journald: move /dev/log socket to /run

This way we can make the socket also available for sandboxed apps that
have their own private /dev. They can now simply symlink the socket from
/dev.

Makefile.am

@@ -3480,7 +3480,8 @@ bin_PROGRAMS += \
 	systemd-cat
 
 dist_systemunit_DATA += \
-	units/systemd-journald.socket
+	units/systemd-journald.socket \
+	units/systemd-journald-dev-log.socket
 
 nodist_systemunit_DATA += \
 	units/systemd-journald.service \
@@ -3496,7 +3497,9 @@ dist_catalog_DATA = \
 	catalog/systemd.catalog
 
 SOCKETS_TARGET_WANTS += \
-	systemd-journald.socket
+	systemd-journald.socket \
+	systemd-journald-dev-log.socket
+
 SYSINIT_TARGET_WANTS += \
 	systemd-journald.service \
 	systemd-journal-flush.service

man/systemd-journald.service.xml

@@ -45,6 +45,7 @@
         <refnamediv>
                 <refname>systemd-journald.service</refname>
                 <refname>systemd-journald.socket</refname>
+                <refname>systemd-journald-dev-log.socket</refname>
                 <refname>systemd-journald</refname>
                 <refpurpose>Journal service</refpurpose>
         </refnamediv>
@@ -52,6 +53,7 @@
         <refsynopsisdiv>
                 <para><filename>systemd-journald.service</filename></para>
                 <para><filename>systemd-journald.socket</filename></para>
+                <para><filename>systemd-journald-dev-log.socket</filename></para>
                 <para><filename>/usr/lib/systemd/systemd-journald</filename></para>
         </refsynopsisdiv>
 

src/journal/journald-server.c

@@ -1535,7 +1535,8 @@ int server_init(Server *s) {
 
                         s->stdout_fd = fd;
 
-                } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0) {
+                } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0 ||
+                           sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/dev-log", 0) > 0) {
 
                         if (s->syslog_fd >= 0) {
                                 log_error("Too many /dev/log sockets passed.");

src/journal/journald-syslog.c

@@ -428,7 +428,7 @@ int server_open_syslog_socket(Server *s) {
         if (s->syslog_fd < 0) {
                 union sockaddr_union sa = {
                         .un.sun_family = AF_UNIX,
-                        .un.sun_path = "/dev/log",
+                        .un.sun_path = "/run/systemd/journal/dev-log",
                 };
 
                 s->syslog_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);

units/systemd-journald-dev-log.socket

@@ -0,0 +1,26 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+[Unit]
+Description=Journal Socket (/dev/log)
+Documentation=man:systemd-journald.service(8) man:journald.conf(5)
+DefaultDependencies=no
+Before=sockets.target
+
+# Mount and swap units need this. If this socket unit is removed by an
+# isolate request the mount and swap units would be removed too,
+# hence let's exclude this from isolate requests.
+IgnoreOnIsolate=yes
+
+[Socket]
+ListenDatagram=/run/systemd/journal/dev-log
+Symlinks=/dev/log
+SocketMode=0666
+PassCredentials=yes
+PassSecurity=yes
+ReceiveBuffer=8M
+Service=systemd-journald.service

units/systemd-journald.service.in

@@ -10,10 +10,11 @@ Description=Journal Service
 Documentation=man:systemd-journald.service(8) man:journald.conf(5)
 DefaultDependencies=no
 Requires=systemd-journald.socket
-After=systemd-journald.socket syslog.socket
+After=systemd-journald.socket systemd-journald-dev-log.socket syslog.socket
 Before=sysinit.target
 
 [Service]
+Sockets=systemd-journald.socket systemd-journald-dev-log.socket
 ExecStart=@rootlibexecdir@/systemd-journald
 Restart=always
 RestartSec=0

units/systemd-journald.socket

@@ -19,8 +19,8 @@ IgnoreOnIsolate=yes
 [Socket]
 ListenStream=/run/systemd/journal/stdout
 ListenDatagram=/run/systemd/journal/socket
-ListenDatagram=/dev/log
 SocketMode=0666
 PassCredentials=yes
 PassSecurity=yes
 ReceiveBuffer=8M
+Service=systemd-journald.service