Age | Commit message (Collapse) | Author |
|
|
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1047148
|
|
Before, journald would remove journal files until both MaxUse= and
KeepFree= settings would be satisfied. The first one depends (if set
automatically) on the size of the file system and is constant. But
the second one depends on current use of the file system, and a spike
in disk usage would cause journald to delete journal files, trying to
reach usage which would leave 15% of the disk free. This behaviour is
surprising for the user who doesn't expect his logs to be purged when
disk usage goes above 85%, which on a large disk could be some
gigabytes from being full. In addition attempting to keep 15% free
provides an attack vector where filling the disk sufficiently disposes
of almost all logs.
Instead, obey KeepFree= only as a limit on adding additional files.
When replacing old files with new, ignore KeepFree=. This means that
if journal disk usage reached some high point that at some later point
start to violate the KeepFree= constraint, journald will not add files
to go above this point, but it will stay (slightly) below it. When
journald is restarted, it forgets the previous maximum usage value,
and sets the limit based on the current usage, so if disk remains to
be filled, journald might use one journal-file-size less on each
restart, if restarts happen just after rotation. This seems like a
reasonable compromise between implementation complexity and robustness.
|
|
|
|
This extends 62678ded 'efi: never call qsort on potentially
NULL arrays' to all other places where qsort is used and it
is not obvious that the count is non-zero.
|
|
|
|
Vacuuming behaviour is a bit confusing, and/or we have some bugs,
so those additional messages should help to find out what's going
on. Also, rotation of journal files shouldn't be happening too
often, so the level of the messages is bumped to info, so that
they'll be logged under normal operation.
|
|
Before my previous patch, journal_file_empty wasn't be called with the
correct filename. Now that it's being called with the correct filename
it leaks file descriptors. This patch closes the file descriptors before
returning.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
[Edit harald@redhat.com: make use of _cleanup_close_ instead]
|
|
d_name is modified on line 227 so if the entire journal name is needed
again p must be used. Before this change when journal_file_empty was called
on archived journals it would always return with -2.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
|
|
Corrupted empty files are relatively common. I think they are created
when a coredump for a user who never logged anything before is
attempted to be written, but the write does not succeed because the
coredump is too big, but there are probably other ways to create
those, especially if the machine crashes at the right time.
Non-corrupted empty files can also happen, e.g. if a journal file is
opened, but nothing is ever successfully written to it and it is
rotated because of MaxFileSec=. Either way, each "empty" journal file
costs around 3 MB, and there's little point in keeping them around.
|
|
|
|
The vacuum code used to stop vacuuming after one deletion, even
when max_use was still exceeded.
Also make usage a uint64_t, as the code already pretends it is one.
Signed-off-by: Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>
|
|
|
|
This also enables time-based rotation (but not vacuuming) after 1month,
so that not more one month of journal is lost at a time per vacuuming.
|
|
Make sure to allocate enough space for readdir_r().
https://bugzilla.redhat.com/show_bug.cgi?id=858754
|
|
|
|
|