summaryrefslogtreecommitdiffstats
path: root/src/journal/journald-audit.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* basic/memory-util: introduce mempcpy_typesafeMike Yuan2024-09-201-1/+1
|
* journal: use STRLEN() and xsprintf()Yu Watanabe2024-05-011-4/+4
| | | | No functional change, just refactoring.
* journald-audit: set _SOURCE_REALTIME_TIMESTAMP= field in ↵Yu Watanabe2024-05-011-8/+5
| | | | | | server_dispatch_message() No functional change, just refactoring.
* io-util: split out "struct iovec" related calls into their own .c/.h filesLennart Poettering2023-10-201-1/+1
| | | | | | | | | This is preparation for #28891, which adds a bunch more helpers around "struct iovec", at which point this really deserves its own .c/.h file. The idea is that we sooner or later can consider "struct iovec" as an entirely generic mechanism to reference some binary blob, and is the go-to type for this purpose whenever we need one.
* journal: Use shared log ratelimit constantDaan De Meyer2022-12-051-1/+2
| | | | | Instead of maintaining two different constants, move the constant to journal-internal.h and share it between files.
* log: Remove log_ratelimit_debug() macrosDaan De Meyer2022-11-171-8/+5
| | | | | These don't make sense anymore since we disable log ratelimiting when logging at debug level.
* journal: Ratelimit more journald log messagesDaan De Meyer2022-11-101-6/+9
| | | | | | systemd-journald is prone to spamming logs if the system gets into a messy state. Let's improve the situation by ratelimiting logs on the hot code paths to 3 times per minute.
* tree-wide: add global ascii_isdigit() + ascii_isalpha()Lennart Poettering2022-07-051-3/+2
| | | | | | | | We now have a local implementation in string-util-fundamental.c, but it's useful at a lot of other places, hence let's give it a more expressive name and share it across the tree. Follow-up for: 8d9156660d6958c8d63b1d44692968f1b5d33920
* Fix journald audit logging with fields > N_IOVEC_AUDIT_FIELDS.YmrDtnJu2022-01-221-1/+1
| | | | | | | | ELEMENTSOF(iovec) is not the correct value for the newly introduced parameter m to function map_all_fields because it is the maximum number of elements in the iovec array, including those reserved for N_IOVEC_META_FIELDS. The correct value is the current number of already used elements in the array plus the maximum number to use for fields decoded from the kernel audit message.
* journal: Limit the number of audit fields per log messageDaan De Meyer2021-11-191-32/+22
| | | | | | | Similar to the kmsg handler, let's also limit the number of fields we parse from audit messages. Fixes #19799
* journal: Use mf as variable name for MapFieldDaan De Meyer2021-11-181-4/+4
| | | | | So we can have a variable m for the max iovec size in the next commit like we do in the rest of the journal logic.
* journal: Use consistent naming for iovec in audit logicDaan De Meyer2021-11-181-45/+45
| | | | | Let's use iovec and n for the iovec variable and it's size just like we do in the rest of the journal code.
* alloc-util: simplify GREEDY_REALLOC() logic by relying on malloc_usable_size()Lennart Poettering2021-05-191-31/+42
| | | | | | | | | | | | | | | | | | | | | | | | We recently started making more use of malloc_usable_size() and rely on it (see the string_erase() story). Given that we don't really support sytems where malloc_usable_size() cannot be trusted beyond statistics anyway, let's go fully in and rework GREEDY_REALLOC() on top of it: instead of passing around and maintaining the currenly allocated size everywhere, let's just derive it automatically from malloc_usable_size(). I am mostly after this for the simplicity this brings. It also brings minor efficiency improvements I guess, but things become so much nicer to look at if we can avoid these allocation size variables everywhere. Note that the malloc_usable_size() man page says relying on it wasn't "good programming practice", but I think it does this for reasons that don't apply here: the greedy realloc logic specifically doesn't rely on the returned extra size, beyond the fact that it is equal or larger than what was requested. (This commit was supposed to be a quick patch btw, but apparently we use the greedy realloc stuff quite a bit across the codebase, so this ends up touching *a*lot* of code.)
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-091-1/+1
|
* errno-util: let's beef up ERRNO_IS_NOT_SUPPORTED() with socket not supported ↵Lennart Poettering2020-04-171-1/+2
| | | | errors
* journald: add configuration option for enabling/disabling audit during ↵Lennart Poettering2020-04-171-4/+10
| | | | | | | | | | | | | journald startup Let's make it optional whether auditing is enabled at journald start-up or not. Note that this only controls whether audit is enabled/disabled in the kernel. Either way we'll still collect the audit data if it is generated, i.e. if some other tool enables it, we'll collect it. Fixes: #959
* tree-wide: drop missing.hYu Watanabe2019-10-311-1/+1
|
* tree-wide: drop alloca() in loopYu Watanabe2019-06-191-2/+5
|
* codespell: fix spelling errorsBen Boeckel2019-04-291-1/+1
|
* tree-wide: use newa() instead of alloca() wherever we canLennart Poettering2019-01-261-1/+1
| | | | | Typesafety is nice. And this way we can take benefit of the new size assert() the previous commit added.
* journald: check whether sscanf has changed the value corresponding to %nEvgeny Vereshchagin2018-11-171-1/+2
| | | | | | | | | It's possible for sscanf to receive strings containing all three fields and not matching the template at the same time. When this happens the value of k doesn't change, which basically means that process_audit_string tries to access memory randomly. Sometimes it works and sometimes it doesn't :-) See also https://bugzilla.redhat.com/show_bug.cgi?id=1059314.
* tests: add a fuzzer for process_audit_stringEvgeny Vereshchagin2018-11-161-1/+1
|
* tree-wide: introduce setsockopt_int() helper and make use of it everywhereLennart Poettering2018-10-181-2/+2
| | | | | | As suggested by @heftig: https://github.com/systemd/systemd/commit/6d5e65f6454212cd400d0ebda34978a9f20cc26a#commitcomment-30938667
* tree-wide: add a single version of "static const int one = 1"Lennart Poettering2018-10-151-2/+1
| | | | | | | | | | All over the place we define local variables for the various sockopts that take a bool-like "int" value. Sometimes they are const, sometimes static, sometimes both, sometimes neither. Let's clean this up, introduce a common const variable "const_int_one" (as well as one matching "const_int_zero") and use it everywhere, all acorss the codebase.
* journal: voidify fd_nonblock()Lennart Poettering2018-10-131-1/+1
| | | | | | | CID #1396098 CID #1396096 CID #1396091 CID #1396086
* add _AUDIT_TYPE_NAME field to audit records in the journalJérémy Rosen2018-06-191-2/+5
|
* do not filter out deprecated USER audit messagesJérémy Rosen2018-06-181-2/+2
|
* tree-wide: remove Lennart's copyright linesLennart Poettering2018-06-141-3/+0
| | | | | | | | | | | These lines are generally out-of-date, incomplete and unnecessary. With SPDX and git repository much more accurate and fine grained information about licensing and authorship is available, hence let's drop the per-file copyright notice. Of course, removing copyright lines of others is problematic, hence this commit only removes my own lines and leaves all others untouched. It might be nicer if sooner or later those could go away too, making git the only and accurate source of authorship information.
* tree-wide: drop 'This file is part of systemd' blurbLennart Poettering2018-06-141-2/+0
| | | | | | | | | | | | | | | | This part of the copyright blurb stems from the GPL use recommendations: https://www.gnu.org/licenses/gpl-howto.en.html The concept appears to originate in times where version control was per file, instead of per tree, and was a way to glue the files together. Ultimately, we nowadays don't live in that world anymore, and this information is entirely useless anyway, as people are very welcome to copy these files into any projects they like, and they shouldn't have to change bits that are part of our copyright header for that. hence, let's just get rid of this old cruft, and shorten our codebase a bit.
* tree-wide: drop license boilerplateZbigniew Jędrzejewski-Szmek2018-04-061-13/+0
| | | | | | | | | | Files which are installed as-is (any .service and other unit files, .conf files, .policy files, etc), are left as is. My assumption is that SPDX identifiers are not yet that well known, so it's better to retain the extended header to avoid any doubt. I also kept any copyright lines. We can probably remove them, but it'd nice to obtain explicit acks from all involved authors before doing that.
* Add SPDX license identifiers to source files under the LGPLZbigniew Jędrzejewski-Szmek2017-11-191-0/+1
| | | | | This follows what the kernel is doing, c.f. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fd54ace4721fc5ce2bb5aef6318fcf17f421460.
* core: implement /run/systemd/units/-based path for passing unit info from ↵Lennart Poettering2017-11-161-10/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | PID 1 to journald And let's make use of it to implement two new unit settings with it: 1. LogLevelMax= is a new per-unit setting that may be used to configure log priority filtering: set it to LogLevelMax=notice and only messages of level "notice" and lower (i.e. more important) will be processed, all others are dropped. 2. LogExtraFields= is a new per-unit setting for configuring per-unit journal fields, that are implicitly included in every log record generated by the unit's processes. It takes field/value pairs in the form of FOO=BAR. Also, related to this, one exisiting unit setting is ported to this new facility: 3. The invocation ID is now pulled from /run/systemd/units/ instead of cgroupfs xattrs. This substantially relaxes requirements of systemd on the kernel version and the privileges it runs with (specifically, cgroupfs xattrs are not available in containers, since they are stored in kernel memory, and hence are unsafe to permit to lesser privileged code). /run/systemd/units/ is a new directory, which contains a number of files and symlinks encoding the above information. PID 1 creates and manages these files, and journald reads them from there. Note that this is supposed to be a direct path between PID 1 and the journal only, due to the special runtime environment the journal runs in. Normally, today we shouldn't introduce new interfaces that (mis-)use a file system as IPC framework, and instead just an IPC system, but this is very hard to do between the journal and PID 1, as long as the IPC system is a subject PID 1 manages, and itself a client to the journal. This patch cleans up a couple of types used in journal code: specifically we switch to size_t for a couple of memory-sizing values, as size_t is the right choice for everything that is memory. Fixes: #4089 Fixes: #3041 Fixes: #4441
* journal: reindent field mapping tablesLennart Poettering2017-11-161-23/+23
| | | | Let's fix up whitespace so that the tables look nicely aligned.
* journal: make use of IOVEC_MAKE() where it makes senseLennart Poettering2017-11-161-6/+2
|
* tree-wide: use IN_SET macro (#6977)Yu Watanabe2017-10-041-4/+4
|
* tree-wide: use IN_SET where possibleAndreas Rammhold2017-10-021-1/+1
| | | | | In addition to the changes from #6933 this handles cases that could be matched with the included cocci file.
* io-util: add new IOVEC_INIT/IOVEC_MAKE macrosLennart Poettering2017-09-221-7/+7
| | | | | | | | | | | | | | | | | | | | | | This adds IOVEC_INIT() and IOVEC_MAKE() for initializing iovec structures from a pointer and a size. On top of these IOVEC_INIT_STRING() and IOVEC_MAKE_STRING() are added which take a string and automatically determine the size of the string using strlen(). This patch removes the old IOVEC_SET_STRING() macro, given that IOVEC_MAKE_STRING() is now useful for similar purposes. Note that the old IOVEC_SET_STRING() invocations were two characters shorter than the new ones using IOVEC_MAKE_STRING(), but I think the new syntax is more readable and more generic as it simply resolves to a C99 literal structure initialization. Moreover, we can use very similar syntax now for initializing strings and pointer+size iovec entries. We canalso use the new macros to initialize function parameters on-the-fly or array definitions. And given that we shouldn't have so many ways to do the same stuff, let's just settle on the new macros. (This also converts some code to use _cleanup_ where dynamically allocated strings were using IOVEC_SET_STRING() before, to modernize things a bit)
* journald: add minimal client metadata cachingLennart Poettering2017-07-311-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Cache client metadata, in order to be improve runtime behaviour under pressure. This is inspired by @vcaputo's work, specifically: https://github.com/systemd/systemd/pull/2280 That code implements related but different semantics. For a longer explanation what this change implements please have a look at the long source comment this patch adds to journald-context.c. After this commit: # time bash -c 'dd bs=$((1024*1024)) count=$((1*1024)) if=/dev/urandom | systemd-cat' 1024+0 records in 1024+0 records out 1073741824 bytes (1.1 GB, 1.0 GiB) copied, 11.2783 s, 95.2 MB/s real 0m11.283s user 0m0.007s sys 0m6.216s Before this commit: # time bash -c 'dd bs=$((1024*1024)) count=$((1*1024)) if=/dev/urandom | systemd-cat' 1024+0 records in 1024+0 records out 1073741824 bytes (1.1 GB, 1.0 GiB) copied, 52.0788 s, 20.6 MB/s real 0m52.099s user 0m0.014s sys 0m7.170s As side effect, this corrects the journal's rate limiter feature: we now always use the unit name as key for the ratelimiter.
* tree-wide: make ++/-- usage consistent WRT spacingVito Caputo2016-02-231-3/+3
| | | | | | Throughout the tree there's spurious use of spaces separating ++ and -- operators from their respective operands. Make ++ and -- operator consistent with the majority of existing uses; discard the spaces.
* tree-wide: remove Emacs lines from all filesDaniel Mack2016-02-101-2/+0
| | | | | This should be handled fine now by .dir-locals.el, so need to carry that stuff in every file.
* journald: fix LOG_AUTH facility in audit codeLennart Poettering2016-01-261-2/+2
| | | | Fixes: #2304
* util-lib: split out allocation calls into alloc-util.[ch]Lennart Poettering2015-10-271-0/+1
|
* io-util.h: move iovec stuff from macro.h to io-util.hLennart Poettering2015-10-271-1/+2
|
* util-lib: split out hex/dec/oct encoding/decoding into its own fileLennart Poettering2015-10-271-0/+1
|
* util-lib: split out fd-related operations into fd-util.[ch]Lennart Poettering2015-10-251-1/+2
| | | | | There are more than enough to deserve their own .c file, hence move them over.
* util-lib: split our string related calls from util.[ch] into its own file ↵Lennart Poettering2015-10-241-1/+2
| | | | | | | | | | | | | | string-util.[ch] There are more than enough calls doing string manipulations to deserve its own files, hence do something about it. This patch also sorts the #include blocks of all files that needed to be updated, according to the sorting suggestions from CODING_STYLE. Since pretty much every file needs our string manipulation functions this effectively means that most files have sorted #include blocks now. Also touches a few unrelated include files.
* tree-wide: drop {} from one-line if blocksLennart Poettering2015-09-091-2/+1
| | | | Patch via coccinelle.
* journald: handle more gracefully when bind() fails on audit socketsLennart Poettering2015-05-201-3/+8
|
* journal: use audit event names instead of numbersZbigniew Jędrzejewski-Szmek2015-04-241-3/+5
| | | | | | | | | <audit-1400> is replaced by AVC, etc. A fallback mechanism is provided for unlisted event types. Occasionally new types are added to the kernel, but not too often. Add a simple "test", which simply prints the mapping.
* journald: add syslog fields for audit messagesZbigniew Jędrzejewski-Szmek2015-03-151-1/+5
| | | | | | | Audit messages would be displayed as "unknown[1]". Also specify AUTH as facility... This seems to be the closest match (/* security/authorization messages */).
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-30 00:48:36 +0100