_journal)
349 log_error("Failed to rotate %s: %s", s->runtime_journal->path, strerror(-r));
351 log_error("Failed to create new runtime journal: %s", strerror(-r));
353 server_fix_perms(s, s->runtime_journal, 0);
356 if (s->system_journal) {
357 r = journal_file_rotate(&s->system_journal, s->compress, s->seal);
359 if (s->system_journal)
360 log_error("Failed to rotate %s: %s", s->system_journal->path, strerror(-r));
362 log_error("Failed to create new system journal: %s", strerror(-r));
365 server_fix_perms(s, s->system_journal, 0);
368 HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
369 r = journal_file_rotate(&f, s->compress, s->seal);
372 log_error("Failed to rotate %s: %s", f->path, strerror(-r));
374 log_error("Failed to create user journal: %s", strerror(-r));
376 hashmap_replace(s->user_journals, k, f);
377 server_fix_perms(s, s->system_journal, PTR_TO_UINT32(k));
382 static void server_vacuum(Server *s) {
388 log_info("Vacuuming...");
390 r = sd_id128_get_machine(&machine);
392 log_error("Failed to get machine ID: %s", strerror(-r));
396 sd_id128_to_string(machine, ids);
398 if (s->system_journal) {
399 if (asprintf(&p, "/var/log/journal/%s", ids) < 0) {
404 r = journal_directory_vacuum(p, s->system_metrics.max_use, s->system_metrics.keep_free);
405 if (r < 0 && r != -ENOENT)
406 log_error("Failed to vacuum %s: %s", p, strerror(-r));
410 if (s->runtime_journal) {
411 if (asprintf(&p, "/run/log/journal/%s", ids) < 0) {
416 r = journal_directory_vacuum(p, s->runtime_metrics.max_use, s->runtime_metrics.keep_free);
417 if (r < 0 && r != -ENOENT)
418 log_error("Failed to vacuum %s: %s", p, strerror(-r));
422 s->cached_available_space_timestamp = 0;
425 static char *shortened_cgroup_path(pid_t pid) {
427 char *process_path, *init_path, *path;
431 r = cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, pid, &process_path);
435 r = cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, 1, &init_path);
441 if (endswith(init_path, "/system"))
442 init_path[strlen(init_path) - 7] = 0;
443 else if (streq(init_path, "/"))
446 if (startswith(process_path, init_path)) {
449 p = strdup(process_path + strlen(init_path));
467 static void write_to_journal(Server *s, uid_t uid, struct iovec *iovec, unsigned n) {
469 bool vacuumed = false;
476 f = find_journal(s, uid);
480 if (journal_file_rotate_suggested(f)) {
481 log_info("Journal header limits reached or header out-of-date, rotating.");
486 f = find_journal(s, uid);
492 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
497 (r != -E2BIG && /* hit limit */
498 r != -EFBIG && /* hit fs limit */
499 r != -EDQUOT && /* quota hit */
500 r != -ENOSPC && /* disk full */
501 r != -EBADMSG && /* corrupted */
502 r != -ENODATA && /* truncated */
503 r != -EHOSTDOWN && /* other machine */
504 r != -EPROTONOSUPPORT && /* unsupported feature */
505 r != -EBUSY && /* unclean shutdown */
506 r != -ESHUTDOWN /* already archived */)) {
507 log_error("Failed to write entry, ignoring: %s", strerror(-r));
511 if (r == -E2BIG || r == -EFBIG || r == EDQUOT || r == ENOSPC)
512 log_info("Allocation limit reached, rotating.");
513 else if (r == -EHOSTDOWN)
514 log_info("Journal file from other machine, rotating.");
515 else if (r == -EBUSY)
516 log_info("Unlcean shutdown, rotating.");
518 log_warning("Journal file corrupted, rotating.");
524 f = find_journal(s, uid);
528 log_info("Retrying write.");
532 static void dispatch_message_real(
534 struct iovec *iovec, unsigned n, unsigned m,
537 const char *label, size_t label_len,
538 const char *unit_id) {
540 char *pid = NULL, *uid = NULL, *gid = NULL,
541 *source_time = NULL, *boot_id = NULL, *machine_id = NULL,
542 *comm = NULL, *cmdline = NULL, *hostname = NULL,
543 *audit_session = NULL, *audit_loginuid = NULL,
544 *exe = NULL, *cgroup = NULL, *session = NULL,
545 *owner_uid = NULL, *unit = NULL, *selinux_context = NULL;
551 uid_t loginuid = 0, realuid = 0;
556 assert(n + N_IOVEC_META_FIELDS <= m);
564 realuid = ucred->uid;
566 if (asprintf(&pid, "_PID=%lu", (unsigned long) ucred->pid) >= 0)
567 IOVEC_SET_STRING(iovec[n++], pid);
569 if (asprintf(&uid, "_UID=%lu", (unsigned long) ucred->uid) >= 0)
570 IOVEC_SET_STRING(iovec[n++], uid);
572 if (asprintf(&gid, "_GID=%lu", (unsigned long) ucred->gid) >= 0)
573 IOVEC_SET_STRING(iovec[n++], gid);
575 r = get_process_comm(ucred->pid, &t);
577 comm = strappend("_COMM=", t);
581 IOVEC_SET_STRING(iovec[n++], comm);
584 r = get_process_exe(ucred->pid, &t);
586 exe = strappend("_EXE=", t);
590 IOVEC_SET_STRING(iovec[n++], exe);
593 r = get_process_cmdline(ucred->pid, LINE_MAX, false, &t);
595 cmdline = strappend("_CMDLINE=", t);
599 IOVEC_SET_STRING(iovec[n++], cmdline);
602 r = audit_session_from_pid(ucred->pid, &audit);
604 if (asprintf(&audit_session, "_AUDIT_SESSION=%lu", (unsigned long) audit) >= 0)
605 IOVEC_SET_STRING(iovec[n++], audit_session);
607 r = audit_loginuid_from_pid(ucred->pid, &loginuid);
609 if (asprintf(&audit_loginuid, "_AUDIT_LOGINUID=%lu", (unsigned long) loginuid) >= 0)
610 IOVEC_SET_STRING(iovec[n++], audit_loginuid);
612 t = shortened_cgroup_path(ucred->pid);
614 cgroup = strappend("_SYSTEMD_CGROUP=", t);
618 IOVEC_SET_STRING(iovec[n++], cgroup);
622 if (sd_pid_get_session(ucred->pid, &t) >= 0) {
623 session = strappend("_SYSTEMD_SESSION=", t);
627 IOVEC_SET_STRING(iovec[n++], session);
630 if (sd_pid_get_owner_uid(ucred->uid, &owner) >= 0)
631 if (asprintf(&owner_uid, "_SYSTEMD_OWNER_UID=%lu", (unsigned long) owner) >= 0)
632 IOVEC_SET_STRING(iovec[n++], owner_uid);
635 if (cg_pid_get_unit(ucred->pid, &t) >= 0) {
636 unit = strappend("_SYSTEMD_UNIT=", t);
639 unit = strappend("_SYSTEMD_UNIT=", unit_id);
642 IOVEC_SET_STRING(iovec[n++], unit);
646 selinux_context = malloc(sizeof("_SELINUX_CONTEXT=") + label_len);
647 if (selinux_context) {
648 memcpy(selinux_context, "_SELINUX_CONTEXT=", sizeof("_SELINUX_CONTEXT=")-1);
649 memcpy(selinux_context+sizeof("_SELINUX_CONTEXT=")-1, label, label_len);
650 selinux_context[sizeof("_SELINUX_CONTEXT=")-1+label_len] = 0;
651 IOVEC_SET_STRING(iovec[n++], selinux_context);
654 security_context_t con;
656 if (getpidcon(ucred->pid, &con) >= 0) {
657 selinux_context = strappend("_SELINUX_CONTEXT=", con);
659 IOVEC_SET_STRING(iovec[n++], selinux_context);
668 if (asprintf(&source_time, "_SOURCE_REALTIME_TIMESTAMP=%llu",
669 (unsigned long long) timeval_load(tv)) >= 0)
670 IOVEC_SET_STRING(iovec[n++], source_time);
673 /* Note that strictly speaking storing the boot id here is
674 * redundant since the entry includes this in-line
675 * anyway. However, we need this indexed, too. */
676 r = sd_id128_get_boot(&id);
678 if (asprintf(&boot_id, "_BOOT_ID=%s", sd_id128_to_string(id, idbuf)) >= 0)
679 IOVEC_SET_STRING(iovec[n++], boot_id);
681 r = sd_id128_get_machine(&id);
683 if (asprintf(&machine_id, "_MACHINE_ID=%s", sd_id128_to_string(id, idbuf)) >= 0)
684 IOVEC_SET_STRING(iovec[n++], machine_id);
686 t = gethostname_malloc();
688 hostname = strappend("_HOSTNAME=", t);
691 IOVEC_SET_STRING(iovec[n++], hostname);
696 write_to_journal(s, realuid == 0 ? 0 : loginuid, iovec, n);
709 free(audit_loginuid);
714 free(selinux_context);
717 static void driver_message(Server *s, sd_id128_t message_id, const char *format, ...) {
718 char mid[11 + 32 + 1];
719 char buffer[16 + LINE_MAX + 1];
720 struct iovec iovec[N_IOVEC_META_FIELDS + 4];
728 IOVEC_SET_STRING(iovec[n++], "PRIORITY=6");
729 IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=driver");
731 memcpy(buffer, "MESSAGE=", 8);
732 va_start(ap, format);
733 vsnprintf(buffer + 8, sizeof(buffer) - 8, format, ap);
735 char_array_0(buffer);
736 IOVEC_SET_STRING(iovec[n++], buffer);
738 snprintf(mid, sizeof(mid), "MESSAGE_ID=" SD_ID128_FORMAT_STR, SD_ID128_FORMAT_VAL(message_id));
740 IOVEC_SET_STRING(iovec[n++], mid);
743 ucred.pid = getpid();
744 ucred.uid = getuid();
745 ucred.gid = getgid();
747 dispatch_message_real(s, iovec, n, ELEMENTSOF(iovec), &ucred, NULL, NULL, 0, NULL);
750 static void dispatch_message(Server *s,
751 struct iovec *iovec, unsigned n, unsigned m,
754 const char *label, size_t label_len,
758 char *path = NULL, *c;
761 assert(iovec || n == 0);
766 if (LOG_PRI(priority) > s->max_level_store)
772 path = shortened_cgroup_path(ucred->pid);
776 /* example: /user/lennart/3/foobar
777 * /system/dbus.service/foobar
779 * So let's cut of everything past the third /, since that is
780 * wher user directories start */
782 c = strchr(path, '/');
784 c = strchr(c+1, '/');
786 c = strchr(c+1, '/');
792 rl = journal_rate_limit_test(s->rate_limit, path, priority & LOG_PRIMASK, available_space(s));
799 /* Write a suppression message if we suppressed something */
801 driver_message(s, SD_MESSAGE_JOURNAL_DROPPED, "Suppressed %u messages from %s", rl - 1, path);
806 dispatch_message_real(s, iovec, n, m, ucred, tv, label, label_len, unit_id);
809 static void forward_syslog_iovec(Server *s, const struct iovec *iovec, unsigned n_iovec, struct ucred *ucred, struct timeval *tv) {
810 struct msghdr msghdr;
811 struct cmsghdr *cmsg;
813 struct cmsghdr cmsghdr;
814 uint8_t buf[CMSG_SPACE(sizeof(struct ucred))];
816 union sockaddr_union sa;
823 msghdr.msg_iov = (struct iovec*) iovec;
824 msghdr.msg_iovlen = n_iovec;
827 sa.un.sun_family = AF_UNIX;
828 strncpy(sa.un.sun_path, "/run/systemd/journal/syslog", sizeof(sa.un.sun_path));
829 msghdr.msg_name = &sa;
830 msghdr.msg_namelen = offsetof(union sockaddr_union, un.sun_path) + strlen(sa.un.sun_path);
834 msghdr.msg_control = &control;
835 msghdr.msg_controllen = sizeof(control);
837 cmsg = CMSG_FIRSTHDR(&msghdr);
838 cmsg->cmsg_level = SOL_SOCKET;
839 cmsg->cmsg_type = SCM_CREDENTIALS;
840 cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
841 memcpy(CMSG_DATA(cmsg), ucred, sizeof(struct ucred));
842 msghdr.msg_controllen = cmsg->cmsg_len;
845 /* Forward the syslog message we received via /dev/log to
846 * /run/systemd/syslog. Unfortunately we currently can't set
847 * the SO_TIMESTAMP auxiliary data, and hence we don't. */
849 if (sendmsg(s->syslog_fd, &msghdr, MSG_NOSIGNAL) >= 0)
852 /* The socket is full? I guess the syslog implementation is
853 * too slow, and we shouldn't wait for that... */
857 if (ucred && errno == ESRCH) {
860 /* Hmm, presumably the sender process vanished
861 * by now, so let's fix it as good as we
866 memcpy(CMSG_DATA(cmsg), &u, sizeof(struct ucred));
868 if (sendmsg(s->syslog_fd, &msghdr, MSG_NOSIGNAL) >= 0)
876 log_debug("Failed to forward syslog message: %m");
879 static void forward_syslog_raw(Server *s, int priority, const char *buffer, struct ucred *ucred, struct timeval *tv) {
885 if (LOG_PRI(priority) > s->max_level_syslog)
888 IOVEC_SET_STRING(iovec, buffer);
889 forward_syslog_iovec(s, &iovec, 1, ucred, tv);
892 static void forward_syslog(Server *s, int priority, const char *identifier, const char *message, struct ucred *ucred, struct timeval *tv) {
893 struct iovec iovec[5];
894 char header_priority[6], header_time[64], header_pid[16];
898 char *ident_buf = NULL;
901 assert(priority >= 0);
902 assert(priority <= 999);
905 if (LOG_PRI(priority) > s->max_level_syslog)
908 /* First: priority field */
909 snprintf(header_priority, sizeof(header_priority), "<%i>", priority);
910 char_array_0(header_priority);
911 IOVEC_SET_STRING(iovec[n++], header_priority);
913 /* Second: timestamp */
914 t = tv ? tv->tv_sec : ((time_t) (now(CLOCK_REALTIME) / USEC_PER_SEC));
918 if (strftime(header_time, sizeof(header_time), "%h %e %T ", tm) <= 0)
920 IOVEC_SET_STRING(iovec[n++], header_time);
922 /* Third: identifier and PID */
925 get_process_comm(ucred->pid, &ident_buf);
926 identifier = ident_buf;
929 snprintf(header_pid, sizeof(header_pid), "[%lu]: ", (unsigned long) ucred->pid);
930 char_array_0(header_pid);
933 IOVEC_SET_STRING(iovec[n++], identifier);
935 IOVEC_SET_STRING(iovec[n++], header_pid);
936 } else if (identifier) {
937 IOVEC_SET_STRING(iovec[n++], identifier);
938 IOVEC_SET_STRING(iovec[n++], ": ");
941 /* Fourth: message */
942 IOVEC_SET_STRING(iovec[n++], message);
944 forward_syslog_iovec(s, iovec, n, ucred, tv);
949 static int fixup_priority(int priority) {
951 if ((priority & LOG_FACMASK) == 0)
952 return (priority & LOG_PRIMASK) | LOG_USER;
957 static void forward_kmsg(Server *s, int priority, const char *identifier, const char *message, struct ucred *ucred) {
958 struct iovec iovec[5];
959 char header_priority[6], header_pid[16];
961 char *ident_buf = NULL;
964 assert(priority >= 0);
965 assert(priority <= 999);
968 if (_unlikely_(LOG_PRI(priority) > s->max_level_kmsg))
971 if (_unlikely_(s->dev_kmsg_fd < 0))
974 /* Never allow messages with kernel facility to be written to
975 * kmsg, regardless where the data comes from. */
976 priority = fixup_priority(priority);
978 /* First: priority field */
979 snprintf(header_priority, sizeof(header_priority), "<%i>", priority);
980 char_array_0(header_priority);
981 IOVEC_SET_STRING(iovec[n++], header_priority);
983 /* Second: identifier and PID */
986 get_process_comm(ucred->pid, &ident_buf);
987 identifier = ident_buf;
990 snprintf(header_pid, sizeof(header_pid), "[%lu]: ", (unsigned long) ucred->pid);
991 char_array_0(header_pid);
994 IOVEC_SET_STRING(iovec[n++], identifier);
996 IOVEC_SET_STRING(iovec[n++], header_pid);
997 } else if (identifier) {
998 IOVEC_SET_STRING(iovec[n++], identifier);
999 IOVEC_SET_STRING(iovec[n++], ": ");
1002 /* Fourth: message */
1003 IOVEC_SET_STRING(iovec[n++], message);
1004 IOVEC_SET_STRING(iovec[n++], "\n");
1006 if (writev(s->dev_kmsg_fd, iovec, n) < 0)
1007 log_debug("Failed to write to /dev/kmsg for logging: %s", strerror(errno));
1012 static void forward_console(Server *s, int priority, const char *identifier, const char *message, struct ucred *ucred) {
1013 struct iovec iovec[4];
1014 char header_pid[16];
1016 char *ident_buf = NULL;
1022 if (LOG_PRI(priority) > s->max_level_console)
1025 /* First: identifier and PID */
1028 get_process_comm(ucred->pid, &ident_buf);
1029 identifier = ident_buf;
1032 snprintf(header_pid, sizeof(header_pid), "[%lu]: ", (unsigned long) ucred->pid);
1033 char_array_0(header_pid);
1036 IOVEC_SET_STRING(iovec[n++], identifier);
1038 IOVEC_SET_STRING(iovec[n++], header_pid);
1039 } else if (identifier) {
1040 IOVEC_SET_STRING(iovec[n++], identifier);
1041 IOVEC_SET_STRING(iovec[n++], ": ");
1044 /* Third: message */
1045 IOVEC_SET_STRING(iovec[n++], message);
1046 IOVEC_SET_STRING(iovec[n++], "\n");
1048 tty = s->tty_path ? s->tty_path : "/dev/console";
1050 fd = open_terminal(tty, O_WRONLY|O_NOCTTY|O_CLOEXEC);
1052 log_debug("Failed to open %s for logging: %s", tty, strerror(errno));
1056 if (writev(fd, iovec, n) < 0)
1057 log_debug("Failed to write to %s for logging: %s", tty, strerror(errno));
1059 close_nointr_nofail(fd);
1065 static void read_identifier(const char **buf, char **identifier, char **pid) {
1076 p += strspn(p, WHITESPACE);
1077 l = strcspn(p, WHITESPACE);
1086 if (p[l-1] == ']') {
1092 t = strndup(p+k+1, l-k-2);
1112 *buf += strspn(*buf, WHITESPACE);
1115 static void process_syslog_message(Server *s, const char *buf, struct ucred *ucred, struct timeval *tv, const char *label, size_t label_len) {
1116 char *message = NULL, *syslog_priority = NULL, *syslog_facility = NULL, *syslog_identifier = NULL, *syslog_pid = NULL;
1117 struct iovec iovec[N_IOVEC_META_FIELDS + 6];
1119 int priority = LOG_USER | LOG_INFO;
1120 char *identifier = NULL, *pid = NULL;
1127 parse_syslog_priority((char**) &buf, &priority);
1129 if (s->forward_to_syslog)
1130 forward_syslog_raw(s, priority, orig, ucred, tv);
1132 skip_syslog_date((char**) &buf);
1133 read_identifier(&buf, &identifier, &pid);
1135 if (s->forward_to_kmsg)
1136 forward_kmsg(s, priority, identifier, buf, ucred);
1138 if (s->forward_to_console)
1139 forward_console(s, priority, identifier, buf, ucred);
1141 IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=syslog");
1143 if (asprintf(&syslog_priority, "PRIORITY=%i", priority & LOG_PRIMASK) >= 0)
1144 IOVEC_SET_STRING(iovec[n++], syslog_priority);
1146 if (priority & LOG_FACMASK)
1147 if (asprintf(&syslog_facility, "SYSLOG_FACILITY=%i", LOG_FAC(priority)) >= 0)
1148 IOVEC_SET_STRING(iovec[n++], syslog_facility);
1151 syslog_identifier = strappend("SYSLOG_IDENTIFIER=", identifier);
1152 if (syslog_identifier)
1153 IOVEC_SET_STRING(iovec[n++], syslog_identifier);
1157 syslog_pid = strappend("SYSLOG_PID=", pid);
1159 IOVEC_SET_STRING(iovec[n++], syslog_pid);
1162 message = strappend("MESSAGE=", buf);
1164 IOVEC_SET_STRING(iovec[n++], message);
1166 dispatch_message(s, iovec, n, ELEMENTSOF(iovec), ucred, tv, label, label_len, NULL, priority);
1171 free(syslog_priority);
1172 free(syslog_facility);
1173 free(syslog_identifier);
1177 static bool valid_user_field(const char *p, size_t l) {
1180 /* We kinda enforce POSIX syntax recommendations for
1181 environment variables here, but make a couple of additional
1184 http://pubs.opengroup.org/onlinepubs/000095399/basedefs/xbd_chap08.html */
1186 /* No empty field names */
1190 /* Don't allow names longer than 64 chars */
1194 /* Variables starting with an underscore are protected */
1198 /* Don't allow digits as first character */
1199 if (p[0] >= '0' && p[0] <= '9')
1202 /* Only allow A-Z0-9 and '_' */
1203 for (a = p; a < p + l; a++)
1204 if (!((*a >= 'A' && *a <= 'Z') ||
1205 (*a >= '0' && *a <= '9') ||
1212 static void process_native_message(
1214 const void *buffer, size_t buffer_size,
1215 struct ucred *ucred,
1217 const char *label, size_t label_len) {
1219 struct iovec *iovec = NULL;
1220 unsigned n = 0, m = 0, j, tn = (unsigned) -1;
1223 int priority = LOG_INFO;
1224 char *identifier = NULL, *message = NULL;
1227 assert(buffer || buffer_size == 0);
1230 remaining = buffer_size;
1232 while (remaining > 0) {
1235 e = memchr(p, '\n', remaining);
1238 /* Trailing noise, let's ignore it, and flush what we collected */
1239 log_debug("Received message with trailing noise, ignoring.");
1244 /* Entry separator */
1245 dispatch_message(s, iovec, n, m, ucred, tv, label, label_len, NULL, priority);
1247 priority = LOG_INFO;
1254 if (*p == '.' || *p == '#') {
1255 /* Ignore control commands for now, and
1257 remaining -= (e - p) + 1;
1262 /* A property follows */
1264 if (n+N_IOVEC_META_FIELDS >= m) {
1268 u = MAX((n+N_IOVEC_META_FIELDS+1) * 2U, 4U);
1269 c = realloc(iovec, u * sizeof(struct iovec));
1279 q = memchr(p, '=', e - p);
1281 if (valid_user_field(p, q - p)) {
1286 /* If the field name starts with an
1287 * underscore, skip the variable,
1288 * since that indidates a trusted
1290 iovec[n].iov_base = (char*) p;
1291 iovec[n].iov_len = l;
1294 /* We need to determine the priority
1295 * of this entry for the rate limiting
1298 memcmp(p, "PRIORITY=", 9) == 0 &&
1299 p[9] >= '0' && p[9] <= '9')
1300 priority = (priority & LOG_FACMASK) | (p[9] - '0');
1303 memcmp(p, "SYSLOG_FACILITY=", 16) == 0 &&
1304 p[16] >= '0' && p[16] <= '9')
1305 priority = (priority & LOG_PRIMASK) | ((p[16] - '0') << 3);
1308 memcmp(p, "SYSLOG_FACILITY=", 16) == 0 &&
1309 p[16] >= '0' && p[16] <= '9' &&
1310 p[17] >= '0' && p[17] <= '9')
1311 priority = (priority & LOG_PRIMASK) | (((p[16] - '0')*10 + (p[17] - '0')) << 3);
1314 memcmp(p, "SYSLOG_IDENTIFIER=", 18) == 0) {
1317 t = strndup(p + 18, l - 18);
1322 } else if (l >= 8 &&
1323 memcmp(p, "MESSAGE=", 8) == 0) {
1326 t = strndup(p + 8, l - 8);
1334 remaining -= (e - p) + 1;
1342 if (remaining < e - p + 1 + sizeof(uint64_t) + 1) {
1343 log_debug("Failed to parse message, ignoring.");
1347 memcpy(&l_le, e + 1, sizeof(uint64_t));
1350 if (remaining < e - p + 1 + sizeof(uint64_t) + l + 1 ||
1351 e[1+sizeof(uint64_t)+l] != '\n') {
1352 log_debug("Failed to parse message, ignoring.");
1356 k = malloc((e - p) + 1 + l);
1362 memcpy(k, p, e - p);
1364 memcpy(k + (e - p) + 1, e + 1 + sizeof(uint64_t), l);
1366 if (valid_user_field(p, e - p)) {
1367 iovec[n].iov_base = k;
1368 iovec[n].iov_len = (e - p) + 1 + l;
1373 remaining -= (e - p) + 1 + sizeof(uint64_t) + l + 1;
1374 p = e + 1 + sizeof(uint64_t) + l + 1;
1382 IOVEC_SET_STRING(iovec[tn], "_TRANSPORT=journal");
1385 if (s->forward_to_syslog)
1386 forward_syslog(s, priority, identifier, message, ucred, tv);
1388 if (s->forward_to_kmsg)
1389 forward_kmsg(s, priority, identifier, message, ucred);
1391 if (s->forward_to_console)
1392 forward_console(s, priority, identifier, message, ucred);
1395 dispatch_message(s, iovec, n, m, ucred, tv, label, label_len, NULL, priority);
1398 for (j = 0; j < n; j++) {
1402 if (iovec[j].iov_base < buffer ||
1403 (const uint8_t*) iovec[j].iov_base >= (const uint8_t*) buffer + buffer_size)
1404 free(iovec[j].iov_base);
1412 static void process_native_file(
1415 struct ucred *ucred,
1417 const char *label, size_t label_len) {
1426 /* Data is in the passed file, since it didn't fit in a
1427 * datagram. We can't map the file here, since clients might
1428 * then truncate it and trigger a SIGBUS for us. So let's
1429 * stupidly read it */
1431 if (fstat(fd, &st) < 0) {
1432 log_error("Failed to stat passed file, ignoring: %m");
1436 if (!S_ISREG(st.st_mode)) {
1437 log_error("File passed is not regular. Ignoring.");
1441 if (st.st_size <= 0)
1444 if (st.st_size > ENTRY_SIZE_MAX) {
1445 log_error("File passed too large. Ignoring.");
1449 p = malloc(st.st_size);
1455 n = pread(fd, p, st.st_size, 0);
1457 log_error("Failed to read file, ignoring: %s", strerror(-n));
1459 process_native_message(s, p, n, ucred, tv, label, label_len);
1464 static int stdout_stream_log(StdoutStream *s, const char *p) {
1465 struct iovec iovec[N_IOVEC_META_FIELDS + 5];
1466 char *message = NULL, *syslog_priority = NULL, *syslog_facility = NULL, *syslog_identifier = NULL;
1470 size_t label_len = 0;
1478 priority = s->priority;
1480 if (s->level_prefix)
1481 parse_syslog_priority((char**) &p, &priority);
1483 if (s->forward_to_syslog || s->server->forward_to_syslog)
1484 forward_syslog(s->server, fixup_priority(priority), s->identifier, p, &s->ucred, NULL);
1486 if (s->forward_to_kmsg || s->server->forward_to_kmsg)
1487 forward_kmsg(s->server, priority, s->identifier, p, &s->ucred);
1489 if (s->forward_to_console || s->server->forward_to_console)
1490 forward_console(s->server, priority, s->identifier, p, &s->ucred);
1492 IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=stdout");
1494 if (asprintf(&syslog_priority, "PRIORITY=%i", priority & LOG_PRIMASK) >= 0)
1495 IOVEC_SET_STRING(iovec[n++], syslog_priority);
1497 if (priority & LOG_FACMASK)
1498 if (asprintf(&syslog_facility, "SYSLOG_FACILITY=%i", LOG_FAC(priority)) >= 0)
1499 IOVEC_SET_STRING(iovec[n++], syslog_facility);
1501 if (s->identifier) {
1502 syslog_identifier = strappend("SYSLOG_IDENTIFIER=", s->identifier);
1503 if (syslog_identifier)
1504 IOVEC_SET_STRING(iovec[n++], syslog_identifier);
1507 message = strappend("MESSAGE=", p);
1509 IOVEC_SET_STRING(iovec[n++], message);
1512 if (s->security_context) {
1513 label = (char*) s->security_context;
1514 label_len = strlen((char*) s->security_context);
1518 dispatch_message(s->server, iovec, n, ELEMENTSOF(iovec), &s->ucred, NULL, label, label_len, s->unit_id, priority);
1521 free(syslog_priority);
1522 free(syslog_facility);
1523 free(syslog_identifier);
1528 static int stdout_stream_line(StdoutStream *s, char *p) {
1538 case STDOUT_STREAM_IDENTIFIER:
1540 s->identifier = NULL;
1542 s->identifier = strdup(p);
1547 s->state = STDOUT_STREAM_UNIT_ID;
1550 case STDOUT_STREAM_UNIT_ID:
1551 if (s->ucred.uid == 0) {
1555 s->unit_id = strdup(p);
1561 s->state = STDOUT_STREAM_PRIORITY;
1564 case STDOUT_STREAM_PRIORITY:
1565 r = safe_atoi(p, &s->priority);
1566 if (r < 0 || s->priority <= 0 || s->priority >= 999) {
1567 log_warning("Failed to parse log priority line.");
1571 s->state = STDOUT_STREAM_LEVEL_PREFIX;
1574 case STDOUT_STREAM_LEVEL_PREFIX:
1575 r = parse_boolean(p);
1577 log_warning("Failed to parse level prefix line.");
1581 s->level_prefix = !!r;
1582 s->state = STDOUT_STREAM_FORWARD_TO_SYSLOG;
1585 case STDOUT_STREAM_FORWARD_TO_SYSLOG:
1586 r = parse_boolean(p);
1588 log_warning("Failed to parse forward to syslog line.");
1592 s->forward_to_syslog = !!r;
1593 s->state = STDOUT_STREAM_FORWARD_TO_KMSG;
1596 case STDOUT_STREAM_FORWARD_TO_KMSG:
1597 r = parse_boolean(p);
1599 log_warning("Failed to parse copy to kmsg line.");
1603 s->forward_to_kmsg = !!r;
1604 s->state = STDOUT_STREAM_FORWARD_TO_CONSOLE;
1607 case STDOUT_STREAM_FORWARD_TO_CONSOLE:
1608 r = parse_boolean(p);
1610 log_warning("Failed to parse copy to console line.");
1614 s->forward_to_console = !!r;
1615 s->state = STDOUT_STREAM_RUNNING;
1618 case STDOUT_STREAM_RUNNING:
1619 return stdout_stream_log(s, p);
1622 assert_not_reached("Unknown stream state");
1625 static int stdout_stream_scan(StdoutStream *s, bool force_flush) {
1633 remaining = s->length;
1638 end = memchr(p, '\n', remaining);
1641 else if (remaining >= sizeof(s->buffer) - 1) {
1642 end = p + sizeof(s->buffer) - 1;
1649 r = stdout_stream_line(s, p);
1657 if (force_flush && remaining > 0) {
1659 r = stdout_stream_line(s, p);
1667 if (p > s->buffer) {
1668 memmove(s->buffer, p, remaining);
1669 s->length = remaining;
1675 static int stdout_stream_process(StdoutStream *s) {
1681 l = read(s->fd, s->buffer+s->length, sizeof(s->buffer)-1-s->length);
1684 if (errno == EAGAIN)
1687 log_warning("Failed to read from stream: %m");
1692 r = stdout_stream_scan(s, true);
1700 r = stdout_stream_scan(s, false);
1708 static void stdout_stream_free(StdoutStream *s) {
1712 assert(s->server->n_stdout_streams > 0);
1713 s->server->n_stdout_streams --;
1714 LIST_REMOVE(StdoutStream, stdout_stream, s->server->stdout_streams, s);
1719 epoll_ctl(s->server->epoll_fd, EPOLL_CTL_DEL, s->fd, NULL);
1721 close_nointr_nofail(s->fd);
1725 if (s->security_context)
1726 freecon(s->security_context);
1729 free(s->identifier);
1733 static int stdout_stream_new(Server *s) {
1734 StdoutStream *stream;
1737 struct epoll_event ev;
1741 fd = accept4(s->stdout_fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
1743 if (errno == EAGAIN)
1746 log_error("Failed to accept stdout connection: %m");
1750 if (s->n_stdout_streams >= STDOUT_STREAMS_MAX) {
1751 log_warning("Too many stdout streams, refusing connection.");
1752 close_nointr_nofail(fd);
1756 stream = new0(StdoutStream, 1);
1758 close_nointr_nofail(fd);
1764 len = sizeof(stream->ucred);
1765 if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &stream->ucred, &len) < 0) {
1766 log_error("Failed to determine peer credentials: %m");
1772 if (getpeercon(fd, &stream->security_context) < 0 && errno != ENOPROTOOPT)
1773 log_error("Failed to determine peer security context: %m");
1776 if (shutdown(fd, SHUT_WR) < 0) {
1777 log_error("Failed to shutdown writing side of socket: %m");
1783 ev.data.ptr = stream;
1784 ev.events = EPOLLIN;
1785 if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, fd, &ev) < 0) {
1786 log_error("Failed to add stream to event loop: %m");
1792 LIST_PREPEND(StdoutStream, stdout_stream, s->stdout_streams, stream);
1793 s->n_stdout_streams ++;
1798 stdout_stream_free(stream);
1802 static bool is_us(const char *pid) {
1807 if (parse_pid(pid, &t) < 0)
1810 return t == getpid();
1813 static void dev_kmsg_record(Server *s, char *p, size_t l) {
1814 struct iovec iovec[N_IOVEC_META_FIELDS + 7 + N_IOVEC_KERNEL_FIELDS];
1815 char *message = NULL, *syslog_priority = NULL, *syslog_pid = NULL, *syslog_facility = NULL, *syslog_identifier = NULL, *source_time = NULL;
1817 unsigned n = 0, z = 0, j;
1819 char *identifier = NULL, *pid = NULL, *e, *f, *k;
1829 e = memchr(p, ',', l);
1834 r = safe_atoi(p, &priority);
1835 if (r < 0 || priority < 0 || priority > 999)
1838 if (s->forward_to_kmsg && (priority & LOG_FACMASK) != LOG_KERN)
1843 e = memchr(p, ',', l);
1848 r = safe_atou64(p, &serial);
1852 if (s->kernel_seqnum) {
1853 /* We already read this one? */
1854 if (serial < *s->kernel_seqnum)
1857 /* Did we lose any? */
1858 if (serial > *s->kernel_seqnum)
1859 driver_message(s, SD_MESSAGE_JOURNAL_MISSED, "Missed %llu kernel messages", (unsigned long long) serial - *s->kernel_seqnum - 1);
1861 /* Make sure we never read this one again. Note that
1862 * we always store the next message serial we expect
1863 * here, simply because this makes handling the first
1864 * message with serial 0 easy. */
1865 *s->kernel_seqnum = serial + 1;
1870 f = memchr(p, ';', l);
1873 /* Kernel 3.6 has the flags field, kernel 3.5 lacks that */
1874 e = memchr(p, ',', l);
1879 r = parse_usec(p, &usec);
1885 e = memchr(p, '\n', l);
1894 for (j = 0; l > 0 && j < N_IOVEC_KERNEL_FIELDS; j++) {
1896 /* Meta data fields attached */
1903 e = memchr(k, '\n', l);
1909 m = cunescape_length_with_prefix(k, e - k, "_KERNEL_");
1913 IOVEC_SET_STRING(iovec[n++], m);
1920 if (asprintf(&source_time, "_SOURCE_MONOTONIC_TIMESTAMP=%llu",
1921 (unsigned long long) usec) >= 0)
1922 IOVEC_SET_STRING(iovec[n++], source_time);
1924 IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=kernel");
1926 if (asprintf(&syslog_priority, "PRIORITY=%i", priority & LOG_PRIMASK) >= 0)
1927 IOVEC_SET_STRING(iovec[n++], syslog_priority);
1929 if ((priority & LOG_FACMASK) == LOG_KERN)
1930 IOVEC_SET_STRING(iovec[n++], "SYSLOG_IDENTIFIER=kernel");
1932 read_identifier((const char**) &p, &identifier, &pid);
1934 /* Avoid any messages we generated ourselves via
1935 * log_info() and friends. */
1936 if (pid && is_us(pid))
1940 syslog_identifier = strappend("SYSLOG_IDENTIFIER=", identifier);
1941 if (syslog_identifier)
1942 IOVEC_SET_STRING(iovec[n++], syslog_identifier);
1946 syslog_pid = strappend("SYSLOG_PID=", pid);
1948 IOVEC_SET_STRING(iovec[n++], syslog_pid);
1951 if (asprintf(&syslog_facility, "SYSLOG_FACILITY=%i", LOG_FAC(priority)) >= 0)
1952 IOVEC_SET_STRING(iovec[n++], syslog_facility);
1955 message = cunescape_length_with_prefix(p, pl, "MESSAGE=");
1957 IOVEC_SET_STRING(iovec[n++], message);
1959 dispatch_message(s, iovec, n, ELEMENTSOF(iovec), NULL, NULL, NULL, 0, NULL, priority);
1962 for (j = 0; j < z; j++)
1963 free(iovec[j].iov_base);
1966 free(syslog_priority);
1967 free(syslog_identifier);
1969 free(syslog_facility);
1975 static int system_journal_open(Server *s) {
1981 r = sd_id128_get_machine(&machine);
1985 sd_id128_to_string(machine, ids);
1987 if (!s->system_journal &&
1988 (s->storage == STORAGE_PERSISTENT || s->storage == STORAGE_AUTO) &&
1989 access("/run/systemd/journal/flushed", F_OK) >= 0) {
1991 /* If in auto mode: first try to create the machine
1992 * path, but not the prefix.
1994 * If in persistent mode: create /var/log/journal and
1995 * the machine path */
1997 if (s->storage == STORAGE_PERSISTENT)
1998 (void) mkdir("/var/log/journal/", 0755);
2000 fn = strappend("/var/log/journal/", ids);
2004 (void) mkdir(fn, 0755);
2007 fn = strjoin("/var/log/journal/", ids, "/system.journal", NULL);
2011 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &s->system_journal);
2015 server_fix_perms(s, s->system_journal, 0);
2018 if (r != -ENOENT && r != -EROFS)
2019 log_warning("Failed to open system journal: %s", strerror(-r));
2025 if (!s->runtime_journal &&
2026 (s->storage != STORAGE_NONE)) {
2028 fn = strjoin("/run/log/journal/", ids, "/system.journal", NULL);
2032 if (s->system_journal) {
2034 /* Try to open the runtime journal, but only
2035 * if it already exists, so that we can flush
2036 * it into the system journal */
2038 r = journal_file_open(fn, O_RDWR, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
2043 log_warning("Failed to open runtime journal: %s", strerror(-r));
2050 /* OK, we really need the runtime journal, so create
2051 * it if necessary. */
2053 (void) mkdir_parents(fn, 0755);
2054 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
2058 log_error("Failed to open runtime journal: %s", strerror(-r));
2063 if (s->runtime_journal)
2064 server_fix_perms(s, s->runtime_journal, 0);
2070 static int server_flush_to_var(Server *s) {
2078 if (s->storage != STORAGE_AUTO &&
2079 s->storage != STORAGE_PERSISTENT)
2082 if (!s->runtime_journal)
2085 system_journal_open(s);
2087 if (!s->system_journal)
2090 log_info("Flushing to /var...");
2092 r = sd_id128_get_machine(&machine);
2094 log_error("Failed to get machine id: %s", strerror(-r));
2098 r = sd_journal_open(&j, SD_JOURNAL_RUNTIME_ONLY);
2100 log_error("Failed to read runtime journal: %s", strerror(-r));
2104 SD_JOURNAL_FOREACH(j) {
2107 f = j->current_file;
2108 assert(f && f->current_offset > 0);
2110 r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
2112 log_error("Can't read entry: %s", strerror(-r));
2116 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
2118 log_info("Allocation limit reached.");
2120 journal_file_post_change(s->system_journal);
2124 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
2128 log_error("Can't write entry: %s", strerror(-r));
2134 journal_file_post_change(s->system_journal);
2136 journal_file_close(s->runtime_journal);
2137 s->runtime_journal = NULL;
2140 rm_rf("/run/log/journal", false, true, false);
2145 static int server_read_dev_kmsg(Server *s) {
2146 char buffer[8192+1]; /* the kernel-side limit per record is 8K currently */
2150 assert(s->dev_kmsg_fd >= 0);
2152 l = read(s->dev_kmsg_fd, buffer, sizeof(buffer) - 1);
2156 /* Old kernels who don't allow reading from /dev/kmsg
2157 * return EINVAL when we try. So handle this cleanly,
2158 * but don' try to ever read from it again. */
2159 if (errno == EINVAL) {
2160 epoll_ctl(s->epoll_fd, EPOLL_CTL_DEL, s->dev_kmsg_fd, NULL);
2164 if (errno == EAGAIN || errno == EINTR || errno == EPIPE)
2167 log_error("Failed to read from kernel: %m");
2171 dev_kmsg_record(s, buffer, l);
2175 static int server_flush_dev_kmsg(Server *s) {
2180 if (s->dev_kmsg_fd < 0)
2183 if (!s->dev_kmsg_readable)
2186 log_info("Flushing /dev/kmsg...");
2189 r = server_read_dev_kmsg(s);
2200 static int process_event(Server *s, struct epoll_event *ev) {
2204 if (ev->data.fd == s->signal_fd) {
2205 struct signalfd_siginfo sfsi;
2208 if (ev->events != EPOLLIN) {
2209 log_info("Got invalid event from epoll.");
2213 n = read(s->signal_fd, &sfsi, sizeof(sfsi));
2214 if (n != sizeof(sfsi)) {
2219 if (errno == EINTR || errno == EAGAIN)
2225 log_info("Received SIG%s", signal_to_string(sfsi.ssi_signo));
2227 if (sfsi.ssi_signo == SIGUSR1) {
2228 touch("/run/systemd/journal/flushed");
2229 server_flush_to_var(s);
2233 if (sfsi.ssi_signo == SIGUSR2) {
2241 } else if (ev->data.fd == s->dev_kmsg_fd) {
2244 if (ev->events != EPOLLIN) {
2245 log_info("Got invalid event from epoll.");
2249 r = server_read_dev_kmsg(s);
2255 } else if (ev->data.fd == s->native_fd ||
2256 ev->data.fd == s->syslog_fd) {
2258 if (ev->events != EPOLLIN) {
2259 log_info("Got invalid event from epoll.");
2264 struct msghdr msghdr;
2266 struct ucred *ucred = NULL;
2267 struct timeval *tv = NULL;
2268 struct cmsghdr *cmsg;
2270 size_t label_len = 0;
2272 struct cmsghdr cmsghdr;
2274 /* We use NAME_MAX space for the
2275 * SELinux label here. The kernel
2276 * currently enforces no limit, but
2277 * according to suggestions from the
2278 * SELinux people this will change and
2279 * it will probably be identical to
2280 * NAME_MAX. For now we use that, but
2281 * this should be updated one day when
2282 * the final limit is known.*/
2283 uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
2284 CMSG_SPACE(sizeof(struct timeval)) +
2285 CMSG_SPACE(sizeof(int)) + /* fd */
2286 CMSG_SPACE(NAME_MAX)]; /* selinux label */
2293 if (ioctl(ev->data.fd, SIOCINQ, &v) < 0) {
2294 log_error("SIOCINQ failed: %m");
2298 if (s->buffer_size < (size_t) v) {
2302 l = MAX(LINE_MAX + (size_t) v, s->buffer_size * 2);
2303 b = realloc(s->buffer, l+1);
2306 log_error("Couldn't increase buffer.");
2315 iovec.iov_base = s->buffer;
2316 iovec.iov_len = s->buffer_size;
2320 msghdr.msg_iov = &iovec;
2321 msghdr.msg_iovlen = 1;
2322 msghdr.msg_control = &control;
2323 msghdr.msg_controllen = sizeof(control);
2325 n = recvmsg(ev->data.fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
2328 if (errno == EINTR || errno == EAGAIN)
2331 log_error("recvmsg() failed: %m");
2335 for (cmsg = CMSG_FIRSTHDR(&msghdr); cmsg; cmsg = CMSG_NXTHDR(&msghdr, cmsg)) {
2337 if (cmsg->cmsg_level == SOL_SOCKET &&
2338 cmsg->cmsg_type == SCM_CREDENTIALS &&
2339 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
2340 ucred = (struct ucred*) CMSG_DATA(cmsg);
2341 else if (cmsg->cmsg_level == SOL_SOCKET &&
2342 cmsg->cmsg_type == SCM_SECURITY) {
2343 label = (char*) CMSG_DATA(cmsg);
2344 label_len = cmsg->cmsg_len - CMSG_LEN(0);
2345 } else if (cmsg->cmsg_level == SOL_SOCKET &&
2346 cmsg->cmsg_type == SO_TIMESTAMP &&
2347 cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval)))
2348 tv = (struct timeval*) CMSG_DATA(cmsg);
2349 else if (cmsg->cmsg_level == SOL_SOCKET &&
2350 cmsg->cmsg_type == SCM_RIGHTS) {
2351 fds = (int*) CMSG_DATA(cmsg);
2352 n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
2356 if (ev->data.fd == s->syslog_fd) {
2359 if (n > 0 && n_fds == 0) {
2360 e = memchr(s->buffer, '\n', n);
2366 process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len);
2367 } else if (n_fds > 0)
2368 log_warning("Got file descriptors via syslog socket. Ignoring.");
2371 if (n > 0 && n_fds == 0)
2372 process_native_message(s, s->buffer, n, ucred, tv, label, label_len);
2373 else if (n == 0 && n_fds == 1)
2374 process_native_file(s, fds[0], ucred, tv, label, label_len);
2376 log_warning("Got too many file descriptors via native socket. Ignoring.");
2379 close_many(fds, n_fds);
2384 } else if (ev->data.fd == s->stdout_fd) {
2386 if (ev->events != EPOLLIN) {
2387 log_info("Got invalid event from epoll.");
2391 stdout_stream_new(s);
2395 StdoutStream *stream;
2397 if ((ev->events|EPOLLIN|EPOLLHUP) != (EPOLLIN|EPOLLHUP)) {
2398 log_info("Got invalid event from epoll.");
2402 /* If it is none of the well-known fds, it must be an
2403 * stdout stream fd. Note that this is a bit ugly here
2404 * (since we rely that none of the well-known fds
2405 * could be interpreted as pointer), but nonetheless
2406 * safe, since the well-known fds would never get an
2407 * fd > 4096, i.e. beyond the first memory page */
2409 stream = ev->data.ptr;
2411 if (stdout_stream_process(stream) <= 0)
2412 stdout_stream_free(stream);
2417 log_error("Unknown event.");
2421 static int open_syslog_socket(Server *s) {
2422 union sockaddr_union sa;
2424 struct epoll_event ev;
2428 if (s->syslog_fd < 0) {
2430 s->syslog_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
2431 if (s->syslog_fd < 0) {
2432 log_error("socket() failed: %m");
2437 sa.un.sun_family = AF_UNIX;
2438 strncpy(sa.un.sun_path, "/dev/log", sizeof(sa.un.sun_path));
2440 unlink(sa.un.sun_path);
2442 r = bind(s->syslog_fd, &sa.sa, offsetof(union sockaddr_union, un.sun_path) + strlen(sa.un.sun_path));
2444 log_error("bind() failed: %m");
2448 chmod(sa.un.sun_path, 0666);
2450 fd_nonblock(s->syslog_fd, 1);
2453 r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one));
2455 log_error("SO_PASSCRED failed: %m");
2461 r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one));
2463 log_warning("SO_PASSSEC failed: %m");
2467 r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_TIMESTAMP, &one, sizeof(one));
2469 log_error("SO_TIMESTAMP failed: %m");
2474 ev.events = EPOLLIN;
2475 ev.data.fd = s->syslog_fd;
2476 if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->syslog_fd, &ev) < 0) {
2477 log_error("Failed to add syslog server fd to epoll object: %m");
2484 static int open_native_socket(Server*s) {
2485 union sockaddr_union sa;
2487 struct epoll_event ev;
2491 if (s->native_fd < 0) {
2493 s->native_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
2494 if (s->native_fd < 0) {
2495 log_error("socket() failed: %m");
2500 sa.un.sun_family = AF_UNIX;
2501 strncpy(sa.un.sun_path, "/run/systemd/journal/socket", sizeof(sa.un.sun_path));
2503 unlink(sa.un.sun_path);
2505 r = bind(s->native_fd, &sa.sa, offsetof(union sockaddr_union, un.sun_path) + strlen(sa.un.sun_path));
2507 log_error("bind() failed: %m");
2511 chmod(sa.un.sun_path, 0666);
2513 fd_nonblock(s->native_fd, 1);
2516 r = setsockopt(s->native_fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one));
2518 log_error("SO_PASSCRED failed: %m");
2524 r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one));
2526 log_warning("SO_PASSSEC failed: %m");
2530 r = setsockopt(s->native_fd, SOL_SOCKET, SO_TIMESTAMP, &one, sizeof(one));
2532 log_error("SO_TIMESTAMP failed: %m");
2537 ev.events = EPOLLIN;
2538 ev.data.fd = s->native_fd;
2539 if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->native_fd, &ev) < 0) {
2540 log_error("Failed to add native server fd to epoll object: %m");
2547 static int open_stdout_socket(Server *s) {
2548 union sockaddr_union sa;
2550 struct epoll_event ev;
2554 if (s->stdout_fd < 0) {
2556 s->stdout_fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
2557 if (s->stdout_fd < 0) {
2558 log_error("socket() failed: %m");
2563 sa.un.sun_family = AF_UNIX;
2564 strncpy(sa.un.sun_path, "/run/systemd/journal/stdout", sizeof(sa.un.sun_path));
2566 unlink(sa.un.sun_path);
2568 r = bind(s->stdout_fd, &sa.sa, offsetof(union sockaddr_union, un.sun_path) + strlen(sa.un.sun_path));
2570 log_error("bind() failed: %m");
2574 chmod(sa.un.sun_path, 0666);
2576 if (listen(s->stdout_fd, SOMAXCONN) < 0) {
2577 log_error("liste() failed: %m");
2581 fd_nonblock(s->stdout_fd, 1);
2584 ev.events = EPOLLIN;
2585 ev.data.fd = s->stdout_fd;
2586 if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->stdout_fd, &ev) < 0) {
2587 log_error("Failed to add stdout server fd to epoll object: %m");
2594 static int open_dev_kmsg(Server *s) {
2595 struct epoll_event ev;
2599 s->dev_kmsg_fd = open("/dev/kmsg", O_RDWR|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
2600 if (s->dev_kmsg_fd < 0) {
2601 log_warning("Failed to open /dev/kmsg, ignoring: %m");
2606 ev.events = EPOLLIN;
2607 ev.data.fd = s->dev_kmsg_fd;
2608 if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->dev_kmsg_fd, &ev) < 0) {
2610 /* This will fail with EPERM on older kernels where
2611 * /dev/kmsg is not readable. */
2615 log_error("Failed to add /dev/kmsg fd to epoll object: %m");
2619 s->dev_kmsg_readable = true;
2624 static int open_kernel_seqnum(Server *s) {
2630 /* We store the seqnum we last read in an mmaped file. That
2631 * way we can just use it like a variable, but it is
2632 * persistant and automatically flushed at reboot. */
2634 fd = open("/run/systemd/journal/kernel-seqnum", O_RDWR|O_CREAT|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0644);
2636 log_error("Failed to open /run/systemd/journal/kernel-seqnum, ignoring: %m");
2640 if (posix_fallocate(fd, 0, sizeof(uint64_t)) < 0) {
2641 log_error("Failed to allocate sequential number file, ignoring: %m");
2642 close_nointr_nofail(fd);
2646 p = mmap(NULL, sizeof(uint64_t), PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
2647 if (p == MAP_FAILED) {
2648 log_error("Failed to map sequential number file, ignoring: %m");
2649 close_nointr_nofail(fd);
2653 close_nointr_nofail(fd);
2654 s->kernel_seqnum = p;
2659 static int open_signalfd(Server *s) {
2661 struct epoll_event ev;
2665 assert_se(sigemptyset(&mask) == 0);
2666 sigset_add_many(&mask, SIGINT, SIGTERM, SIGUSR1, SIGUSR2, -1);
2667 assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);
2669 s->signal_fd = signalfd(-1, &mask, SFD_NONBLOCK|SFD_CLOEXEC);
2670 if (s->signal_fd < 0) {
2671 log_error("signalfd(): %m");
2676 ev.events = EPOLLIN;
2677 ev.data.fd = s->signal_fd;
2679 if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->signal_fd, &ev) < 0) {
2680 log_error("epoll_ctl(): %m");
2687 static int server_parse_proc_cmdline(Server *s) {
2688 char *line, *w, *state;
2692 if (detect_container(NULL) > 0)
2695 r = read_one_line_file("/proc/cmdline", &line);
2697 log_warning("Failed to read /proc/cmdline, ignoring: %s", strerror(-r));
2701 FOREACH_WORD_QUOTED(w, l, line, state) {
2704 word = strndup(w, l);
2710 if (startswith(word, "systemd.journald.forward_to_syslog=")) {
2711 r = parse_boolean(word + 35);
2713 log_warning("Failed to parse forward to syslog switch %s. Ignoring.", word + 35);
2715 s->forward_to_syslog = r;
2716 } else if (startswith(word, "systemd.journald.forward_to_kmsg=")) {
2717 r = parse_boolean(word + 33);
2719 log_warning("Failed to parse forward to kmsg switch %s. Ignoring.", word + 33);
2721 s->forward_to_kmsg = r;
2722 } else if (startswith(word, "systemd.journald.forward_to_console=")) {
2723 r = parse_boolean(word + 36);
2725 log_warning("Failed to parse forward to console switch %s. Ignoring.", word + 36);
2727 s->forward_to_console = r;
2728 } else if (startswith(word, "systemd.journald"))
2729 log_warning("Invalid systemd.journald parameter. Ignoring.");
2741 static int server_parse_config_file(Server *s) {
2748 fn = "/etc/systemd/journald.conf";
2749 f = fopen(fn, "re");
2751 if (errno == ENOENT)
2754 log_warning("Failed to open configuration file %s: %m", fn);
2758 r = config_parse(fn, f, "Journal\0", config_item_perf_lookup, (void*) journald_gperf_lookup, false, s);
2760 log_warning("Failed to parse configuration file: %s", strerror(-r));
2767 static int server_init(Server *s) {
2773 s->syslog_fd = s->native_fd = s->stdout_fd = s->signal_fd = s->epoll_fd = s->dev_kmsg_fd = -1;
2777 s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL;
2778 s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST;
2780 s->forward_to_syslog = true;
2782 s->max_level_store = LOG_DEBUG;
2783 s->max_level_syslog = LOG_DEBUG;
2784 s->max_level_kmsg = LOG_NOTICE;
2785 s->max_level_console = LOG_INFO;
2787 memset(&s->system_metrics, 0xFF, sizeof(s->system_metrics));
2788 memset(&s->runtime_metrics, 0xFF, sizeof(s->runtime_metrics));
2790 server_parse_config_file(s);
2791 server_parse_proc_cmdline(s);
2793 mkdir_p("/run/systemd/journal", 0755);
2795 s->user_journals = hashmap_new(trivial_hash_func, trivial_compare_func);
2796 if (!s->user_journals)
2799 s->mmap = mmap_cache_new();
2803 s->epoll_fd = epoll_create1(EPOLL_CLOEXEC);
2804 if (s->epoll_fd < 0) {
2805 log_error("Failed to create epoll object: %m");
2809 n = sd_listen_fds(true);
2811 log_error("Failed to read listening file descriptors from environment: %s", strerror(-n));
2815 for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
2817 if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/socket", 0) > 0) {
2819 if (s->native_fd >= 0) {
2820 log_error("Too many native sockets passed.");
2826 } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, "/run/systemd/journal/stdout", 0) > 0) {
2828 if (s->stdout_fd >= 0) {
2829 log_error("Too many stdout sockets passed.");
2835 } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0) {
2837 if (s->syslog_fd >= 0) {
2838 log_error("Too many /dev/log sockets passed.");
2845 log_error("Unknown socket passed.");
2850 r = open_syslog_socket(s);
2854 r = open_native_socket(s);
2858 r = open_stdout_socket(s);
2862 r = open_dev_kmsg(s);
2866 r = open_kernel_seqnum(s);
2870 r = open_signalfd(s);
2874 s->rate_limit = journal_rate_limit_new(s->rate_limit_interval, s->rate_limit_burst);
2878 r = system_journal_open(s);
2885 static void server_done(Server *s) {
2889 while (s->stdout_streams)
2890 stdout_stream_free(s->stdout_streams);
2892 if (s->system_journal)
2893 journal_file_close(s->system_journal);
2895 if (s->runtime_journal)
2896 journal_file_close(s->runtime_journal);
2898 while ((f = hashmap_steal_first(s->user_journals)))
2899 journal_file_close(f);
2901 hashmap_free(s->user_journals);
2903 if (s->epoll_fd >= 0)
2904 close_nointr_nofail(s->epoll_fd);
2906 if (s->signal_fd >= 0)
2907 close_nointr_nofail(s->signal_fd);
2909 if (s->syslog_fd >= 0)
2910 close_nointr_nofail(s->syslog_fd);
2912 if (s->native_fd >= 0)
2913 close_nointr_nofail(s->native_fd);
2915 if (s->stdout_fd >= 0)
2916 close_nointr_nofail(s->stdout_fd);
2918 if (s->dev_kmsg_fd >= 0)
2919 close_nointr_nofail(s->dev_kmsg_fd);
2922 journal_rate_limit_free(s->rate_limit);
2924 if (s->kernel_seqnum)
2925 munmap(s->kernel_seqnum, sizeof(uint64_t));
2931 mmap_cache_unref(s->mmap);
2934 int main(int argc, char *argv[]) {
2938 /* if (getppid() != 1) { */
2939 /* log_error("This program should be invoked by init only."); */
2940 /* return EXIT_FAILURE; */
2944 log_error("This program does not take arguments.");
2945 return EXIT_FAILURE;
2948 log_set_target(LOG_TARGET_SAFE);
2949 log_set_facility(LOG_SYSLOG);
2950 log_set_max_level(LOG_DEBUG);
2951 log_parse_environment();
2956 r = server_init(&server);
2960 server_vacuum(&server);
2961 server_flush_to_var(&server);
2962 server_flush_dev_kmsg(&server);
2964 log_debug("systemd-journald running as pid %lu", (unsigned long) getpid());
2965 driver_message(&server, SD_MESSAGE_JOURNAL_START, "Journal started");
2969 "STATUS=Processing requests...");
2972 struct epoll_event event;
2978 if (server.system_journal &&
2979 journal_file_next_evolve_usec(server.system_journal, &u)) {
2982 n = now(CLOCK_MONOTONIC);
2987 t = (int) ((u - n + USEC_PER_MSEC - 1) / USEC_PER_MSEC);
2992 r = epoll_wait(server.epoll_fd, &event, 1, t);
2998 log_error("epoll_wait() failed: %m");
3004 r = process_event(&server, &event);
3012 if (server.system_journal)
3013 journal_file_maybe_append_tag(server.system_journal, 0);
3017 log_debug("systemd-journald stopped as pid %lu", (unsigned long) getpid());
3018 driver_message(&server, SD_MESSAGE_JOURNAL_STOP, "Journal stopped");
3022 "STATUS=Shutting down...");
3024 server_done(&server);
3026 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;