#include "journald-stream.h"
#include "journald-console.h"
#include "journald-native.h"
+#include "journald-audit.h"
#include "journald-server.h"
#ifdef HAVE_ACL
if (r < 0)
return s->system_journal;
- f = hashmap_get(s->user_journals, UINT32_TO_PTR(uid));
+ f = ordered_hashmap_get(s->user_journals, UINT32_TO_PTR(uid));
if (f)
return f;
SD_ID128_FORMAT_VAL(machine), uid) < 0)
return s->system_journal;
- while (hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
+ while (ordered_hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
/* Too many open? Then let's close one */
- f = hashmap_steal_first(s->user_journals);
+ f = ordered_hashmap_steal_first(s->user_journals);
assert(f);
journal_file_close(f);
}
server_fix_perms(s, f, uid);
- r = hashmap_put(s->user_journals, UINT32_TO_PTR(uid), f);
+ r = ordered_hashmap_put(s->user_journals, UINT32_TO_PTR(uid), f);
if (r < 0) {
journal_file_close(f);
return s->system_journal;
do_rotate(s, &s->runtime_journal, "runtime", false, 0);
do_rotate(s, &s->system_journal, "system", s->seal, 0);
- HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
+ ORDERED_HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
r = do_rotate(s, &f, "user", s->seal, PTR_TO_UINT32(k));
if (r >= 0)
- hashmap_replace(s->user_journals, k, f);
+ ordered_hashmap_replace(s->user_journals, k, f);
else if (!f)
/* Old file has been closed and deallocated */
- hashmap_remove(s->user_journals, k);
+ ordered_hashmap_remove(s->user_journals, k);
}
}
log_error("Failed to sync system journal: %s", strerror(-r));
}
- HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
+ ORDERED_HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
r = journal_file_set_offline(f);
if (r < 0)
log_error("Failed to sync user journal: %s", strerror(-r));
return;
p = strappenda(path, ids);
- r = journal_directory_vacuum(p, metrics->max_use, s->max_retention_usec, &s->oldest_file_usec);
+ r = journal_directory_vacuum(p, metrics->max_use, s->max_retention_usec, &s->oldest_file_usec, false);
if (r < 0 && r != -ENOENT)
log_error("Failed to vacuum %s: %s", p, strerror(-r));
}
static void dispatch_message_real(
Server *s,
struct iovec *iovec, unsigned n, unsigned m,
- struct ucred *ucred,
- struct timeval *tv,
+ const struct ucred *ucred,
+ const struct timeval *tv,
const char *label, size_t label_len,
const char *unit_id,
int priority,
}
#ifdef HAVE_SELINUX
- if (use_selinux()) {
+ if (mac_selinux_use()) {
if (label) {
x = alloca(strlen("_SELINUX_CONTEXT=") + label_len + 1);
void server_dispatch_message(
Server *s,
struct iovec *iovec, unsigned n, unsigned m,
- struct ucred *ucred,
- struct timeval *tv,
+ const struct ucred *ucred,
+ const struct timeval *tv,
const char *label, size_t label_len,
const char *unit_id,
int priority,
}
-static int system_journal_open(Server *s) {
+static int system_journal_open(Server *s, bool flush_requested) {
int r;
char *fn;
sd_id128_t machine;
if (!s->system_journal &&
(s->storage == STORAGE_PERSISTENT || s->storage == STORAGE_AUTO) &&
- access("/run/systemd/journal/flushed", F_OK) >= 0) {
+ (flush_requested
+ || access("/run/systemd/journal/flushed", F_OK) >= 0)) {
/* If in auto mode: first try to create the machine
* path, but not the prefix.
if (!s->runtime_journal)
return 0;
- system_journal_open(s);
+ system_journal_open(s, true);
if (!s->system_journal)
return 0;
Server *s = userdata;
assert(s);
- assert(fd == s->native_fd || fd == s->syslog_fd);
+ assert(fd == s->native_fd || fd == s->syslog_fd || fd == s->audit_fd);
if (revents != EPOLLIN) {
log_error("Got invalid event from epoll for datagram fd: %"PRIx32, revents);
CMSG_SPACE(sizeof(int)) + /* fd */
CMSG_SPACE(NAME_MAX)]; /* selinux label */
} control = {};
+ union sockaddr_union sa = {};
struct msghdr msghdr = {
.msg_iov = &iovec,
.msg_iovlen = 1,
.msg_control = &control,
.msg_controllen = sizeof(control),
+ .msg_name = &sa,
+ .msg_namelen = sizeof(sa),
};
ssize_t n;
- int v;
int *fds = NULL;
unsigned n_fds = 0;
+ int v = 0;
+ size_t m;
- if (ioctl(fd, SIOCINQ, &v) < 0) {
- log_error("SIOCINQ failed: %m");
- return -errno;
- }
+ /* Try to get the right size, if we can. (Not all
+ * sockets support SIOCINQ, hence we just try, but
+ * don't rely on it. */
+ (void) ioctl(fd, SIOCINQ, &v);
+
+ /* Fix it up, if it is too small. We use the same fixed value as auditd here. Awful!*/
+ m = PAGE_ALIGN(MAX3((size_t) v + 1,
+ (size_t) LINE_MAX,
+ ALIGN(sizeof(struct nlmsghdr)) + ALIGN((size_t) MAX_AUDIT_MESSAGE_LENGTH)) + 1);
- if (!GREEDY_REALLOC(s->buffer, s->buffer_size, LINE_MAX + (size_t) v))
+ if (!GREEDY_REALLOC(s->buffer, s->buffer_size, m))
return log_oom();
iovec.iov_base = s->buffer;
- iovec.iov_len = s->buffer_size;
+ iovec.iov_len = s->buffer_size - 1; /* Leave room for trailing NUL we add later */
n = recvmsg(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
if (n < 0) {
}
}
+ /* And a trailing NUL, just in case */
+ s->buffer[n] = 0;
+
if (fd == s->syslog_fd) {
- if (n > 0 && n_fds == 0) {
- s->buffer[n] = 0;
+ if (n > 0 && n_fds == 0)
server_process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len);
- } else if (n_fds > 0)
+ else if (n_fds > 0)
log_warning("Got file descriptors via syslog socket. Ignoring.");
- } else {
+ } else if (fd == s->native_fd) {
if (n > 0 && n_fds == 0)
server_process_native_message(s, s->buffer, n, ucred, tv, label, label_len);
else if (n == 0 && n_fds == 1)
server_process_native_file(s, fds[0], ucred, tv, label, label_len);
else if (n_fds > 0)
log_warning("Got too many file descriptors via native socket. Ignoring.");
+
+ } else {
+ assert(fd == s->audit_fd);
+
+ if (n > 0 && n_fds == 0)
+ server_process_audit_message(s, s->buffer, n, ucred, &sa, msghdr.msg_namelen);
+ else if (n_fds > 0)
+ log_warning("Got file descriptors via audit socket. Ignoring.");
}
close_many(fds, n_fds);
log_info("Received request to flush runtime journal from PID %"PRIu32, si->ssi_pid);
- touch("/run/systemd/journal/flushed");
server_flush_to_var(s);
server_sync(s);
+ server_vacuum(s);
+
+ touch("/run/systemd/journal/flushed");
return 0;
}
static int server_parse_proc_cmdline(Server *s) {
_cleanup_free_ char *line = NULL;
- char *w, *state;
+ const char *w, *state;
size_t l;
int r;
r = proc_cmdline(&line);
- if (r < 0)
+ if (r < 0) {
log_warning("Failed to read /proc/cmdline, ignoring: %s", strerror(-r));
- if (r <= 0)
return 0;
+ }
FOREACH_WORD_QUOTED(w, l, line, state) {
_cleanup_free_ char *word;
} else if (startswith(word, "systemd.journald"))
log_warning("Invalid systemd.journald parameter. Ignoring.");
}
+ /* do not warn about state here, since probably systemd already did */
return 0;
}
static int server_parse_config_file(Server *s) {
- static const char fn[] = "/etc/systemd/journald.conf";
- _cleanup_fclose_ FILE *f = NULL;
- int r;
-
assert(s);
- f = fopen(fn, "re");
- if (!f) {
- if (errno == ENOENT)
- return 0;
-
- log_warning("Failed to open configuration file %s: %m", fn);
- return -errno;
- }
-
- r = config_parse(NULL, fn, f, "Journal\0", config_item_perf_lookup,
- journald_gperf_lookup, false, false, s);
- if (r < 0)
- log_warning("Failed to parse configuration file: %s", strerror(-r));
-
- return r;
+ return config_parse(NULL, "/etc/systemd/journald.conf", NULL,
+ "Journal\0",
+ config_item_perf_lookup, journald_gperf_lookup,
+ false, false, true, s);
}
static int server_dispatch_sync(sd_event_source *es, usec_t t, void *userdata) {
assert(s);
zero(*s);
- s->syslog_fd = s->native_fd = s->stdout_fd = s->dev_kmsg_fd = s->hostname_fd = -1;
+ s->syslog_fd = s->native_fd = s->stdout_fd = s->dev_kmsg_fd = s->audit_fd = s->hostname_fd = -1;
s->compress = true;
s->seal = true;
server_parse_config_file(s);
server_parse_proc_cmdline(s);
if (!!s->rate_limit_interval ^ !!s->rate_limit_burst) {
- log_debug("Setting both rate limit interval and burst from %llu,%u to 0,0",
- (long long unsigned) s->rate_limit_interval,
- s->rate_limit_burst);
+ log_debug("Setting both rate limit interval and burst from "USEC_FMT",%u to 0,0",
+ s->rate_limit_interval, s->rate_limit_burst);
s->rate_limit_interval = s->rate_limit_burst = 0;
}
mkdir_p("/run/systemd/journal", 0755);
- s->user_journals = hashmap_new(trivial_hash_func, trivial_compare_func);
+ s->user_journals = ordered_hashmap_new(NULL);
if (!s->user_journals)
return log_oom();
s->syslog_fd = fd;
+ } else if (sd_is_socket(fd, AF_NETLINK, SOCK_RAW, -1) > 0) {
+
+ if (s->audit_fd >= 0) {
+ log_error("Too many audit sockets passed.");
+ return -EINVAL;
+ }
+
+ s->audit_fd = fd;
+
} else {
log_error("Unknown socket passed.");
return -EINVAL;
if (r < 0)
return r;
+ r = server_open_audit(s);
+ if (r < 0)
+ return r;
+
r = server_open_kernel_seqnum(s);
if (r < 0)
return r;
server_cache_boot_id(s);
server_cache_machine_id(s);
- r = system_journal_open(s);
+ r = system_journal_open(s, false);
if (r < 0)
return r;
if (s->system_journal)
journal_file_maybe_append_tag(s->system_journal, n);
- HASHMAP_FOREACH(f, s->user_journals, i)
+ ORDERED_HASHMAP_FOREACH(f, s->user_journals, i)
journal_file_maybe_append_tag(f, n);
#endif
}
if (s->runtime_journal)
journal_file_close(s->runtime_journal);
- while ((f = hashmap_steal_first(s->user_journals)))
+ while ((f = ordered_hashmap_steal_first(s->user_journals)))
journal_file_close(f);
- hashmap_free(s->user_journals);
+ ordered_hashmap_free(s->user_journals);
sd_event_source_unref(s->syslog_event_source);
sd_event_source_unref(s->native_event_source);
sd_event_source_unref(s->stdout_event_source);
sd_event_source_unref(s->dev_kmsg_event_source);
+ sd_event_source_unref(s->audit_event_source);
sd_event_source_unref(s->sync_event_source);
sd_event_source_unref(s->sigusr1_event_source);
sd_event_source_unref(s->sigusr2_event_source);
safe_close(s->native_fd);
safe_close(s->stdout_fd);
safe_close(s->dev_kmsg_fd);
+ safe_close(s->audit_fd);
safe_close(s->hostname_fd);
if (s->rate_limit)
free(s->buffer);
free(s->tty_path);
free(s->cgroup_root);
+ free(s->hostname_field);
if (s->mmap)
mmap_cache_unref(s->mmap);