summaryrefslogtreecommitdiff
path: root/src/journal/journald-server.c
AgeCommit message (Collapse)Author
2014-07-31Properly report invalid quoted stringsZbigniew Jędrzejewski-Szmek
$ systemd-analyze verify trailing-g.service [./trailing-g.service:2] Trailing garbage, ignoring. trailing-g.service lacks ExecStart setting. Refusing. Error: org.freedesktop.systemd1.LoadFailed: Unit trailing-g.service failed to load: Invalid argument. Failed to create trailing-g.service/start: Invalid argument
2014-07-31Reject invalid quoted stringsZbigniew Jędrzejewski-Szmek
String which ended in an unfinished quote were accepted, potentially with bad memory accesses. Reject anything which ends in a unfished quote, or contains non-whitespace characters right after the closing quote. _FOREACH_WORD now returns the invalid character in *state. But this return value is not checked anywhere yet. Also, make 'word' and 'state' variables const pointers, and rename 'w' to 'word' in various places. Things are easier to read if the same name is used consistently. mbiebl_> am I correct that something like this doesn't work mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"' mbiebl_> systemd seems to strip of the quotes mbiebl_> systemctl status shows mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint mbiebl_> which is pretty weird
2014-07-16Let config_parse open file where applicableZbigniew Jędrzejewski-Szmek
Special care is needed so that we get an error message if the file failed to parse, but not when it is missing. To avoid duplicating the same error check in every caller, add an additional 'warn' boolean to tell config_parse whether a message should be issued. This makes things both shorter and more robust wrt. to error reporting.
2014-07-15Constify ConfigTableItem tablesZbigniew Jędrzejewski-Szmek
2014-07-11journald: turn ForwardToSyslog= off by defaultLennart Poettering
After all, rsyslog and friends nowadays read their data directly from the journal, hence the forwarding is unnecessary in most cases.
2014-06-27journald: make MaxFileSec really default to 1monthMichał Bartoszkiewicz
journald.conf(5) states that the default for MaxFileSec is one month, but the code didn't respect that.
2014-06-19journald: make SplitMode=uid the defaultLennart Poettering
Now that we actually can distuingish system and normal users there's no point in taking session information into account anymore when splitting up logs. This has the beenfit with that coredump information will actually end up in each user's own journal.
2014-06-19coredump: optionally store coredumps on disk, not in the journalLennart Poettering
Introduce a new configuration file /etc/systemd/coredump.conf to configure when to place coredumps in the journal and when on disk. Since the coredumps are quite large, default to storing them only on disk.
2014-06-11journald: create /run/log/journal with the correct access modesLennart Poettering
2014-06-04journald: move /dev/log socket to /runLennart Poettering
This way we can make the socket also available for sandboxed apps that have their own private /dev. They can now simply symlink the socket from /dev.
2014-05-21logind: don't apply RemoveIPC= to system usersLennart Poettering
We shouldn't destroy IPC objects of system users on logout. http://lists.freedesktop.org/archives/systemd-devel/2014-April/018373.html This introduces SYSTEM_UID_MAX defined to the maximum UID of system users. This value is determined compile-time, either as configure switch or from /etc/login.defs. (We don't read that file at runtime, since this is really a choice for a system builder, not the end user.) While we are at it we then also update journald to use SYSTEM_UID_MAX when we decide whether to split out log data for a specific client.
2014-05-15Remove unnecessary casts in printfsZbigniew Jędrzejewski-Szmek
No functional change expected :)
2014-03-24sd-event: rework API to support CLOCK_REALTIME_ALARM and ↵Lennart Poettering
CLOCK_BOOTTIME_ALARM, too
2014-03-18util: replace close_nointr_nofail() by a more useful safe_close()Lennart Poettering
safe_close() automatically becomes a NOP when a negative fd is passed, and returns -1 unconditionally. This makes it easy to write lines like this: fd = safe_close(fd); Which will close an fd if it is open, and reset the fd variable correctly. By making use of this new scheme we can drop a > 200 lines of code that was required to test for non-negative fds or to reset the closed fd variable afterwards.
2014-03-17journal: extract duplicated code to a functionZbigniew Jędrzejewski-Szmek
2014-03-17journal: extract duplicated code to a functionZbigniew Jędrzejewski-Szmek
2014-03-16Use strlen even for constant stringsJosh Triplett
GCC optimizes strlen("string constant") to a constant, even with -O0. Thus, replace patterns like sizeof("string constant")-1 with strlen("string constant") where possible, for clarity. In particular, for expressions intended to add up the lengths of components going into a string, this often makes it clearer that the expression counts the trailing '\0' exactly once, by putting the +1 for the '\0' at the end of the expression, rather than hidden in a sizeof in the middle of the expression.
2014-03-14journald: add support for wall forwardingSebastian Thorarensen
This will let journald forward logs as messages sent to all logged in users (like wall). Two options are added: * ForwardToWall (default yes) * MaxLevelWall (default emerg) 'ForwardToWall' is overridable by kernel command line option 'systemd.journald.forward_to_wall'. This is used to emulate the traditional syslogd behaviour of sending emergency messages to all logged in users.
2014-03-07Make tables for DEFINE_STRING_TABLE_LOOKUP consistentDaniel Mack
Bring some arrays that are used for DEFINE_STRING_TABLE_LOOKUP() in the same order than the enums they reference. Also, pass the corresponding _MAX value to the array initalizer where appropriate.
2014-02-24Remove dead lines in various placesZbigniew Jędrzejewski-Szmek
As pointed-out by clang -Wunreachable-code. No behaviour changes.
2014-02-21journald: ignore failure to watch hostname_fd on older kernelsDave Reisner
Prior to 3.2, /proc/sys/kernel/hostname isn't a pollable file and sd_event_add_io will return EPERM. Ignore this failure, since it isn't critical to journald operation. Reported and tested by user sraue on IRC.
2014-02-20api: in constructor function calls, always put the returned object pointer ↵Lennart Poettering
first (or second) Previously the returned object of constructor functions where sometimes returned as last, sometimes as first and sometimes as second parameter. Let's clean this up a bit. Here are the new rules: 1. The object the new object is derived from is put first, if there is any 2. The object we are creating will be returned in the next arguments 3. This is followed by any additional arguments Rationale: For functions that operate on an object we always put that object first. Constructors should probably not be too different in this regard. Also, if the additional parameters might want to use varargs which suggests to put them last. Note that this new scheme only applies to constructor functions, not to all other functions. We do give a lot of freedom for those. Note that this commit only changes the order of the new functions we added, for old ones we accept the wrong order and leave it like that.
2014-02-11journald: log provenience of signalsZbigniew Jędrzejewski-Szmek
2014-01-11journald: do not free space when disk space runs lowZbigniew Jędrzejewski-Szmek
Before, journald would remove journal files until both MaxUse= and KeepFree= settings would be satisfied. The first one depends (if set automatically) on the size of the file system and is constant. But the second one depends on current use of the file system, and a spike in disk usage would cause journald to delete journal files, trying to reach usage which would leave 15% of the disk free. This behaviour is surprising for the user who doesn't expect his logs to be purged when disk usage goes above 85%, which on a large disk could be some gigabytes from being full. In addition attempting to keep 15% free provides an attack vector where filling the disk sufficiently disposes of almost all logs. Instead, obey KeepFree= only as a limit on adding additional files. When replacing old files with new, ignore KeepFree=. This means that if journal disk usage reached some high point that at some later point start to violate the KeepFree= constraint, journald will not add files to go above this point, but it will stay (slightly) below it. When journald is restarted, it forgets the previous maximum usage value, and sets the limit based on the current usage, so if disk remains to be filled, journald might use one journal-file-size less on each restart, if restarts happen just after rotation. This seems like a reasonable compromise between implementation complexity and robustness.
2013-12-21journald/server: replace readdir_r with readdirFlorian Weimer
The available_space function now returns 0 if reading the directory fails. Previously, such errors were silently ignored.
2013-12-13event: rework sd-event exit logicLennart Poettering
With this change a failing event source handler will not cause the entire event loop to fail. Instead, we just disable the specific event source, log a message at debug level and go on. This also introduces a new concept of "exit code" which can be stored in the event loop and is returned by sd_event_loop(). We also rename "quit" to "exit" everywhere else. Altogether this should make things more robus and keep errors local while still providing a way to return event loop errors in a clear way.
2013-12-11journald: cache cgroup root path, instead of querying it on every incoming ↵Lennart Poettering
log message
2013-12-11journald: cache hostname, boot_id and machine_id fields instead of ↵Lennart Poettering
generating them fresh for each log entry
2013-12-11journald: port to sd-event and enable watchdog supportLennart Poettering
2013-12-10Ensure unit is journaled for short-lived or oneshot processesDan McGee
In the time it takes to process incoming log messages, the process we are logging details for may exit. This means the cgroup data is no longer available from '/proc'. Unfortunately, the way the code was structured before, we never log _SYSTEMD_UNIT if we don't have this cgroup information. Add an else if case that allows the passed in unit_id to be logged even if we couldn't capture cgroup information. This ensures a command like `journalctl -u run-XXX` will return all log messages from a oneshot process.
2013-11-27journald: mention how long we needed to flush to /var in the logsLennart Poettering
2013-11-06util: unify reading of /proc/cmdlineLennart Poettering
Instead of individually checking for containers in each user do this once in a new call proc_cmdline() that read the file only if we are not in a container.
2013-10-13journald: use greedy_realloc in one placeZbigniew Jędrzejewski-Szmek
2013-10-10security: missing header inclusionsLennart Poettering
2013-10-10security: rework selinux, smack, ima, apparmor detection logicLennart Poettering
Always cache the results, and bypass low-level security calls when the respective subsystem is not enabled.
2013-10-09journald: remove rotated file from hashmap when rotation failsZbigniew Jędrzejewski-Szmek
Before, when the user journal file was rotated, journal_file_rotate could close the old file and fail to open the new file. In that case, we would leave the old (deallocated) file in the hashmap. On subsequent accesses, we could retrieve this stale entry, leading to a segfault. When journal_file_rotate fails with the file pointer set to 0, old file is certainly gone, and cannot be used anymore. https://bugzilla.redhat.com/show_bug.cgi?id=890463
2013-09-27Do not use unitialized variable and remove duplicated lineZbigniew Jędrzejewski-Szmek
2013-09-26journald: accept EPOLLERR from /dev/kmsgZbigniew Jędrzejewski-Szmek
Also print out unexpected epoll events explictly.
2013-09-17journald: avoid NSS in journaldLennart Poettering
In order to avoid a deadlock between journald looking up the "systemd-journal" group name, and nscd (or anyother NSS backing daemon) logging something back to the journal avoid all NSS in journald the same way as we avoid it from PID 1. With this change we rely on the kernel file system logic to adjust the group of created journal files via the SETGID bit on the journal directory. To ensure that it is always set, even after the user created it with a simply "mkdir" on the shell we fix it up via tmpfiles on boot.
2013-09-17journald: log the slice of a process along with each message in _SYSTEMD_SLICE=Lennart Poettering
2013-09-12journald: Log error when failed to get machine-id on startOlivier Brunel
Can help since the journal requires /etc/machine-id to exists in order to start, and will simply silently exit when it does not.
2013-09-10journald: be a bit more verbose when vacuumingZbigniew Jędrzejewski-Szmek
Vacuuming behaviour is a bit confusing, and/or we have some bugs, so those additional messages should help to find out what's going on. Also, rotation of journal files shouldn't be happening too often, so the level of the messages is bumped to info, so that they'll be logged under normal operation.
2013-08-06journald: remove unused variableZbigniew Jędrzejewski-Szmek
2013-08-06journal: handle multiline syslog messagesHarald Hoyer
Since the journal can handle multiple lines just well natively, and rsyslog can be configured to handle them as well, there is no need to truncate messages from syslog() after the first newline. Reproducer: 1. Add following four lines to /etc/rsyslog.conf ---------- $EscapeControlCharactersOnReceive off $ActionFileDefaultTemplate RSYSLOG_SysklogdFileFormat $SpaceLFOnReceive on $DropTrailingLFOnReception off ---------- 3. Restart rsyslog # service rsyslog restart 4. Compile and run the following program ---------- #include <stdio.h> #include <syslog.h> int main() { syslog(LOG_INFO, "aaa%caaa", '\n'); return 0; } ---------- Actual results: Below message appears in /var/log/messages. ----------    Sep 7 19:19:39 localhost test2: aaa ---------- Expected results: Below message, which worked prior to systemd-journald appears in /var/log/messages. ----------    Sep 7 19:19:39 localhost test2: aaa aaa https://bugzilla.redhat.com/show_bug.cgi?id=855313
2013-07-24journal: immediately sync to disk as soon as we receieve an EMERG/ALERT/CRIT ↵Lennart Poettering
message
2013-07-19journald: after the cgroup rework processes may be in both user and system ↵Lennart Poettering
units at the same time
2013-07-18journal: Leave server_dispatch_message early when Storage is noneHolger Hans Peter Freyther
When using Storage=none there is no point in collecting all the information just to throw them away. After this change journald consumes a lot less CPU time when only forwarding messages.
2013-07-16journal: add logging of effective capabilities _CAP_EFFECTIVEShawn Landden
I think this is the most important of the capabilities bitmasks to log.
2013-07-12journald-server: r should be checked after journal_file_open_reliablyLukas Nykryn
2013-06-24journald: fix space limits reportingZbigniew Jędrzejewski-Szmek
Reporting of the free space was bogus, since the remaining space was compared with the maximum allowed, instead of the current use being compared with the maximum allowed. Simplify and fix by reporting limits directly at the point where they are calculated. Also, assign a UUID to the message.