1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2011 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 #include <sys/epoll.h>
23 #include <sys/socket.h>
25 #include <sys/signalfd.h>
29 #include <sys/ioctl.h>
30 #include <linux/sockios.h>
31 #include <sys/statvfs.h>
35 #include <systemd/sd-journal.h>
36 #include <systemd/sd-messages.h>
37 #include <systemd/sd-daemon.h>
40 #include <systemd/sd-login.h>
45 #include "journal-file.h"
46 #include "socket-util.h"
47 #include "cgroup-util.h"
51 #include "conf-parser.h"
52 #include "journal-internal.h"
53 #include "journal-vacuum.h"
54 #include "journal-authenticate.h"
56 #include "journald-rate-limit.h"
57 #include "journald-kmsg.h"
58 #include "journald-syslog.h"
59 #include "journald-stream.h"
60 #include "journald-console.h"
61 #include "journald-native.h"
65 #include <acl/libacl.h>
70 #include <selinux/selinux.h>
73 #define USER_JOURNALS_MAX 1024
75 #define DEFAULT_RATE_LIMIT_INTERVAL (10*USEC_PER_SEC)
76 #define DEFAULT_RATE_LIMIT_BURST 200
78 #define RECHECK_AVAILABLE_SPACE_USEC (30*USEC_PER_SEC)
80 static const char* const storage_table[] = {
81 [STORAGE_AUTO] = "auto",
82 [STORAGE_VOLATILE] = "volatile",
83 [STORAGE_PERSISTENT] = "persistent",
84 [STORAGE_NONE] = "none"
87 DEFINE_STRING_TABLE_LOOKUP(storage, Storage);
88 DEFINE_CONFIG_PARSE_ENUM(config_parse_storage, storage, Storage, "Failed to parse storage setting");
90 static uint64_t available_space(Server *s) {
95 uint64_t sum = 0, avail = 0, ss_avail = 0;
101 ts = now(CLOCK_MONOTONIC);
103 if (s->cached_available_space_timestamp + RECHECK_AVAILABLE_SPACE_USEC > ts)
104 return s->cached_available_space;
106 r = sd_id128_get_machine(&machine);
110 if (s->system_journal) {
111 f = "/var/log/journal/";
112 m = &s->system_metrics;
114 f = "/run/log/journal/";
115 m = &s->runtime_metrics;
120 p = strappend(f, sd_id128_to_string(machine, ids));
130 if (fstatvfs(dirfd(d), &ss) < 0)
135 struct dirent buf, *de;
137 r = readdir_r(d, &buf, &de);
144 if (!endswith(de->d_name, ".journal") &&
145 !endswith(de->d_name, ".journal~"))
148 if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0)
151 if (!S_ISREG(st.st_mode))
154 sum += (uint64_t) st.st_blocks * 512UL;
157 avail = sum >= m->max_use ? 0 : m->max_use - sum;
159 ss_avail = ss.f_bsize * ss.f_bavail;
161 ss_avail = ss_avail < m->keep_free ? 0 : ss_avail - m->keep_free;
163 if (ss_avail < avail)
166 s->cached_available_space = avail;
167 s->cached_available_space_timestamp = ts;
175 static void server_read_file_gid(Server *s) {
176 const char *adm = "adm";
181 if (s->file_gid_valid)
184 r = get_group_creds(&adm, &s->file_gid);
186 log_warning("Failed to resolve 'adm' group: %s", strerror(-r));
188 /* if we couldn't read the gid, then it will be 0, but that's
189 * fine and we shouldn't try to resolve the group again, so
190 * let's just pretend it worked right-away. */
191 s->file_gid_valid = true;
194 static void server_fix_perms(Server *s, JournalFile *f, uid_t uid) {
199 acl_permset_t permset;
204 server_read_file_gid(s);
206 r = fchmod_and_fchown(f->fd, 0640, 0, s->file_gid);
208 log_warning("Failed to fix access mode/rights on %s, ignoring: %s", f->path, strerror(-r));
214 acl = acl_get_fd(f->fd);
216 log_warning("Failed to read ACL on %s, ignoring: %m", f->path);
220 r = acl_find_uid(acl, uid, &entry);
223 if (acl_create_entry(&acl, &entry) < 0 ||
224 acl_set_tag_type(entry, ACL_USER) < 0 ||
225 acl_set_qualifier(entry, &uid) < 0) {
226 log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
231 if (acl_get_permset(entry, &permset) < 0 ||
232 acl_add_perm(permset, ACL_READ) < 0 ||
233 acl_calc_mask(&acl) < 0) {
234 log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
238 if (acl_set_fd(f->fd, acl) < 0)
239 log_warning("Failed to set ACL on %s, ignoring: %m", f->path);
246 static JournalFile* find_journal(Server *s, uid_t uid) {
254 /* We split up user logs only on /var, not on /run. If the
255 * runtime file is open, we write to it exclusively, in order
256 * to guarantee proper order as soon as we flush /run to
257 * /var and close the runtime file. */
259 if (s->runtime_journal)
260 return s->runtime_journal;
263 return s->system_journal;
265 r = sd_id128_get_machine(&machine);
267 return s->system_journal;
269 f = hashmap_get(s->user_journals, UINT32_TO_PTR(uid));
273 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/user-%lu.journal",
274 SD_ID128_FORMAT_VAL(machine), (unsigned long) uid) < 0)
275 return s->system_journal;
277 while (hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
278 /* Too many open? Then let's close one */
279 f = hashmap_steal_first(s->user_journals);
281 journal_file_close(f);
284 r = journal_file_open_reliably(p, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, s->system_journal, &f);
288 return s->system_journal;
290 server_fix_perms(s, f, uid);
292 r = hashmap_put(s->user_journals, UINT32_TO_PTR(uid), f);
294 journal_file_close(f);
295 return s->system_journal;
301 static void server_rotate(Server *s) {
307 log_info("Rotating...");
309 if (s->runtime_journal) {
310 r = journal_file_rotate(&s->runtime_journal, s->compress, false);
312 if (s->runtime_journal)
313 log_error("Failed to rotate %s: %s", s->runtime_journal->path, strerror(-r));
315 log_error("Failed to create new runtime journal: %s", strerror(-r));
317 server_fix_perms(s, s->runtime_journal, 0);
320 if (s->system_journal) {
321 r = journal_file_rotate(&s->system_journal, s->compress, s->seal);
323 if (s->system_journal)
324 log_error("Failed to rotate %s: %s", s->system_journal->path, strerror(-r));
326 log_error("Failed to create new system journal: %s", strerror(-r));
329 server_fix_perms(s, s->system_journal, 0);
332 HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
333 r = journal_file_rotate(&f, s->compress, s->seal);
336 log_error("Failed to rotate %s: %s", f->path, strerror(-r));
338 log_error("Failed to create user journal: %s", strerror(-r));
340 hashmap_replace(s->user_journals, k, f);
341 server_fix_perms(s, s->system_journal, PTR_TO_UINT32(k));
346 static void server_vacuum(Server *s) {
352 log_info("Vacuuming...");
354 r = sd_id128_get_machine(&machine);
356 log_error("Failed to get machine ID: %s", strerror(-r));
360 sd_id128_to_string(machine, ids);
362 if (s->system_journal) {
363 if (asprintf(&p, "/var/log/journal/%s", ids) < 0) {
368 r = journal_directory_vacuum(p, s->system_metrics.max_use, s->system_metrics.keep_free);
369 if (r < 0 && r != -ENOENT)
370 log_error("Failed to vacuum %s: %s", p, strerror(-r));
374 if (s->runtime_journal) {
375 if (asprintf(&p, "/run/log/journal/%s", ids) < 0) {
380 r = journal_directory_vacuum(p, s->runtime_metrics.max_use, s->runtime_metrics.keep_free);
381 if (r < 0 && r != -ENOENT)
382 log_error("Failed to vacuum %s: %s", p, strerror(-r));
386 s->cached_available_space_timestamp = 0;
389 static char *shortened_cgroup_path(pid_t pid) {
391 char *process_path, *init_path, *path;
395 r = cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, pid, &process_path);
399 r = cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, 1, &init_path);
405 if (endswith(init_path, "/system"))
406 init_path[strlen(init_path) - 7] = 0;
407 else if (streq(init_path, "/"))
410 if (startswith(process_path, init_path)) {
413 p = strdup(process_path + strlen(init_path));
431 static void write_to_journal(Server *s, uid_t uid, struct iovec *iovec, unsigned n) {
433 bool vacuumed = false;
440 f = find_journal(s, uid);
444 if (journal_file_rotate_suggested(f)) {
445 log_info("Journal header limits reached or header out-of-date, rotating.");
450 f = find_journal(s, uid);
456 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
461 (r != -E2BIG && /* hit limit */
462 r != -EFBIG && /* hit fs limit */
463 r != -EDQUOT && /* quota hit */
464 r != -ENOSPC && /* disk full */
465 r != -EBADMSG && /* corrupted */
466 r != -ENODATA && /* truncated */
467 r != -EHOSTDOWN && /* other machine */
468 r != -EPROTONOSUPPORT && /* unsupported feature */
469 r != -EBUSY && /* unclean shutdown */
470 r != -ESHUTDOWN /* already archived */)) {
471 log_error("Failed to write entry, ignoring: %s", strerror(-r));
475 if (r == -E2BIG || r == -EFBIG || r == EDQUOT || r == ENOSPC)
476 log_info("Allocation limit reached, rotating.");
477 else if (r == -EHOSTDOWN)
478 log_info("Journal file from other machine, rotating.");
479 else if (r == -EBUSY)
480 log_info("Unlcean shutdown, rotating.");
482 log_warning("Journal file corrupted, rotating.");
488 f = find_journal(s, uid);
492 log_info("Retrying write.");
496 static void dispatch_message_real(
498 struct iovec *iovec, unsigned n, unsigned m,
501 const char *label, size_t label_len,
502 const char *unit_id) {
504 char *pid = NULL, *uid = NULL, *gid = NULL,
505 *source_time = NULL, *boot_id = NULL, *machine_id = NULL,
506 *comm = NULL, *cmdline = NULL, *hostname = NULL,
507 *audit_session = NULL, *audit_loginuid = NULL,
508 *exe = NULL, *cgroup = NULL, *session = NULL,
509 *owner_uid = NULL, *unit = NULL, *selinux_context = NULL;
515 uid_t loginuid = 0, realuid = 0;
520 assert(n + N_IOVEC_META_FIELDS <= m);
528 realuid = ucred->uid;
530 if (asprintf(&pid, "_PID=%lu", (unsigned long) ucred->pid) >= 0)
531 IOVEC_SET_STRING(iovec[n++], pid);
533 if (asprintf(&uid, "_UID=%lu", (unsigned long) ucred->uid) >= 0)
534 IOVEC_SET_STRING(iovec[n++], uid);
536 if (asprintf(&gid, "_GID=%lu", (unsigned long) ucred->gid) >= 0)
537 IOVEC_SET_STRING(iovec[n++], gid);
539 r = get_process_comm(ucred->pid, &t);
541 comm = strappend("_COMM=", t);
545 IOVEC_SET_STRING(iovec[n++], comm);
548 r = get_process_exe(ucred->pid, &t);
550 exe = strappend("_EXE=", t);
554 IOVEC_SET_STRING(iovec[n++], exe);
557 r = get_process_cmdline(ucred->pid, LINE_MAX, false, &t);
559 cmdline = strappend("_CMDLINE=", t);
563 IOVEC_SET_STRING(iovec[n++], cmdline);
566 r = audit_session_from_pid(ucred->pid, &audit);
568 if (asprintf(&audit_session, "_AUDIT_SESSION=%lu", (unsigned long) audit) >= 0)
569 IOVEC_SET_STRING(iovec[n++], audit_session);
571 r = audit_loginuid_from_pid(ucred->pid, &loginuid);
573 if (asprintf(&audit_loginuid, "_AUDIT_LOGINUID=%lu", (unsigned long) loginuid) >= 0)
574 IOVEC_SET_STRING(iovec[n++], audit_loginuid);
576 t = shortened_cgroup_path(ucred->pid);
578 cgroup = strappend("_SYSTEMD_CGROUP=", t);
582 IOVEC_SET_STRING(iovec[n++], cgroup);
586 if (sd_pid_get_session(ucred->pid, &t) >= 0) {
587 session = strappend("_SYSTEMD_SESSION=", t);
591 IOVEC_SET_STRING(iovec[n++], session);
594 if (sd_pid_get_owner_uid(ucred->uid, &owner) >= 0)
595 if (asprintf(&owner_uid, "_SYSTEMD_OWNER_UID=%lu", (unsigned long) owner) >= 0)
596 IOVEC_SET_STRING(iovec[n++], owner_uid);
599 if (cg_pid_get_unit(ucred->pid, &t) >= 0) {
600 unit = strappend("_SYSTEMD_UNIT=", t);
603 unit = strappend("_SYSTEMD_UNIT=", unit_id);
606 IOVEC_SET_STRING(iovec[n++], unit);
610 selinux_context = malloc(sizeof("_SELINUX_CONTEXT=") + label_len);
611 if (selinux_context) {
612 memcpy(selinux_context, "_SELINUX_CONTEXT=", sizeof("_SELINUX_CONTEXT=")-1);
613 memcpy(selinux_context+sizeof("_SELINUX_CONTEXT=")-1, label, label_len);
614 selinux_context[sizeof("_SELINUX_CONTEXT=")-1+label_len] = 0;
615 IOVEC_SET_STRING(iovec[n++], selinux_context);
618 security_context_t con;
620 if (getpidcon(ucred->pid, &con) >= 0) {
621 selinux_context = strappend("_SELINUX_CONTEXT=", con);
623 IOVEC_SET_STRING(iovec[n++], selinux_context);
632 if (asprintf(&source_time, "_SOURCE_REALTIME_TIMESTAMP=%llu",
633 (unsigned long long) timeval_load(tv)) >= 0)
634 IOVEC_SET_STRING(iovec[n++], source_time);
637 /* Note that strictly speaking storing the boot id here is
638 * redundant since the entry includes this in-line
639 * anyway. However, we need this indexed, too. */
640 r = sd_id128_get_boot(&id);
642 if (asprintf(&boot_id, "_BOOT_ID=%s", sd_id128_to_string(id, idbuf)) >= 0)
643 IOVEC_SET_STRING(iovec[n++], boot_id);
645 r = sd_id128_get_machine(&id);
647 if (asprintf(&machine_id, "_MACHINE_ID=%s", sd_id128_to_string(id, idbuf)) >= 0)
648 IOVEC_SET_STRING(iovec[n++], machine_id);
650 t = gethostname_malloc();
652 hostname = strappend("_HOSTNAME=", t);
655 IOVEC_SET_STRING(iovec[n++], hostname);
660 write_to_journal(s, realuid == 0 ? 0 : loginuid, iovec, n);
673 free(audit_loginuid);
678 free(selinux_context);
681 void server_driver_message(Server *s, sd_id128_t message_id, const char *format, ...) {
682 char mid[11 + 32 + 1];
683 char buffer[16 + LINE_MAX + 1];
684 struct iovec iovec[N_IOVEC_META_FIELDS + 4];
692 IOVEC_SET_STRING(iovec[n++], "PRIORITY=6");
693 IOVEC_SET_STRING(iovec[n++], "_TRANSPORT=driver");
695 memcpy(buffer, "MESSAGE=", 8);
696 va_start(ap, format);
697 vsnprintf(buffer + 8, sizeof(buffer) - 8, format, ap);
699 char_array_0(buffer);
700 IOVEC_SET_STRING(iovec[n++], buffer);
702 snprintf(mid, sizeof(mid), "MESSAGE_ID=" SD_ID128_FORMAT_STR, SD_ID128_FORMAT_VAL(message_id));
704 IOVEC_SET_STRING(iovec[n++], mid);
707 ucred.pid = getpid();
708 ucred.uid = getuid();
709 ucred.gid = getgid();
711 dispatch_message_real(s, iovec, n, ELEMENTSOF(iovec), &ucred, NULL, NULL, 0, NULL);
714 void server_dispatch_message(
716 struct iovec *iovec, unsigned n, unsigned m,
719 const char *label, size_t label_len,
724 char *path = NULL, *c;
727 assert(iovec || n == 0);
732 if (LOG_PRI(priority) > s->max_level_store)
738 path = shortened_cgroup_path(ucred->pid);
742 /* example: /user/lennart/3/foobar
743 * /system/dbus.service/foobar
745 * So let's cut of everything past the third /, since that is
746 * wher user directories start */
748 c = strchr(path, '/');
750 c = strchr(c+1, '/');
752 c = strchr(c+1, '/');
758 rl = journal_rate_limit_test(s->rate_limit, path, priority & LOG_PRIMASK, available_space(s));
765 /* Write a suppression message if we suppressed something */
767 server_driver_message(s, SD_MESSAGE_JOURNAL_DROPPED, "Suppressed %u messages from %s", rl - 1, path);
772 dispatch_message_real(s, iovec, n, m, ucred, tv, label, label_len, unit_id);
776 static int system_journal_open(Server *s) {
782 r = sd_id128_get_machine(&machine);
786 sd_id128_to_string(machine, ids);
788 if (!s->system_journal &&
789 (s->storage == STORAGE_PERSISTENT || s->storage == STORAGE_AUTO) &&
790 access("/run/systemd/journal/flushed", F_OK) >= 0) {
792 /* If in auto mode: first try to create the machine
793 * path, but not the prefix.
795 * If in persistent mode: create /var/log/journal and
796 * the machine path */
798 if (s->storage == STORAGE_PERSISTENT)
799 (void) mkdir("/var/log/journal/", 0755);
801 fn = strappend("/var/log/journal/", ids);
805 (void) mkdir(fn, 0755);
808 fn = strjoin("/var/log/journal/", ids, "/system.journal", NULL);
812 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &s->system_journal);
816 server_fix_perms(s, s->system_journal, 0);
819 if (r != -ENOENT && r != -EROFS)
820 log_warning("Failed to open system journal: %s", strerror(-r));
826 if (!s->runtime_journal &&
827 (s->storage != STORAGE_NONE)) {
829 fn = strjoin("/run/log/journal/", ids, "/system.journal", NULL);
833 if (s->system_journal) {
835 /* Try to open the runtime journal, but only
836 * if it already exists, so that we can flush
837 * it into the system journal */
839 r = journal_file_open(fn, O_RDWR, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
844 log_warning("Failed to open runtime journal: %s", strerror(-r));
851 /* OK, we really need the runtime journal, so create
852 * it if necessary. */
854 (void) mkdir_parents(fn, 0755);
855 r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
859 log_error("Failed to open runtime journal: %s", strerror(-r));
864 if (s->runtime_journal)
865 server_fix_perms(s, s->runtime_journal, 0);
871 static int server_flush_to_var(Server *s) {
879 if (s->storage != STORAGE_AUTO &&
880 s->storage != STORAGE_PERSISTENT)
883 if (!s->runtime_journal)
886 system_journal_open(s);
888 if (!s->system_journal)
891 log_info("Flushing to /var...");
893 r = sd_id128_get_machine(&machine);
895 log_error("Failed to get machine id: %s", strerror(-r));
899 r = sd_journal_open(&j, SD_JOURNAL_RUNTIME_ONLY);
901 log_error("Failed to read runtime journal: %s", strerror(-r));
905 SD_JOURNAL_FOREACH(j) {
909 assert(f && f->current_offset > 0);
911 r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
913 log_error("Can't read entry: %s", strerror(-r));
917 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
919 log_info("Allocation limit reached.");
921 journal_file_post_change(s->system_journal);
925 r = journal_file_copy_entry(f, s->system_journal, o, f->current_offset, NULL, NULL, NULL);
929 log_error("Can't write entry: %s", strerror(-r));
935 journal_file_post_change(s->system_journal);
937 journal_file_close(s->runtime_journal);
938 s->runtime_journal = NULL;
941 rm_rf("/run/log/journal", false, true, false);
946 static int process_event(Server *s, struct epoll_event *ev) {
950 if (ev->data.fd == s->signal_fd) {
951 struct signalfd_siginfo sfsi;
954 if (ev->events != EPOLLIN) {
955 log_info("Got invalid event from epoll.");
959 n = read(s->signal_fd, &sfsi, sizeof(sfsi));
960 if (n != sizeof(sfsi)) {
965 if (errno == EINTR || errno == EAGAIN)
971 log_info("Received SIG%s", signal_to_string(sfsi.ssi_signo));
973 if (sfsi.ssi_signo == SIGUSR1) {
974 touch("/run/systemd/journal/flushed");
975 server_flush_to_var(s);
979 if (sfsi.ssi_signo == SIGUSR2) {
987 } else if (ev->data.fd == s->dev_kmsg_fd) {
990 if (ev->events != EPOLLIN) {
991 log_info("Got invalid event from epoll.");
995 r = server_read_dev_kmsg(s);
1001 } else if (ev->data.fd == s->native_fd ||
1002 ev->data.fd == s->syslog_fd) {
1004 if (ev->events != EPOLLIN) {
1005 log_info("Got invalid event from epoll.");
1010 struct msghdr msghdr;
1012 struct ucred *ucred = NULL;
1013 struct timeval *tv = NULL;
1014 struct cmsghdr *cmsg;
1016 size_t label_len = 0;
1018 struct cmsghdr cmsghdr;
1020 /* We use NAME_MAX space for the
1021 * SELinux label here. The kernel
1022 * currently enforces no limit, but
1023 * according to suggestions from the
1024 * SELinux people this will change and
1025 * it will probably be identical to
1026 * NAME_MAX. For now we use that, but
1027 * this should be updated one day when
1028 * the final limit is known.*/
1029 uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
1030 CMSG_SPACE(sizeof(struct timeval)) +
1031 CMSG_SPACE(sizeof(int)) + /* fd */
1032 CMSG_SPACE(NAME_MAX)]; /* selinux label */
1039 if (ioctl(ev->data.fd, SIOCINQ, &v) < 0) {
1040 log_error("SIOCINQ failed: %m");
1044 if (s->buffer_size < (size_t) v) {
1048 l = MAX(LINE_MAX + (size_t) v, s->buffer_size * 2);
1049 b = realloc(s->buffer, l+1);
1052 log_error("Couldn't increase buffer.");
1061 iovec.iov_base = s->buffer;
1062 iovec.iov_len = s->buffer_size;
1066 msghdr.msg_iov = &iovec;
1067 msghdr.msg_iovlen = 1;
1068 msghdr.msg_control = &control;
1069 msghdr.msg_controllen = sizeof(control);
1071 n = recvmsg(ev->data.fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
1074 if (errno == EINTR || errno == EAGAIN)
1077 log_error("recvmsg() failed: %m");
1081 for (cmsg = CMSG_FIRSTHDR(&msghdr); cmsg; cmsg = CMSG_NXTHDR(&msghdr, cmsg)) {
1083 if (cmsg->cmsg_level == SOL_SOCKET &&
1084 cmsg->cmsg_type == SCM_CREDENTIALS &&
1085 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
1086 ucred = (struct ucred*) CMSG_DATA(cmsg);
1087 else if (cmsg->cmsg_level == SOL_SOCKET &&
1088 cmsg->cmsg_type == SCM_SECURITY) {
1089 label = (char*) CMSG_DATA(cmsg);
1090 label_len = cmsg->cmsg_len - CMSG_LEN(0);
1091 } else if (cmsg->cmsg_level == SOL_SOCKET &&
1092 cmsg->cmsg_type == SO_TIMESTAMP &&
1093 cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval)))
1094 tv = (struct timeval*) CMSG_DATA(cmsg);
1095 else if (cmsg->cmsg_level == SOL_SOCKET &&
1096 cmsg->cmsg_type == SCM_RIGHTS) {
1097 fds = (int*) CMSG_DATA(cmsg);
1098 n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
1102 if (ev->data.fd == s->syslog_fd) {
1105 if (n > 0 && n_fds == 0) {
1106 e = memchr(s->buffer, '\n', n);
1112 server_process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len);
1113 } else if (n_fds > 0)
1114 log_warning("Got file descriptors via syslog socket. Ignoring.");
1117 if (n > 0 && n_fds == 0)
1118 server_process_native_message(s, s->buffer, n, ucred, tv, label, label_len);
1119 else if (n == 0 && n_fds == 1)
1120 server_process_native_file(s, fds[0], ucred, tv, label, label_len);
1122 log_warning("Got too many file descriptors via native socket. Ignoring.");
1125 close_many(fds, n_fds);
1130 } else if (ev->data.fd == s->stdout_fd) {
1132 if (ev->events != EPOLLIN) {
1133 log_info("Got invalid event from epoll.");
1137 stdout_stream_new(s);
1141 StdoutStream *stream;
1143 if ((ev->events|EPOLLIN|EPOLLHUP) != (EPOLLIN|EPOLLHUP)) {
1144 log_info("Got invalid event from epoll.");
1148 /* If it is none of the well-known fds, it must be an
1149 * stdout stream fd. Note that this is a bit ugly here
1150 * (since we rely that none of the well-known fds
1151 * could be interpreted as pointer), but nonetheless
1152 * safe, since the well-known fds would never get an
1153 * fd > 4096, i.e. beyond the first memory page */
1155 stream = ev->data.ptr;
1157 if (stdout_stream_process(stream) <= 0)
1158 stdout_stream_free(stream);
1163 log_error("Unknown event.");
1167 static int open_signalfd(Server *s) {
1169 struct epoll_event ev;
1173 assert_se(sigemptyset(&mask) == 0);
1174 sigset_add_many(&mask, SIGINT, SIGTERM, SIGUSR1, SIGUSR2, -1);
1175 assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);
1177 s->signal_fd = signalfd(-1, &mask, SFD_NONBLOCK|SFD_CLOEXEC);
1178 if (s->signal_fd < 0) {
1179 log_error("signalfd(): %m");
1184 ev.events = EPOLLIN;
1185 ev.data.fd = s->signal_fd;
1187 if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->signal_fd, &ev) < 0) {
1188 log_error("epoll_ctl(): %m");
1195 static int server_parse_proc_cmdline(Server *s) {
1196 char *line, *w, *state;
1200 if (detect_container(NULL) > 0)
1203 r = read_one_line_file("/proc/cmdline", &line);
1205 log_warning("Failed to read /proc/cmdline, ignoring: %s", strerror(-r));
1209 FOREACH_WORD_QUOTED(w, l, line, state) {
1212 word = strndup(w, l);
1218 if (startswith(word, "systemd.journald.forward_to_syslog=")) {
1219 r = parse_boolean(word + 35);
1221 log_warning("Failed to parse forward to syslog switch %s. Ignoring.", word + 35);
1223 s->forward_to_syslog = r;
1224 } else if (startswith(word, "systemd.journald.forward_to_kmsg=")) {
1225 r = parse_boolean(word + 33);
1227 log_warning("Failed to parse forward to kmsg switch %s. Ignoring.", word + 33);
1229 s->forward_to_kmsg = r;
1230 } else if (startswith(word, "systemd.journald.forward_to_console=")) {
1231 r = parse_boolean(word + 36);
1233 log_warning("Failed to parse forward to console switch %s. Ignoring.", word + 36);
1235 s->forward_to_console = r;
1236 } else if (startswith(word, "systemd.journald"))
1237 log_warning("Invalid systemd.journald parameter. Ignoring.");
1249 static int server_parse_config_file(Server *s) {
1256 fn = "/etc/systemd/journald.conf";
1257 f = fopen(fn, "re");
1259 if (errno == ENOENT)
1262 log_warning("Failed to open configuration file %s: %m", fn);
1266 r = config_parse(fn, f, "Journal\0", config_item_perf_lookup, (void*) journald_gperf_lookup, false, s);
1268 log_warning("Failed to parse configuration file: %s", strerror(-r));
1275 static int server_init(Server *s) {
1281 s->syslog_fd = s->native_fd = s->stdout_fd = s->signal_fd = s->epoll_fd = s->dev_kmsg_fd = -1;
1285 s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL;
1286 s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST;
1288 s->forward_to_syslog = true;
1290 s->max_level_store = LOG_DEBUG;
1291 s->max_level_syslog = LOG_DEBUG;
1292 s->max_level_kmsg = LOG_NOTICE;
1293 s->max_level_console = LOG_INFO;
1295 memset(&s->system_metrics, 0xFF, sizeof(s->system_metrics));
1296 memset(&s->runtime_metrics, 0xFF, sizeof(s->runtime_metrics));
1298 server_parse_config_file(s);
1299 server_parse_proc_cmdline(s);
1301 mkdir_p("/run/systemd/journal", 0755);
1303 s->user_journals = hashmap_new(trivial_hash_func, trivial_compare_func);
1304 if (!s->user_journals)
1307 s->mmap = mmap_cache_new();
1311 s->epoll_fd = epoll_create1(EPOLL_CLOEXEC);
1312 if (s->epoll_fd < 0) {
1313 log_error("Failed to create epoll object: %m");
1317 n = sd_listen_fds(true);
1319 log_error("Failed to read listening file descriptors from environment: %s", strerror(-n));
1323 for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
1325 if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/socket", 0) > 0) {
1327 if (s->native_fd >= 0) {
1328 log_error("Too many native sockets passed.");
1334 } else if (sd_is_socket_unix(fd, SOCK_STREAM, 1, "/run/systemd/journal/stdout", 0) > 0) {
1336 if (s->stdout_fd >= 0) {
1337 log_error("Too many stdout sockets passed.");
1343 } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0) {
1345 if (s->syslog_fd >= 0) {
1346 log_error("Too many /dev/log sockets passed.");
1353 log_error("Unknown socket passed.");
1358 r = server_open_syslog_socket(s);
1362 r = server_open_native_socket(s);
1366 r = server_open_stdout_socket(s);
1370 r = server_open_dev_kmsg(s);
1374 r = server_open_kernel_seqnum(s);
1378 r = open_signalfd(s);
1382 s->udev = udev_new();
1386 s->rate_limit = journal_rate_limit_new(s->rate_limit_interval, s->rate_limit_burst);
1390 r = system_journal_open(s);
1397 static void maybe_append_tags(Server *s) {
1403 n = now(CLOCK_REALTIME);
1405 if (s->system_journal)
1406 journal_file_maybe_append_tag(s->system_journal, n);
1408 HASHMAP_FOREACH(f, s->user_journals, i)
1409 journal_file_maybe_append_tag(f, n);
1413 static void server_done(Server *s) {
1417 while (s->stdout_streams)
1418 stdout_stream_free(s->stdout_streams);
1420 if (s->system_journal)
1421 journal_file_close(s->system_journal);
1423 if (s->runtime_journal)
1424 journal_file_close(s->runtime_journal);
1426 while ((f = hashmap_steal_first(s->user_journals)))
1427 journal_file_close(f);
1429 hashmap_free(s->user_journals);
1431 if (s->epoll_fd >= 0)
1432 close_nointr_nofail(s->epoll_fd);
1434 if (s->signal_fd >= 0)
1435 close_nointr_nofail(s->signal_fd);
1437 if (s->syslog_fd >= 0)
1438 close_nointr_nofail(s->syslog_fd);
1440 if (s->native_fd >= 0)
1441 close_nointr_nofail(s->native_fd);
1443 if (s->stdout_fd >= 0)
1444 close_nointr_nofail(s->stdout_fd);
1446 if (s->dev_kmsg_fd >= 0)
1447 close_nointr_nofail(s->dev_kmsg_fd);
1450 journal_rate_limit_free(s->rate_limit);
1452 if (s->kernel_seqnum)
1453 munmap(s->kernel_seqnum, sizeof(uint64_t));
1459 mmap_cache_unref(s->mmap);
1462 udev_unref(s->udev);
1465 int main(int argc, char *argv[]) {
1469 /* if (getppid() != 1) { */
1470 /* log_error("This program should be invoked by init only."); */
1471 /* return EXIT_FAILURE; */
1475 log_error("This program does not take arguments.");
1476 return EXIT_FAILURE;
1479 log_set_target(LOG_TARGET_SAFE);
1480 log_set_facility(LOG_SYSLOG);
1481 log_set_max_level(LOG_DEBUG);
1482 log_parse_environment();
1487 r = server_init(&server);
1491 server_vacuum(&server);
1492 server_flush_to_var(&server);
1493 server_flush_dev_kmsg(&server);
1495 log_debug("systemd-journald running as pid %lu", (unsigned long) getpid());
1496 server_driver_message(&server, SD_MESSAGE_JOURNAL_START, "Journal started");
1500 "STATUS=Processing requests...");
1503 struct epoll_event event;
1509 if (server.system_journal &&
1510 journal_file_next_evolve_usec(server.system_journal, &u)) {
1513 n = now(CLOCK_REALTIME);
1518 t = (int) ((u - n + USEC_PER_MSEC - 1) / USEC_PER_MSEC);
1523 r = epoll_wait(server.epoll_fd, &event, 1, t);
1529 log_error("epoll_wait() failed: %m");
1535 r = process_event(&server, &event);
1542 maybe_append_tags(&server);
1545 log_debug("systemd-journald stopped as pid %lu", (unsigned long) getpid());
1546 server_driver_message(&server, SD_MESSAGE_JOURNAL_STOP, "Journal stopped");
1550 "STATUS=Shutting down...");
1552 server_done(&server);
1554 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;