#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
-#include <time.h>
#include <getopt.h>
#include <signal.h>
#include <poll.h>
#include <sys/stat.h>
-#include <sys/ioctl.h>
#include <sys/inotify.h>
#include <linux/fs.h>
-#ifdef HAVE_ACL
-#include <sys/acl.h>
-#include "acl-util.h"
-#endif
-
#include "sd-journal.h"
#include "sd-bus.h"
#include "log.h"
#include "logs-show.h"
#include "util.h"
+#include "acl-util.h"
#include "path-util.h"
#include "fileio.h"
#include "build.h"
#include "pager.h"
#include "strv.h"
#include "set.h"
+#include "sigbus.h"
#include "journal-internal.h"
#include "journal-def.h"
#include "journal-verify.h"
-#include "journal-authenticate.h"
#include "journal-qrcode.h"
#include "journal-vacuum.h"
#include "fsprg.h"
" --system Show the system journal\n"
" --user Show the user journal for the current user\n"
" -M --machine=CONTAINER Operate on local container\n"
- " --since=DATE Start showing entries on or newer than the specified date\n"
- " --until=DATE Stop showing entries on or newer than the specified date\n"
- " -c --cursor=CURSOR Start showing entries from the specified cursor\n"
- " --after-cursor=CURSOR Start showing entries from after the specified cursor\n"
+ " --since=DATE Show entries not older than the specified date\n"
+ " --until=DATE Show entries not newer than the specified date\n"
+ " -c --cursor=CURSOR Show entries starting at the specified cursor\n"
+ " --after-cursor=CURSOR Show entries after the specified cursor\n"
" --show-cursor Print the cursor after all the entries\n"
- " -b --boot[=ID] Show data only from ID or, if unspecified, the current boot\n"
+ " -b --boot[=ID] Show current boot or the specified boot\n"
" --list-boots Show terse information about recorded boots\n"
" -k --dmesg Show kernel message log from the current boot\n"
- " -u --unit=UNIT Show data only from the specified unit\n"
- " --user-unit=UNIT Show data only from the specified user session unit\n"
- " -t --identifier=STRING Show only messages with the specified syslog identifier\n"
- " -p --priority=RANGE Show only messages within the specified priority range\n"
- " -e --pager-end Immediately jump to end of the journal in the pager\n"
+ " -u --unit=UNIT Show logs from the specified unit\n"
+ " --user-unit=UNIT Show logs from the specified user unit\n"
+ " -t --identifier=STRING Show entries with the specified syslog identifier\n"
+ " -p --priority=RANGE Show entries with the specified priority\n"
+ " -e --pager-end Immediately jump to the end in the pager\n"
" -f --follow Follow the journal\n"
" -n --lines[=INTEGER] Number of journal entries to show\n"
" --no-tail Show all lines, even in follow mode\n"
#ifdef HAVE_GCRYPT
" --interval=TIME Time interval for changing the FSS sealing key\n"
" --verify-key=KEY Specify FSS verification key\n"
- " --force Force overriding of the FSS key pair with --setup-keys\n"
+ " --force Override of the FSS key pair with --setup-keys\n"
#endif
"\nCommands:\n"
" -h --help Show this help text\n"
" -F --field=FIELD List all values that a specified field takes\n"
" --new-id128 Generate a new 128-bit ID\n"
" --disk-usage Show total disk usage of all journal files\n"
- " --vacuum-size=BYTES Remove old journals until disk space drops below size\n"
- " --vacuum-time=TIME Remove old journals until none left older than\n"
+ " --vacuum-size=BYTES Reduce disk usage below specified size\n"
+ " --vacuum-time=TIME Remove journal files older than specified date\n"
" --flush Flush all journal data from /run into /var\n"
" --header Show journal header information\n"
- " --list-catalog Show message IDs of all entries in the message catalog\n"
+ " --list-catalog Show all message IDs in the catalog\n"
" --dump-catalog Show entries in the message catalog\n"
" --update-catalog Update the message catalog database\n"
#ifdef HAVE_GCRYPT
case ARG_FILE:
r = glob_extend(&arg_file, optarg);
- if (r < 0) {
- log_error_errno(r, "Failed to add paths: %m");
- return r;
- };
+ if (r < 0)
+ return log_error_errno(r, "Failed to add paths: %m");
break;
case ARG_ROOT:
unsigned i;
r = sd_id128_randomize(&id);
- if (r < 0) {
- log_error_errno(r, "Failed to generate ID: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to generate ID: %m");
printf("As string:\n"
SD_ID128_FORMAT_STR "\n\n"
p = canonicalize_file_name(*i);
path = p ? p : *i;
- if (stat(path, &st) < 0) {
- log_error("Couldn't stat file: %m");
- return -errno;
- }
+ if (stat(path, &st) < 0)
+ return log_error_errno(errno, "Couldn't stat file: %m");
if (S_ISREG(st.st_mode) && (0111 & st.st_mode)) {
if (executable_is_script(path, &interpreter) > 0) {
have_term = true;
}
- if (r < 0) {
- log_error_errno(r, "Failed to add match '%s': %m", *i);
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to add match '%s': %m", *i);
}
if (!strv_isempty(args) && !have_term) {
sd_id128_to_string(arg_boot_id, match + 9);
r = sd_journal_add_match(j, match, sizeof(match) - 1);
- if (r < 0) {
- log_error_errno(r, "Failed to add match: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to add match: %m");
r = sd_journal_add_conjunction(j);
if (r < 0)
return 0;
r = sd_journal_add_match(j, "_TRANSPORT=kernel", strlen("_TRANSPORT=kernel"));
- if (r < 0) {
- log_error_errno(r, "Failed to add match: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to add match: %m");
r = sd_journal_add_conjunction(j);
if (r < 0)
match[sizeof(match)-2] = '0' + i;
r = sd_journal_add_match(j, match, strlen(match));
- if (r < 0) {
- log_error_errno(r, "Failed to add match: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to add match: %m");
}
r = sd_journal_add_conjunction(j);
STRV_FOREACH(i, arg_syslog_identifier) {
char *u;
- u = strappenda("SYSLOG_IDENTIFIER=", *i);
+ u = strjoina("SYSLOG_IDENTIFIER=", *i);
r = sd_journal_add_match(j, u, 0);
if (r < 0)
return r;
size_t mpk_size, seed_size, state_size, i;
uint8_t *mpk, *seed, *state;
ssize_t l;
- int fd = -1, r, attr = 0;
+ int fd = -1, r;
sd_id128_t machine, boot;
char *p = NULL, *k = NULL;
struct FSSHeader h;
struct stat st;
r = stat("/var/log/journal", &st);
- if (r < 0 && errno != ENOENT && errno != ENOTDIR) {
- log_error("stat(\"%s\") failed: %m", "/var/log/journal");
- return -errno;
- }
+ if (r < 0 && errno != ENOENT && errno != ENOTDIR)
+ return log_error_errno(errno, "stat(\"%s\") failed: %m", "/var/log/journal");
if (r < 0 || !S_ISDIR(st.st_mode)) {
log_error("%s is not a directory, must be using persistent logging for FSS.",
}
r = sd_id128_get_machine(&machine);
- if (r < 0) {
- log_error_errno(r, "Failed to get machine ID: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to get machine ID: %m");
r = sd_id128_get_boot(&boot);
- if (r < 0) {
- log_error_errno(r, "Failed to get boot ID: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to get boot ID: %m");
if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss",
SD_ID128_FORMAT_VAL(machine)) < 0)
if (arg_force) {
r = unlink(p);
if (r < 0) {
- log_error("unlink(\"%s\") failed: %m", p);
+ log_error_errno(errno, "unlink(\"%s\") failed: %m", p);
r = -errno;
goto finish;
}
fd = open("/dev/random", O_RDONLY|O_CLOEXEC|O_NOCTTY);
if (fd < 0) {
- log_error("Failed to open /dev/random: %m");
+ log_error_errno(errno, "Failed to open /dev/random: %m");
r = -errno;
goto finish;
}
safe_close(fd);
fd = mkostemp_safe(k, O_WRONLY|O_CLOEXEC);
if (fd < 0) {
- log_error("Failed to open %s: %m", k);
+ log_error_errno(errno, "Failed to open %s: %m", k);
r = -errno;
goto finish;
}
/* Enable secure remove, exclusion from dump, synchronous
* writing and in-place updating */
- if (ioctl(fd, FS_IOC_GETFLAGS, &attr) < 0)
- log_warning("FS_IOC_GETFLAGS failed: %m");
-
- attr |= FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL;
-
- if (ioctl(fd, FS_IOC_SETFLAGS, &attr) < 0)
- log_warning("FS_IOC_SETFLAGS failed: %m");
+ r = chattr_fd(fd, true, FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL);
+ if (r < 0)
+ log_warning_errno(errno, "Failed to set file attributes: %m");
zero(h);
memcpy(h.signature, "KSHHRHLP", 8);
h.fsprg_secpar = htole16(FSPRG_RECOMMENDED_SECPAR);
h.fsprg_state_size = htole64(state_size);
- l = loop_write(fd, &h, sizeof(h), false);
- if (l < 0 || (size_t) l != sizeof(h)) {
- log_error_errno(EIO, "Failed to write header: %m");
- r = -EIO;
+ r = loop_write(fd, &h, sizeof(h), false);
+ if (r < 0) {
+ log_error_errno(r, "Failed to write header: %m");
goto finish;
}
- l = loop_write(fd, state, state_size, false);
- if (l < 0 || (size_t) l != state_size) {
- log_error_errno(EIO, "Failed to write state: %m");
- r = -EIO;
+ r = loop_write(fd, state, state_size, false);
+ if (r < 0) {
+ log_error_errno(r, "Failed to write state: %m");
goto finish;
}
if (link(k, p) < 0) {
- log_error("Failed to link file: %m");
+ log_error_errno(errno, "Failed to link file: %m");
r = -errno;
goto finish;
}
have_access = in_group("systemd-journal") > 0;
if (!have_access) {
+ const char* dir;
+
+ if (access("/run/log/journal", F_OK) >= 0)
+ dir = "/run/log/journal";
+ else
+ dir = "/var/log/journal";
+
/* Let's enumerate all groups from the default ACL of
* the directory, which generally should allow access
* to most journal files too */
- r = search_acl_groups(&g, "/var/log/journal/", &have_access);
+ r = search_acl_groups(&g, dir, &have_access);
if (r < 0)
return r;
}
return log_oom();
log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
- " Users in the groups '%s' can see all messages.\n"
+ " Users in groups '%s' can see all messages.\n"
" Pass -q to turn off this notice.", s);
}
}
if (set_contains(j->errors, INT_TO_PTR(-EACCES))) {
#ifdef HAVE_ACL
- /* If /var/log/journal doesn't even exist,
- * unprivileged users have no access at all */
- if (access("/var/log/journal", F_OK) < 0 &&
- geteuid() != 0 &&
- in_group("systemd-journal") <= 0) {
- log_error("Unprivileged users cannot access messages, unless persistent log storage is\n"
- "enabled. Users in the 'systemd-journal' group may always access messages.");
- return -EACCES;
- }
-
- /* If /var/log/journal exists, try to pring a nice
- notice if the user lacks access to it */
+ /* If /run/log/journal or /var/log/journal exist, try
+ to pring a nice notice if the user lacks access to it. */
if (!arg_quiet && geteuid() != 0) {
r = access_check_var_log_journal(j);
if (r < 0)
/* OK, let's actually do the full logic, send SIGUSR1 to the
* daemon and set up inotify to wait for the flushed file to appear */
r = bus_open_system_systemd(&bus);
- if (r < 0) {
- log_error_errno(r, "Failed to get D-Bus connection: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to get D-Bus connection: %m");
r = sd_bus_call_method(
bus,
mkdir_p("/run/systemd/journal", 0755);
watch_fd = inotify_init1(IN_NONBLOCK|IN_CLOEXEC);
- if (watch_fd < 0) {
- log_error("Failed to create inotify watch: %m");
- return -errno;
- }
+ if (watch_fd < 0)
+ return log_error_errno(errno, "Failed to create inotify watch: %m");
r = inotify_add_watch(watch_fd, "/run/systemd/journal", IN_CREATE|IN_DONT_FOLLOW|IN_ONLYDIR);
- if (r < 0) {
- log_error("Failed to watch journal directory: %m");
- return -errno;
- }
+ if (r < 0)
+ return log_error_errno(errno, "Failed to watch journal directory: %m");
for (;;) {
if (access("/run/systemd/journal/flushed", F_OK) >= 0)
break;
- if (errno != ENOENT) {
- log_error("Failed to check for existance of /run/systemd/journal/flushed: %m");
- return -errno;
- }
+ if (errno != ENOENT)
+ return log_error_errno(errno, "Failed to check for existence of /run/systemd/journal/flushed: %m");
r = fd_wait_for_event(watch_fd, POLLIN, USEC_INFINITY);
- if (r < 0) {
- log_error_errno(r, "Failed to wait for event: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to wait for event: %m");
r = flush_fd(watch_fd);
- if (r < 0) {
- log_error_errno(r, "Failed to flush inotify events: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to flush inotify events: %m");
}
return 0;
goto finish;
signal(SIGWINCH, columns_lines_cache_reset);
+ sigbus_install();
+
+ /* Increase max number of open files to 16K if we can, we
+ * might needs this when browsing journal files, which might
+ * be split up into many files. */
+ setrlimit_closest(RLIMIT_NOFILE, &RLIMIT_MAKE_CONST(16384));
if (arg_action == ACTION_NEW_ID128) {
r = generate_new_id128();
return EXIT_FAILURE;
}
- if (_unlikely_(log_get_max_level() >= LOG_PRI(LOG_DEBUG))) {
+ if (_unlikely_(log_get_max_level() >= LOG_DEBUG)) {
_cleanup_free_ char *filter;
filter = journal_make_match_string(j);
else
r = sd_journal_previous_skip(j, 1 + !!arg_after_cursor);
- if (arg_after_cursor && r < 2 && !arg_follow)
+ if (arg_after_cursor && r < 2) {
/* We couldn't find the next entry after the cursor. */
- arg_lines = 0;
+ if (arg_follow)
+ need_seek = true;
+ else
+ arg_lines = 0;
+ }
} else if (arg_since_set && !arg_reverse) {
r = sd_journal_seek_realtime_usec(j, arg_since);
~ianmdlvl / elogind.git / blobdiff