summaryrefslogtreecommitdiff
path: root/src/journal/journald-server.c
AgeCommit message (Collapse)Author
2014-02-11journald: log provenience of signalsZbigniew Jędrzejewski-Szmek
2014-01-11journald: do not free space when disk space runs lowZbigniew Jędrzejewski-Szmek
Before, journald would remove journal files until both MaxUse= and KeepFree= settings would be satisfied. The first one depends (if set automatically) on the size of the file system and is constant. But the second one depends on current use of the file system, and a spike in disk usage would cause journald to delete journal files, trying to reach usage which would leave 15% of the disk free. This behaviour is surprising for the user who doesn't expect his logs to be purged when disk usage goes above 85%, which on a large disk could be some gigabytes from being full. In addition attempting to keep 15% free provides an attack vector where filling the disk sufficiently disposes of almost all logs. Instead, obey KeepFree= only as a limit on adding additional files. When replacing old files with new, ignore KeepFree=. This means that if journal disk usage reached some high point that at some later point start to violate the KeepFree= constraint, journald will not add files to go above this point, but it will stay (slightly) below it. When journald is restarted, it forgets the previous maximum usage value, and sets the limit based on the current usage, so if disk remains to be filled, journald might use one journal-file-size less on each restart, if restarts happen just after rotation. This seems like a reasonable compromise between implementation complexity and robustness.
2013-12-21journald/server: replace readdir_r with readdirFlorian Weimer
The available_space function now returns 0 if reading the directory fails. Previously, such errors were silently ignored.
2013-12-13event: rework sd-event exit logicLennart Poettering
With this change a failing event source handler will not cause the entire event loop to fail. Instead, we just disable the specific event source, log a message at debug level and go on. This also introduces a new concept of "exit code" which can be stored in the event loop and is returned by sd_event_loop(). We also rename "quit" to "exit" everywhere else. Altogether this should make things more robus and keep errors local while still providing a way to return event loop errors in a clear way.
2013-12-11journald: cache cgroup root path, instead of querying it on every incoming ↵Lennart Poettering
log message
2013-12-11journald: cache hostname, boot_id and machine_id fields instead of ↵Lennart Poettering
generating them fresh for each log entry
2013-12-11journald: port to sd-event and enable watchdog supportLennart Poettering
2013-12-10Ensure unit is journaled for short-lived or oneshot processesDan McGee
In the time it takes to process incoming log messages, the process we are logging details for may exit. This means the cgroup data is no longer available from '/proc'. Unfortunately, the way the code was structured before, we never log _SYSTEMD_UNIT if we don't have this cgroup information. Add an else if case that allows the passed in unit_id to be logged even if we couldn't capture cgroup information. This ensures a command like `journalctl -u run-XXX` will return all log messages from a oneshot process.
2013-11-27journald: mention how long we needed to flush to /var in the logsLennart Poettering
2013-11-06util: unify reading of /proc/cmdlineLennart Poettering
Instead of individually checking for containers in each user do this once in a new call proc_cmdline() that read the file only if we are not in a container.
2013-10-13journald: use greedy_realloc in one placeZbigniew Jędrzejewski-Szmek
2013-10-10security: missing header inclusionsLennart Poettering
2013-10-10security: rework selinux, smack, ima, apparmor detection logicLennart Poettering
Always cache the results, and bypass low-level security calls when the respective subsystem is not enabled.
2013-10-09journald: remove rotated file from hashmap when rotation failsZbigniew Jędrzejewski-Szmek
Before, when the user journal file was rotated, journal_file_rotate could close the old file and fail to open the new file. In that case, we would leave the old (deallocated) file in the hashmap. On subsequent accesses, we could retrieve this stale entry, leading to a segfault. When journal_file_rotate fails with the file pointer set to 0, old file is certainly gone, and cannot be used anymore. https://bugzilla.redhat.com/show_bug.cgi?id=890463
2013-09-27Do not use unitialized variable and remove duplicated lineZbigniew Jędrzejewski-Szmek
2013-09-26journald: accept EPOLLERR from /dev/kmsgZbigniew Jędrzejewski-Szmek
Also print out unexpected epoll events explictly.
2013-09-17journald: avoid NSS in journaldLennart Poettering
In order to avoid a deadlock between journald looking up the "systemd-journal" group name, and nscd (or anyother NSS backing daemon) logging something back to the journal avoid all NSS in journald the same way as we avoid it from PID 1. With this change we rely on the kernel file system logic to adjust the group of created journal files via the SETGID bit on the journal directory. To ensure that it is always set, even after the user created it with a simply "mkdir" on the shell we fix it up via tmpfiles on boot.
2013-09-17journald: log the slice of a process along with each message in _SYSTEMD_SLICE=Lennart Poettering
2013-09-12journald: Log error when failed to get machine-id on startOlivier Brunel
Can help since the journal requires /etc/machine-id to exists in order to start, and will simply silently exit when it does not.
2013-09-10journald: be a bit more verbose when vacuumingZbigniew Jędrzejewski-Szmek
Vacuuming behaviour is a bit confusing, and/or we have some bugs, so those additional messages should help to find out what's going on. Also, rotation of journal files shouldn't be happening too often, so the level of the messages is bumped to info, so that they'll be logged under normal operation.
2013-08-06journald: remove unused variableZbigniew Jędrzejewski-Szmek
2013-08-06journal: handle multiline syslog messagesHarald Hoyer
Since the journal can handle multiple lines just well natively, and rsyslog can be configured to handle them as well, there is no need to truncate messages from syslog() after the first newline. Reproducer: 1. Add following four lines to /etc/rsyslog.conf ---------- $EscapeControlCharactersOnReceive off $ActionFileDefaultTemplate RSYSLOG_SysklogdFileFormat $SpaceLFOnReceive on $DropTrailingLFOnReception off ---------- 3. Restart rsyslog # service rsyslog restart 4. Compile and run the following program ---------- #include <stdio.h> #include <syslog.h> int main() { syslog(LOG_INFO, "aaa%caaa", '\n'); return 0; } ---------- Actual results: Below message appears in /var/log/messages. ----------    Sep 7 19:19:39 localhost test2: aaa ---------- Expected results: Below message, which worked prior to systemd-journald appears in /var/log/messages. ----------    Sep 7 19:19:39 localhost test2: aaa aaa https://bugzilla.redhat.com/show_bug.cgi?id=855313
2013-07-24journal: immediately sync to disk as soon as we receieve an EMERG/ALERT/CRIT ↵Lennart Poettering
message
2013-07-19journald: after the cgroup rework processes may be in both user and system ↵Lennart Poettering
units at the same time
2013-07-18journal: Leave server_dispatch_message early when Storage is noneHolger Hans Peter Freyther
When using Storage=none there is no point in collecting all the information just to throw them away. After this change journald consumes a lot less CPU time when only forwarding messages.
2013-07-16journal: add logging of effective capabilities _CAP_EFFECTIVEShawn Landden
I think this is the most important of the capabilities bitmasks to log.
2013-07-12journald-server: r should be checked after journal_file_open_reliablyLukas Nykryn
2013-06-24journald: fix space limits reportingZbigniew Jędrzejewski-Szmek
Reporting of the free space was bogus, since the remaining space was compared with the maximum allowed, instead of the current use being compared with the maximum allowed. Simplify and fix by reporting limits directly at the point where they are calculated. Also, assign a UUID to the message.
2013-06-21journald: bump the journal per-unit ratelimit defaultsLennart Poettering
Too many people kept hitting them, so let's increase the limits a bit. https://bugzilla.redhat.com/show_bug.cgi?id=965803
2013-06-20journal: allow callers to specify OBJECT_PID=Zbigniew Jędrzejewski-Szmek
When journald encounters a message with OBJECT_PID= set coming from a priviledged process (UID==0), additional fields will be added to the message: OBJECT_UID=, OBJECT_GID=, OBJECT_COMM=, OBJECT_EXE=, OBJECT_CMDLINE=, OBJECT_AUDIT_SESSION=, OBJECT_AUDIT_LOGINUID=, OBJECT_SYSTEMD_CGROUP=, OBJECT_SYSTEMD_SESSION=, OBJECT_SYSTEMD_OWNER_UID=, OBJECT_SYSTEMD_UNIT= or OBJECT_SYSTEMD_USER_UNIT=. This is for other logging daemons, like setroubleshoot, to be able to augment their logs with data about the process. https://bugzilla.redhat.com/show_bug.cgi?id=951627
2013-06-13journald: do not calculate free space too earlyZbigniew Jędrzejewski-Szmek
Since the system journal wasn't open yet, available_space() returned 0. Before: systemd-journal[22170]: Allowing system journal files to grow to 4.0G. systemd-journal[22170]: Journal size currently limited to 0B due to SystemKeepFree. After: systemd-journal[22178]: Allowing system journal files to grow to 4.0G. systemd-journal[22178]: Journal size currently limited to 3.0G due to SystemKeepFree. Also, when failing to write a message, show how much space was needed: "Failed to write entry (26 items, 260123456 bytes) despite vacuuming, ignoring: ...".
2013-06-10journal: letting (interleaved) seqnums goZbigniew Jędrzejewski-Szmek
In the following scenario: server creates system.journal server creates user-1000.journal both journals share the same seqnum_id. Then server writes to user-1000.journal first, and server writes to system.journal a bit later, and everything is fine. The server then terminates (crash, reboot, rsyslog testing, whatever), and user-1000.journal has entries which end with a lower seqnum than system.journal. Now server is restarted server opens user-1000.journal and writes entries to it... BAM! duplicate seqnums for the same seqnum_id. Now, we usually don't see that happen, because system.journal is closed last, and opened first. Since usually at least one message is written during boot and lands in the system.journal, the seqnum is initialized from it, and is set to a number higher than than anything found in user journals. Nevertheless, if system.journal is corrupted and is rotated, it can happen that an entry is written to the user journal with a seqnum that is a duplicate with an entry found in the corrupted system.journal~. When browsing the journal, journalctl can fall into a loop where it tries to follow the seqnums, and tries to go the next location by seqnum, and is transported back in time to to the older duplicate seqnum. There is not way to find out the maximum seqnum used in a multiple files, without actually looking at all of them. But we don't want to do that because it would be slow, and actually it isn't really possible, because a file might e.g. be temporarily unaccessible. Fix the problem by using different seqnum series for user journals. Using the same seqnum series for rotated journals is still fine, because we know that nothing will write to the rotated journal anymore. Likely related: https://bugs.freedesktop.org/show_bug.cgi?id=64566 https://bugs.freedesktop.org/show_bug.cgi?id=59856 https://bugs.freedesktop.org/show_bug.cgi?id=64296 https://bugs.archlinux.org/task/35581 https://bugzilla.novell.com/show_bug.cgi?id=817778 Possibly related: https://bugs.freedesktop.org/show_bug.cgi?id=64293
2013-06-10journalctl: print monotonic timestamp in --headerZbigniew Jędrzejewski-Szmek
2013-06-01journal: take KeepFree into account when reporting maximum sizeDaniel Albers
When reporting the maximum journal size add a hint if it's limited by KeepFree.
2013-05-30journald: DO recalculate the ACL mask, but only if it doesn't existJan Alexander Steffens (heftig)
Since 11ec7ce, journald isn't setting the ACLs properly anymore if the files had no ACLs to begin with: acl_set_fd fails with EINVAL. An ACL with ACL_USER or ACL_GROUP entries but no ACL_MASK entry is invalid, so make sure a mask exists before trying to set the ACL.
2013-05-15journal: correctly convert usec_t to timespec.Michał Bartoszkiewicz
Use timespec_store instead of (incorrectly) doing it inline.
2013-05-07journald: don't recalculate the ACL maskLennart Poettering
Otherwise we might end up with executable files if some default ACL is set for the journal directory.
2013-05-07journald: be more careful when we try to flush the runtime journal to disk ↵systemd/v203Lennart Poettering
and the disk is close to being full Bump the minimal size of the journal so that we can be sure creating the journal file will always succeed. Previously the minimum size was smaller than a empty jounral file...
2013-04-25conf-parser: restrict .include usageLennart Poettering
Disallow recursive .include, and make it unavailable in anything but unit files.
2013-04-25journal: remove build warning when SELinux is disabledGreg Kroah-Hartman
A small patch to remove a build warnining when SELinux is disabled.
2013-04-22cgroup: make sure all our cgroup objects have a suffix and are properly escapedLennart Poettering
Session objects will now get the .session suffix, user objects the .user suffix, nspawn containers the .nspawn suffix. This also changes the user cgroups to be named after the numeric UID rather than the username, since this allows us the parse these paths standalone without requiring access to the cgroup file system. This also changes the mapping of instanced units to cgroups. Instead of mapping foo@bar.service to the cgroup path /user/foo@.service/bar we will now map it to /user/foo@.service/foo@bar.service, in order to ensure that all our objects are properly suffixed in the tree.
2013-04-18move _cleanup_ attribute in front of the typeHarald Hoyer
http://lists.freedesktop.org/archives/systemd-devel/2013-April/010510.html
2013-04-17Report about syntax errors with metadataZbigniew Jędrzejewski-Szmek
The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16nspawn: introduce the new /machine/ tree in the cgroup tree and move ↵Lennart Poettering
containers there Containers will now carry a label (normally derived from the root directory name, but configurable by the user), and the container's root cgroup is /machine/<label>. This label is called "machine name", and can cover both containers and VMs (as soon as libvirt also makes use of /machine/). libsystemd-login can be used to query the machine name from a process. This patch also includes numerous clean-ups for the cgroup code.
2013-04-12journal: fix broken tags _SOURCE_REALTIME_TIMESTAMP and _MACHINE_IDMirco Tischler
2013-04-08journald: no need to free audit varsLennart Poettering
2013-04-08journald: drop two more memory allocationsLennart Poettering
2013-04-08journald: get rid of one more memory allocationLennart Poettering
2013-04-08journald: Do not dynamically allocate _UID/_GID/_PID stringsHolger Hans Peter Freyther
Avoid the dynamic allocation for the _UID, _GID, and _PID strings. The maximum size of the string can be determined at compile time. The code has only been compile tested.
2013-04-08journald: Do not always record _AUDIT_SESSION and _AUDIT_LOGINUIDHolger Hans Peter Freyther
When systemd was compiled without audit support, do not collect the audit session and loginuid in the journal. This is saving a couple of syscalls and memory allocations per log message.