From 4bb37be07b3ba96949266c5d95a0222e91a695ee Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Fri, 18 Mar 2022 08:12:06 +0100 Subject: journald: make sure journal_file_open() doesn't leave a corrupted file around after failing This can be problematic especially when there's no more free disk space. Consider the following:. When disk space becomes sparse, writting to the system journal can lead to error. In this case journald attempts to make room by rotating the journals, which consists in archiving online journals and opening new ones. However opening new files is likely to fail too and in this case journal_file_open() leaves half initialized file around but in online state. Then the error is propagated and journald switches into volatile mode. Next time a new message is received by journald, it tries to open the persistent system journal file to switch automatically back to persistent mode. When opening the system journal, journal_file_open(), called by managed_journal_file_open_reliably(), finds the persistent system journal left previously and assumes that it was uncleanly closed and considers it as corrupted. The error is reported to managed_journal_file_open_reliably(), which backs the file up and attempts to create a new system file, which fails and leaves a corrupted system file again. Since this is done for each message received by journald, /var/log/message can be filled with backup files pretty quickly. To prevent this, the patch makes sure to delete the newly created file in case of error. --- src/libsystemd/sd-journal/journal-file.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c index b0f552500c..e72f041bdc 100644 --- a/src/libsystemd/sd-journal/journal-file.c +++ b/src/libsystemd/sd-journal/journal-file.c @@ -3585,6 +3585,9 @@ fail: (void) journal_file_close(f); + if (newly_created && fd < 0) + (void) unlink(fname); + return r; } -- cgit v1.2.1