tree-wide: remove Emacs lines from all files This should be handled fine now by .dir-locals.el, so need to carry that stuff in every file.

journal: normalize priority of logging sources The stream event source has a priority of SD_EVENT_PRIORITY_NORMAL+5, and stdout source +10, but the native and syslog event sources are left at the default of 0. As a result, any heavy native or syslog logger can cause starvation of the other loggers. This is trivially demonstrated by running: dd if=/dev/urandom bs=8k | od | systemd-cat & # native spammer systemd-run echo hello & # stream logger journalctl --follow --output=verbose --no-pager --identifier=echo & ... and wait, and wait, the "hello" never comes. Now kill %1, "hello" arrives finally.

selinux: split up mac_selinux_have() from mac_selinux_use() Let's distuingish the cases where our code takes an active role in selinux management, or just passively reports whatever selinux properties are set. mac_selinux_have() now checks whether selinux is around for the passive stuff, and mac_selinux_use() for the active stuff. The latter checks the former, plus also checks UID == 0, under the assumption that only when we run priviliged selinux management really makes sense. Fixes: #1941

journal: don't remove leading spaces

journal: drop empty lines after level_prefix removing

treewide: apply errno.cocci with small manual cleanups for style.

journald: never block when sending messages on NOTIFY_SOCKET socket Otherwise we might run into deadlocks, when journald blocks on the notify socket on PID 1, and PID 1 blocks on IPC to dbus-daemon and dbus-daemon blocks on logging to journald. Break this cycle by making sure that journald never ever blocks on PID 1. Note that this change disables support for event loop watchdog support, as these messages are sent in blocking style by sd-event. That should not be a big loss though, as people reported frequent problems with the watchdog hitting journald on excessively slow IO. Fixes: #1505.

util-lib: split out allocation calls into alloc-util.[ch]

util-lib: split out printf() helpers to stdio-util.h

io-util.h: move iovec stuff from macro.h to io-util.h

util-lib: split out syslog-related calls into syslog-util.[ch]

util-lib: introduce dirent-util.[ch] for directory entry calls Also, move a couple of more path-related functions to path-util.c.

util-lib: split string parsing related calls from util.[ch] into parse-util.[ch]

util-lib: split out fd-related operations into fd-util.[ch] There are more than enough to deserve their own .c file, hence move them over.

util-lib: split our string related calls from util.[ch] into its own file string-util.[ch] There are more than enough calls doing string manipulations to deserve its own files, hence do something about it. This patch also sorts the #include blocks of all files that needed to be updated, according to the sorting suggestions from CODING_STYLE. Since pretty much every file needs our string manipulation functions this effectively means that most files have sorted #include blocks now. Also touches a few unrelated include files.

util: split out escaping code into escape.[ch] This really deserves its own file, given how much code this is now.

journald: move server_restore_streams out of server_open_stdout_socket One has little to do with the other, so it's confusing that the second also calls the first.

tree-wide: port everything over to fflush_and_check() Some places invoked fflush() directly with their own manual error checking, let's unify all that by using fflush_and_check(). This also unifies the general error paths of fflush()+rename() file writers.

journald: simplify context handling By using our homegrown function we can dispense with all the iffdefery.

journal: use (void) to silence coverity This shouldn't really fail and anyway not much we can do about it. CID #996292, #996294, #996295.

remove unused includes This patch removes includes that are not used. The removals were found with include-what-you-use which checks if any of the symbols from a header is in use.

Add a snprinf wrapper which checks that the buffer was big enough If we scale our buffer to be wide enough for the format string, we should expect that the calculation was correct. char_array_0() invocations are removed, since snprintf nul-terminates the output in any case. A similar wrapper is used for strftime calls, but only in timedatectl.c.

journald: allow restarting journald without losing stream connections Making use of the fd storage capability of the previous commit, allow restarting journald by serilizing stream state to /run, and pushing open fds to PID 1.

treewide: another round of simplifications Using the same scripts as in f647962d64e "treewide: yet more log_*_errno + return simplifications".

treewide: use log_*_errno whenever %m is in the format string If the format string contains %m, clearly errno must have a meaningful value, so we might as well use log_*_errno to have ERRNO= logged. Using: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\((".*%m.*")/log_\1_errno(errno, \2/' Plus some whitespace, linewrap, and indent adjustments.

treewide: more log_*_errno + return simplifications

treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.

treewide: auto-convert the simple cases to log_*_errno() As a followup to 086891e5c1 "log: add an "error" parameter to all low-level logging calls and intrdouce log_error_errno() as log calls that take error numbers", use sed to convert the simple cases to use the new macros: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\("(.*)%s"(.*), strerror\(-([a-zA-Z_]+)\)\);/log_\1_errno(-\4, "\2%m"\3);/' Multi-line log_*() invocations are not covered. And we also should add log_unit_*_errno().

mac: also rename use_{smack,selinux,apparmor}() calls so that they share the new mac_{smack,selinux,apparmor}_xyz() convention

Be more verbose when bind or listen fails Also be more verbose in devnode_acl_all().

util: replace close_nointr_nofail() by a more useful safe_close() safe_close() automatically becomes a NOP when a negative fd is passed, and returns -1 unconditionally. This makes it easy to write lines like this: fd = safe_close(fd); Which will close an fd if it is open, and reset the fd variable correctly. By making use of this new scheme we can drop a > 200 lines of code that was required to test for non-negative fds or to reset the closed fd variable afterwards.

journald: add support for wall forwarding This will let journald forward logs as messages sent to all logged in users (like wall). Two options are added: * ForwardToWall (default yes) * MaxLevelWall (default emerg) 'ForwardToWall' is overridable by kernel command line option 'systemd.journald.forward_to_wall'. This is used to emulate the traditional syslogd behaviour of sending emergency messages to all logged in users.

api: in constructor function calls, always put the returned object pointer first (or second) Previously the returned object of constructor functions where sometimes returned as last, sometimes as first and sometimes as second parameter. Let's clean this up a bit. Here are the new rules: 1. The object the new object is derived from is put first, if there is any 2. The object we are creating will be returned in the next arguments 3. This is followed by any additional arguments Rationale: For functions that operate on an object we always put that object first. Constructors should probably not be too different in this regard. Also, if the additional parameters might want to use varargs which suggests to put them last. Note that this new scheme only applies to constructor functions, not to all other functions. We do give a lot of freedom for those. Note that this commit only changes the order of the new functions we added, for old ones we accept the wrong order and leave it like that.

util: unify SO_PEERCRED/SO_PEERSEC invocations Introduce new call getpeercred() which internally just uses SO_PEERCRED but checks if the returned data is actually useful due to namespace quirks.

event: be more conservative when returning errors from event handler callbacks We really should return errors from event handlers if we have a continous problem and don't know any other solution.

journald: make sure the stdout/stderr stream fd is removed from epoll before we close it

journal: don't go belly up when an stdout/stderr client terminates the connection

journald: port to sd-event and enable watchdog support

journald: malloc less when streaming messages

journald: use a bit more cleanup magic!

Fix memory leak in stdout journal streams Just as 'identifier' is strdup-ed and freed, we need to do the same for unit_id.

list: make our list macros a bit easier to use by not requring type spec on each invocation We can determine the list entry type via the typeof() gcc construct, and so we should to make the macros much shorter to use.

security: rework selinux, smack, ima, apparmor detection logic Always cache the results, and bypass low-level security calls when the respective subsystem is not enabled.

journal: fix parsing of facility in syslog messages In 49998b383 (journald: do not overwrite syslog facility when parsing priority) journald started ignoring facility part when reading service stderr to convert to syslog messages. In this case it is fine, because only the priority is allowed. But the same codepath is used for syslog messages, where the facility should be used. Split the two codepaths by explicitly specyfing whether the facility should be ignored or not. https://bugzilla.redhat.com/show_bug.cgi?id=988814

journal: allow callers to specify OBJECT_PID= When journald encounters a message with OBJECT_PID= set coming from a priviledged process (UID==0), additional fields will be added to the message: OBJECT_UID=, OBJECT_GID=, OBJECT_COMM=, OBJECT_EXE=, OBJECT_CMDLINE=, OBJECT_AUDIT_SESSION=, OBJECT_AUDIT_LOGINUID=, OBJECT_SYSTEMD_CGROUP=, OBJECT_SYSTEMD_SESSION=, OBJECT_SYSTEMD_OWNER_UID=, OBJECT_SYSTEMD_UNIT= or OBJECT_SYSTEMD_USER_UNIT=. This is for other logging daemons, like setroubleshoot, to be able to augment their logs with data about the process. https://bugzilla.redhat.com/show_bug.cgi?id=951627

journald-stream: typo in error message.

Use initalization instead of explicit zeroing Before, we would initialize many fields twice: first by filling the structure with zeros, and then a second time with the real values. We can let the compiler do the job for us, avoiding one copy. A downside of this patch is that text gets slightly bigger. This is because all zero() calls are effectively inlined: $ size build/.libs/systemd text data bss dec hex filename before 897737 107300 2560 1007597 f5fed build/.libs/systemd after 897873 107300 2560 1007733 f6075 build/.libs/systemd … actually less than 1‰. A few asserts that the parameter is not null had to be removed. I don't think this changes much, because first, it is quite unlikely for the assert to fail, and second, an immediate SEGV is almost as good as an assert.

journald: allow priority of 999, too

journal: allow priority 0 in stdout stream Priority 0 is acceptable (it's LOG_EMERG). BTW, I'm not sure why we allow priorities up to 999, but I'm leaving this be for now. http://lists.freedesktop.org/archives/systemd-devel/2013-March/009510.html

build-sys: store journald code in a noinst library The point is to allow the use of journald functions by other binaries. Before, journald code was split into multiple files (journald-*.[ch]), but all those files all required functions from journald.c. And journald.c has its own main(). Now, it is possible to link against those functions, e.g. from test binaries. This constitutes a fix for https://bugzilla.redhat.com/show_bug.cgi?id=872638. The patch does the following: 1. rename journald.h to journald-server.h and move corresponding code to journald-server.c. 2. add journald-server.c and other journald-*.c parts to libsystemd-journal-internal. 3. remove journald-syslog.c from test_journal_syslog_SOURCES, since it is now contained in libsystemd-journal-internal. There are no code changes, apart from the removal of a few static's, to allow function calls between files.

journald: add missing includes

journald: split console transport stuff into its own file

journald: move stream protocol into its own .c file