1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2011 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22 #include <sys/epoll.h>
23 #include <sys/socket.h>
25 #include <sys/signalfd.h>
29 #include <acl/libacl.h>
31 #include <sys/ioctl.h>
32 #include <linux/sockios.h>
35 #include "journal-file.h"
36 #include "sd-daemon.h"
37 #include "socket-util.h"
39 #include "cgroup-util.h"
41 #define USER_JOURNALS_MAX 1024
43 typedef struct Server {
49 JournalFile *runtime_journal;
50 JournalFile *system_journal;
51 Hashmap *user_journals;
59 static void fix_perms(JournalFile *f, uid_t uid) {
62 acl_permset_t permset;
67 r = fchmod_and_fchown(f->fd, 0640, 0, 0);
69 log_warning("Failed to fix access mode/rights on %s, ignoring: %s", f->path, strerror(-r));
74 acl = acl_get_fd(f->fd);
76 log_warning("Failed to read ACL on %s, ignoring: %m", f->path);
80 r = acl_find_uid(acl, uid, &entry);
83 if (acl_create_entry(&acl, &entry) < 0 ||
84 acl_set_tag_type(entry, ACL_USER) < 0 ||
85 acl_set_qualifier(entry, &uid) < 0) {
86 log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
91 if (acl_get_permset(entry, &permset) < 0 ||
92 acl_add_perm(permset, ACL_READ) < 0 ||
93 acl_calc_mask(&acl) < 0) {
94 log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
98 if (acl_set_fd(f->fd, acl) < 0)
99 log_warning("Failed to set ACL on %s, ignoring: %m", f->path);
105 static JournalFile* find_journal(Server *s, uid_t uid) {
114 /* We split up user logs only on /var, not on /run */
115 if (!s->system_journal)
116 return s->runtime_journal;
119 return s->system_journal;
121 r = sd_id128_get_machine(&machine);
123 return s->system_journal;
125 f = hashmap_get(s->user_journals, UINT32_TO_PTR(uid));
129 if (asprintf(&p, "/var/log/journal/%s/user-%lu.journal", sd_id128_to_string(machine, ids), (unsigned long) uid) < 0)
130 return s->system_journal;
132 while (hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
133 /* Too many open? Then let's close one */
134 f = hashmap_steal_first(s->user_journals);
136 journal_file_close(f);
139 r = journal_file_open(p, O_RDWR|O_CREAT, 0640, s->system_journal, &f);
143 return s->system_journal;
147 r = hashmap_put(s->user_journals, UINT32_TO_PTR(uid), f);
149 journal_file_close(f);
150 return s->system_journal;
156 static void dispatch_message(Server *s, struct iovec *iovec, unsigned n, unsigned m, struct ucred *ucred, struct timeval *tv) {
157 char *pid = NULL, *uid = NULL, *gid = NULL,
158 *source_time = NULL, *boot_id = NULL, *machine_id = NULL,
159 *comm = NULL, *cmdline = NULL, *hostname = NULL,
160 *audit_session = NULL, *audit_loginuid = NULL,
161 *exe = NULL, *cgroup = NULL;
167 uid_t loginuid = 0, realuid = 0;
171 assert(iovec || n == 0);
182 realuid = ucred->uid;
184 if (asprintf(&pid, "_PID=%lu", (unsigned long) ucred->pid) >= 0)
185 IOVEC_SET_STRING(iovec[n++], pid);
187 if (asprintf(&uid, "_UID=%lu", (unsigned long) ucred->uid) >= 0)
188 IOVEC_SET_STRING(iovec[n++], uid);
190 if (asprintf(&gid, "_GID=%lu", (unsigned long) ucred->gid) >= 0)
191 IOVEC_SET_STRING(iovec[n++], gid);
193 r = get_process_comm(ucred->pid, &t);
195 comm = strappend("_COMM=", t);
197 IOVEC_SET_STRING(iovec[n++], comm);
201 r = get_process_exe(ucred->pid, &t);
203 exe = strappend("_EXE=", t);
205 IOVEC_SET_STRING(iovec[n++], exe);
209 r = get_process_cmdline(ucred->pid, LINE_MAX, false, &t);
211 cmdline = strappend("_CMDLINE=", t);
213 IOVEC_SET_STRING(iovec[n++], cmdline);
217 r = audit_session_from_pid(ucred->pid, &session);
219 if (asprintf(&audit_session, "_AUDIT_SESSION=%lu", (unsigned long) session) >= 0)
220 IOVEC_SET_STRING(iovec[n++], audit_session);
222 r = audit_loginuid_from_pid(ucred->pid, &loginuid);
224 if (asprintf(&audit_loginuid, "_AUDIT_LOGINUID=%lu", (unsigned long) loginuid) >= 0)
225 IOVEC_SET_STRING(iovec[n++], audit_loginuid);
227 r = cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, ucred->pid, &path);
229 cgroup = strappend("_SYSTEMD_CGROUP=", path);
231 IOVEC_SET_STRING(iovec[n++], cgroup);
237 if (asprintf(&source_time, "_SOURCE_REALTIME_TIMESTAMP=%llu",
238 (unsigned long long) timeval_load(tv)) >= 0)
239 IOVEC_SET_STRING(iovec[n++], source_time);
242 /* Note that strictly speaking storing the boot id here is
243 * redundant since the entry includes this in-line
244 * anyway. However, we need this indexed, too. */
245 r = sd_id128_get_boot(&id);
247 if (asprintf(&boot_id, "_BOOT_ID=%s", sd_id128_to_string(id, idbuf)) >= 0)
248 IOVEC_SET_STRING(iovec[n++], boot_id);
250 r = sd_id128_get_machine(&id);
252 if (asprintf(&machine_id, "_MACHINE_ID=%s", sd_id128_to_string(id, idbuf)) >= 0)
253 IOVEC_SET_STRING(iovec[n++], machine_id);
255 t = gethostname_malloc();
257 hostname = strappend("_HOSTNAME=", t);
259 IOVEC_SET_STRING(iovec[n++], hostname);
265 f = find_journal(s, realuid == 0 ? 0 : loginuid);
267 log_warning("Dropping message, as we can't find a place to store the data.");
269 r = journal_file_append_entry(f, NULL, iovec, n, &s->seqnum, NULL, NULL);
272 log_error("Failed to write entry, ignoring: %s", strerror(-r));
286 free(audit_loginuid);
291 static void process_syslog_message(Server *s, const char *buf, struct ucred *ucred, struct timeval *tv) {
292 char *message = NULL, *syslog_priority = NULL, *syslog_facility = NULL;
293 struct iovec iovec[16];
295 int priority = LOG_USER | LOG_INFO;
300 parse_syslog_priority((char**) &buf, &priority);
301 skip_syslog_date((char**) &buf);
303 if (asprintf(&syslog_priority, "PRIORITY=%i", priority & LOG_PRIMASK) >= 0)
304 IOVEC_SET_STRING(iovec[n++], syslog_priority);
306 if (asprintf(&syslog_facility, "SYSLOG_FACILITY=%i", LOG_FAC(priority)) >= 0)
307 IOVEC_SET_STRING(iovec[n++], syslog_facility);
309 message = strappend("MESSAGE=", buf);
311 IOVEC_SET_STRING(iovec[n++], message);
313 dispatch_message(s, iovec, n, ELEMENTSOF(iovec), ucred, tv);
316 free(syslog_facility);
317 free(syslog_priority);
320 static void process_native_message(Server *s, const void *buffer, size_t buffer_size, struct ucred *ucred, struct timeval *tv) {
321 struct iovec *iovec = NULL;
322 unsigned n = 0, m = 0, j;
327 assert(buffer || n == 0);
330 remaining = buffer_size;
332 while (remaining > 0) {
335 e = memchr(p, '\n', remaining);
338 /* Trailing noise, let's ignore it, and flush what we collected */
339 log_debug("Received message with trailing noise, ignoring.");
344 /* Entry separator */
345 dispatch_message(s, iovec, n, m, ucred, tv);
354 /* Control command, ignore for now */
355 remaining -= (e - p) + 1;
360 /* A property follows */
366 u = MAX((n+13U) * 2U, 4U);
367 c = realloc(iovec, u * sizeof(struct iovec));
369 log_error("Out of memory");
377 q = memchr(p, '=', e - p);
379 iovec[n].iov_base = (char*) p;
380 iovec[n].iov_len = e - p;
383 remaining -= (e - p) + 1;
390 if (remaining < e - p + 1 + sizeof(uint64_t) + 1) {
391 log_debug("Failed to parse message, ignoring.");
395 memcpy(&l, e + 1, sizeof(uint64_t));
398 if (remaining < e - p + 1 + sizeof(uint64_t) + l + 1 ||
399 e[1+sizeof(uint64_t)+l] != '\n') {
400 log_debug("Failed to parse message, ignoring.");
404 k = malloc((e - p) + 1 + l);
406 log_error("Out of memory");
412 memcpy(k + (e - p) + 1, e + 1 + sizeof(uint64_t), l);
414 iovec[n].iov_base = k;
415 iovec[n].iov_len = (e - p) + 1 + l;
418 remaining -= (e - p) + 1 + sizeof(uint64_t) + l + 1;
419 p = e + 1 + sizeof(uint64_t) + l + 1;
423 dispatch_message(s, iovec, n, m, ucred, tv);
425 for (j = 0; j < n; j++)
426 if (iovec[j].iov_base < buffer ||
427 (const uint8_t*) iovec[j].iov_base >= (const uint8_t*) buffer + buffer_size)
428 free(iovec[j].iov_base);
431 static int process_event(Server *s, struct epoll_event *ev) {
434 if (ev->events != EPOLLIN) {
435 log_info("Got invalid event from epoll.");
439 if (ev->data.fd == s->signal_fd) {
440 struct signalfd_siginfo sfsi;
443 n = read(s->signal_fd, &sfsi, sizeof(sfsi));
444 if (n != sizeof(sfsi)) {
449 if (errno == EINTR || errno == EAGAIN)
455 log_debug("Received SIG%s", signal_to_string(sfsi.ssi_signo));
460 if (ev->data.fd == s->native_fd ||
461 ev->data.fd == s->syslog_fd) {
463 struct msghdr msghdr;
465 struct ucred *ucred = NULL;
466 struct timeval *tv = NULL;
467 struct cmsghdr *cmsg;
469 struct cmsghdr cmsghdr;
470 uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
471 CMSG_SPACE(sizeof(struct timeval))];
476 if (ioctl(ev->data.fd, SIOCINQ, &v) < 0) {
477 log_error("SIOCINQ failed: %m");
484 if (s->buffer_size < (size_t) v) {
488 l = MAX(LINE_MAX + (size_t) v, s->buffer_size * 2);
489 b = realloc(s->buffer, l+1);
492 log_error("Couldn't increase buffer.");
501 iovec.iov_base = s->buffer;
502 iovec.iov_len = s->buffer_size;
506 msghdr.msg_iov = &iovec;
507 msghdr.msg_iovlen = 1;
508 msghdr.msg_control = &control;
509 msghdr.msg_controllen = sizeof(control);
511 n = recvmsg(ev->data.fd, &msghdr, MSG_DONTWAIT);
514 if (errno == EINTR || errno == EAGAIN)
517 log_error("recvmsg() failed: %m");
521 for (cmsg = CMSG_FIRSTHDR(&msghdr); cmsg; cmsg = CMSG_NXTHDR(&msghdr, cmsg)) {
523 if (cmsg->cmsg_level == SOL_SOCKET &&
524 cmsg->cmsg_type == SCM_CREDENTIALS &&
525 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
526 ucred = (struct ucred*) CMSG_DATA(cmsg);
527 else if (cmsg->cmsg_level == SOL_SOCKET &&
528 cmsg->cmsg_type == SO_TIMESTAMP &&
529 cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval)))
530 tv = (struct timeval*) CMSG_DATA(cmsg);
533 if (ev->data.fd == s->syslog_fd) {
536 e = memchr(s->buffer, '\n', n);
542 process_syslog_message(s, strstrip(s->buffer), ucred, tv);
544 process_native_message(s, s->buffer, n, ucred, tv);
550 log_error("Unknown event.");
554 static int system_journal_open(Server *s) {
560 r = sd_id128_get_machine(&machine);
564 /* First try to create the machine path, but not the prefix */
565 fn = strappend("/var/log/journal/", sd_id128_to_string(machine, ids));
568 (void) mkdir(fn, 0755);
571 /* The create the system journal file */
572 fn = join("/var/log/journal/", ids, "/system.journal", NULL);
576 r = journal_file_open(fn, O_RDWR|O_CREAT, 0640, NULL, &s->system_journal);
580 fix_perms(s->system_journal, 0);
584 if (r < 0 && r != -ENOENT) {
585 log_error("Failed to open system journal: %s", strerror(-r));
589 /* /var didn't work, so try /run, but this time we
590 * create the prefix too */
591 fn = join("/run/log/journal/", ids, "/system.journal", NULL);
595 (void) mkdir_parents(fn, 0755);
596 r = journal_file_open(fn, O_RDWR|O_CREAT, 0640, NULL, &s->runtime_journal);
600 log_error("Failed to open runtime journal: %s", strerror(-r));
604 fix_perms(s->runtime_journal, 0);
608 static int open_syslog_socket(Server *s) {
609 union sockaddr_union sa;
614 if (s->syslog_fd < 0) {
616 s->syslog_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0);
617 if (s->syslog_fd < 0) {
618 log_error("socket() failed: %m");
623 sa.un.sun_family = AF_UNIX;
624 strncpy(sa.un.sun_path, "/run/systemd/syslog", sizeof(sa.un.sun_path));
626 unlink(sa.un.sun_path);
628 r = bind(s->syslog_fd, &sa.sa, offsetof(union sockaddr_union, un.sun_path) + strlen(sa.un.sun_path));
630 log_error("bind() failed: %m");
634 chmod(sa.un.sun_path, 0666);
638 r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one));
640 log_error("SO_PASSCRED failed: %m");
645 r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_TIMESTAMP, &one, sizeof(one));
647 log_error("SO_TIMESTAMP failed: %m");
654 static int open_native_socket(Server*s) {
655 union sockaddr_union sa;
660 if (s->native_fd < 0) {
662 s->native_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0);
663 if (s->native_fd < 0) {
664 log_error("socket() failed: %m");
669 sa.un.sun_family = AF_UNIX;
670 strncpy(sa.un.sun_path, "/run/systemd/journal", sizeof(sa.un.sun_path));
672 unlink(sa.un.sun_path);
674 r = bind(s->native_fd, &sa.sa, offsetof(union sockaddr_union, un.sun_path) + strlen(sa.un.sun_path));
676 log_error("bind() failed: %m");
680 chmod(sa.un.sun_path, 0666);
684 r = setsockopt(s->native_fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one));
686 log_error("SO_PASSCRED failed: %m");
691 r = setsockopt(s->native_fd, SOL_SOCKET, SO_TIMESTAMP, &one, sizeof(one));
693 log_error("SO_TIMESTAMP failed: %m");
700 static int server_init(Server *s) {
702 struct epoll_event ev;
708 s->syslog_fd = s->native_fd = s->signal_fd = -1;
710 s->epoll_fd = epoll_create1(EPOLL_CLOEXEC);
711 if (s->epoll_fd < 0) {
712 log_error("Failed to create epoll object: %m");
716 n = sd_listen_fds(true);
718 log_error("Failed to read listening file descriptors from environment: %s", strerror(-n));
722 for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
724 if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0) {
726 if (s->syslog_fd >= 0) {
727 log_error("Too many /dev/log sockets passed.");
733 } else if (sd_is_socket(fd, AF_UNIX, SOCK_DGRAM, -1) > 0) {
735 if (s->native_fd >= 0) {
736 log_error("Too many native sockets passed.");
742 log_error("Unknown socket passed.");
747 r = open_syslog_socket(s);
753 ev.data.fd = s->syslog_fd;
754 if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->syslog_fd, &ev) < 0) {
755 log_error("Failed to add syslog server fd to epoll object: %m");
759 r = open_native_socket(s);
765 ev.data.fd = s->native_fd;
766 if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->native_fd, &ev) < 0) {
767 log_error("Failed to add native server fd to epoll object: %m");
771 s->user_journals = hashmap_new(trivial_hash_func, trivial_compare_func);
772 if (!s->user_journals) {
773 log_error("Out of memory.");
777 r = system_journal_open(s);
781 assert_se(sigemptyset(&mask) == 0);
782 sigset_add_many(&mask, SIGINT, SIGTERM, -1);
783 assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);
785 s->signal_fd = signalfd(-1, &mask, SFD_NONBLOCK|SFD_CLOEXEC);
786 if (s->signal_fd < 0) {
787 log_error("signalfd(): %m");
793 ev.data.fd = s->signal_fd;
795 if (epoll_ctl(s->epoll_fd, EPOLL_CTL_ADD, s->signal_fd, &ev) < 0) {
796 log_error("epoll_ctl(): %m");
803 static void server_done(Server *s) {
807 if (s->system_journal)
808 journal_file_close(s->system_journal);
810 if (s->runtime_journal)
811 journal_file_close(s->runtime_journal);
813 while ((f = hashmap_steal_first(s->user_journals)))
814 journal_file_close(f);
816 hashmap_free(s->user_journals);
818 if (s->epoll_fd >= 0)
819 close_nointr_nofail(s->epoll_fd);
821 if (s->signal_fd >= 0)
822 close_nointr_nofail(s->signal_fd);
824 if (s->syslog_fd >= 0)
825 close_nointr_nofail(s->syslog_fd);
827 if (s->native_fd >= 0)
828 close_nointr_nofail(s->native_fd);
831 int main(int argc, char *argv[]) {
835 /* if (getppid() != 1) { */
836 /* log_error("This program should be invoked by init only."); */
837 /* return EXIT_FAILURE; */
841 log_error("This program does not take arguments.");
845 log_set_target(LOG_TARGET_CONSOLE);
846 log_parse_environment();
851 r = server_init(&server);
855 log_debug("systemd-journald running as pid %lu", (unsigned long) getpid());
859 "STATUS=Processing messages...");
862 struct epoll_event event;
864 r = epoll_wait(server.epoll_fd, &event, 1, -1);
870 log_error("epoll_wait() failed: %m");
876 r = process_event(&server, &event);
885 "STATUS=Shutting down...");
887 server_done(&server);
889 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;