journal: enforce limits on open journal files

2024-11-06 16:59:03 +03:00 · 2011-12-17 01:13:55 +01:00 · 2011-12-17 01:13:55 +01:00 · cab8ac6083
commit cab8ac6083
parent 7f3e62571a
3 changed files with 16 additions and 3 deletions
--- a/src/journal/journald.c
+++ b/src/journal/journald.c
@ -38,6 +38,8 @@
 #include "acl-util.h"
 #include "cgroup-util.h"

+#define USER_JOURNALS_MAX 1024
+
 typedef struct Server {
        int epoll_fd;
        int signal_fd;
@ -127,6 +129,13 @@ static JournalFile* find_journal(Server *s, uid_t uid) {
        if (asprintf(&p, "/var/log/journal/%s/user-%lu.journal", sd_id128_to_string(machine, ids), (unsigned long) uid) < 0)
                return s->system_journal;

+        while (hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
+                /* Too many open? Then let's close one */
+                f = hashmap_steal_first(s->user_journals);
+                assert(f);
+                journal_file_close(f);
+        }
+
        r = journal_file_open(p, O_RDWR|O_CREAT, 0640, s->system_journal, &f);
        free(p);

--- a/src/journal/sd-journal.c
+++ b/src/journal/sd-journal.c
@ -30,6 +30,8 @@
 #include "list.h"
 #include "lookup3.h"

+#define JOURNAL_FILES_MAX 1024
+
 typedef struct Match Match;

 struct Match {
@ -932,6 +934,11 @@ static int add_file(sd_journal *j, const char *prefix, const char *dir, const ch
        assert(prefix);
        assert(filename);

+        if (hashmap_size(j->files) >= JOURNAL_FILES_MAX) {
+                log_debug("Too many open journal files, ignoring.");
+                return 0;
+        }
+
        if (dir)
                fn = join(prefix, "/", dir, "/", filename, NULL);
        else
@ -952,7 +959,6 @@ static int add_file(sd_journal *j, const char *prefix, const char *dir, const ch

        journal_file_dump(f);

-
        r = hashmap_put(j->files, f->path, f);
        if (r < 0) {
                journal_file_close(f);
--- a/src/journal/sd-journal.h
+++ b/src/journal/sd-journal.h
@ -34,12 +34,10 @@
 *   - check LE/BE conversion for 8bit, 16bit, 32bit values
 *   - implement inotify usage on client
 *   - implement audit gateway
- *   - implement native gateway
 *   - implement stdout gateway
 *   - extend hash tables table as we go
 *   - accelerate looking for "all hostnames" and suchlike.
 *   - throttling
- *   - enforce limit on open journal files in journald and journalctl
 *   - cryptographic hash
 *   - fix space reservation logic
 *   - comm, argv can be manipulated, should it be _COMM=, _CMDLINE= or COMM=, CMDLINE=?