From cab8ac60837b489b27a247990f741315c71cb389 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Sat, 17 Dec 2011 01:13:55 +0100 Subject: journal: enforce limits on open journal files --- src/journal/journald.c | 9 +++++++++ src/journal/sd-journal.c | 8 +++++++- src/journal/sd-journal.h | 2 -- 3 files changed, 16 insertions(+), 3 deletions(-) (limited to 'src/journal') diff --git a/src/journal/journald.c b/src/journal/journald.c index 453495a964..6b774f499d 100644 --- a/src/journal/journald.c +++ b/src/journal/journald.c @@ -38,6 +38,8 @@ #include "acl-util.h" #include "cgroup-util.h" +#define USER_JOURNALS_MAX 1024 + typedef struct Server { int epoll_fd; int signal_fd; @@ -127,6 +129,13 @@ static JournalFile* find_journal(Server *s, uid_t uid) { if (asprintf(&p, "/var/log/journal/%s/user-%lu.journal", sd_id128_to_string(machine, ids), (unsigned long) uid) < 0) return s->system_journal; + while (hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) { + /* Too many open? Then let's close one */ + f = hashmap_steal_first(s->user_journals); + assert(f); + journal_file_close(f); + } + r = journal_file_open(p, O_RDWR|O_CREAT, 0640, s->system_journal, &f); free(p); diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c index 85c57170d5..bcfcbfb9e1 100644 --- a/src/journal/sd-journal.c +++ b/src/journal/sd-journal.c @@ -30,6 +30,8 @@ #include "list.h" #include "lookup3.h" +#define JOURNAL_FILES_MAX 1024 + typedef struct Match Match; struct Match { @@ -932,6 +934,11 @@ static int add_file(sd_journal *j, const char *prefix, const char *dir, const ch assert(prefix); assert(filename); + if (hashmap_size(j->files) >= JOURNAL_FILES_MAX) { + log_debug("Too many open journal files, ignoring."); + return 0; + } + if (dir) fn = join(prefix, "/", dir, "/", filename, NULL); else @@ -952,7 +959,6 @@ static int add_file(sd_journal *j, const char *prefix, const char *dir, const ch journal_file_dump(f); - r = hashmap_put(j->files, f->path, f); if (r < 0) { journal_file_close(f); diff --git a/src/journal/sd-journal.h b/src/journal/sd-journal.h index e42293ffe7..b167dcf097 100644 --- a/src/journal/sd-journal.h +++ b/src/journal/sd-journal.h @@ -34,12 +34,10 @@ * - check LE/BE conversion for 8bit, 16bit, 32bit values * - implement inotify usage on client * - implement audit gateway - * - implement native gateway * - implement stdout gateway * - extend hash tables table as we go * - accelerate looking for "all hostnames" and suchlike. * - throttling - * - enforce limit on open journal files in journald and journalctl * - cryptographic hash * - fix space reservation logic * - comm, argv can be manipulated, should it be _COMM=, _CMDLINE= or COMM=, CMDLINE=? -- cgit v1.2.3-54-g00ecf