From 9fd80d1944cb9e8d942998a1967da99eb2cb0684 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 7 Jun 2023 14:54:34 +0200 Subject: [PATCH 1/5] man: suffix --unit with an equal sign, since it expects an argument As per our usual syntax in the docs. (cherry picked from commit e754af353c494edfdd25412fae32876a2772a5cd) Related: RHEL-31070 --- man/journalctl.xml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/man/journalctl.xml b/man/journalctl.xml index 5bf895fce44..29d06aaef83 100644 --- a/man/journalctl.xml +++ b/man/journalctl.xml @@ -110,8 +110,8 @@ ). If neither is specified, show all messages that the user can see. - The option affects how arguments are - treated. See . + The option affects how arguments are + treated. See . @@ -285,8 +285,8 @@ systemd.slice5 unit, all logs of children of the slice will be shown. - With , all arguments will be converted to match - user messages as if specified with . + With , all arguments will be converted to match + user messages as if specified with . This parameter can be specified multiple times. From 06d52b91b4adb9e47d462c354643e6e5e8b9458a Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 7 Jun 2023 15:15:42 +0200 Subject: [PATCH 2/5] =?UTF-8?q?shared:=20move=20uid-alloc-range.[ch]=20fro?= =?UTF-8?q?m=20src/shared/=20=E2=86=92=20src/basic/?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This way we can use it in libsystemd (cherry picked from commit 8a8b4a8784f48e941b6b460b4cb963929d1d6a8d) Related: RHEL-31070 --- src/basic/meson.build | 2 ++ src/{shared => basic}/uid-alloc-range.c | 0 src/{shared => basic}/uid-alloc-range.h | 0 src/shared/meson.build | 2 -- 4 files changed, 2 insertions(+), 2 deletions(-) rename src/{shared => basic}/uid-alloc-range.c (100%) rename src/{shared => basic}/uid-alloc-range.h (100%) diff --git a/src/basic/meson.build b/src/basic/meson.build index bfe52d5879b..c0f0b07418b 100644 --- a/src/basic/meson.build +++ b/src/basic/meson.build @@ -240,6 +240,8 @@ basic_sources = files( 'time-util.h', 'tmpfile-util.c', 'tmpfile-util.h', + 'uid-alloc-range.c', + 'uid-alloc-range.h', 'uid-range.c', 'uid-range.h', 'umask-util.h', diff --git a/src/shared/uid-alloc-range.c b/src/basic/uid-alloc-range.c similarity index 100% rename from src/shared/uid-alloc-range.c rename to src/basic/uid-alloc-range.c diff --git a/src/shared/uid-alloc-range.h b/src/basic/uid-alloc-range.h similarity index 100% rename from src/shared/uid-alloc-range.h rename to src/basic/uid-alloc-range.h diff --git a/src/shared/meson.build b/src/shared/meson.build index 9e11e139344..766e4f95069 100644 --- a/src/shared/meson.build +++ b/src/shared/meson.build @@ -311,8 +311,6 @@ shared_sources = files( 'tpm2-util.h', 'udev-util.c', 'udev-util.h', - 'uid-alloc-range.c', - 'uid-alloc-range.h', 'user-record-nss.c', 'user-record-nss.h', 'user-record-show.c', From e8a2cf2a5ca1e021398ec1d9b7f3f31681ff8bc1 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 7 Jun 2023 15:16:50 +0200 Subject: [PATCH 3/5] journald: move uid_for_system_journal() to uid-alloc-range.h Let's move this helper call from journald specific code to src/basic/, so that we can use it from sd-journal. While we are at it, slightly extend it to also cover container uids, which are also routed to the system journal now. This places the call in uid-alloc-range.[ch] which contains similar functions that match UID ranges for specific purposes. (cherry picked from commit 115d5145a257c1a27330acf9f063b5f4d910ca4d) Related: RHEL-31070 --- src/basic/uid-alloc-range.c | 7 +++++++ src/basic/uid-alloc-range.h | 2 ++ src/journal/journald-server.c | 7 ------- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/src/basic/uid-alloc-range.c b/src/basic/uid-alloc-range.c index dcecdbe3438..1b6d761a669 100644 --- a/src/basic/uid-alloc-range.c +++ b/src/basic/uid-alloc-range.c @@ -121,3 +121,10 @@ bool gid_is_system(gid_t gid) { return gid <= defs->system_gid_max; } + +bool uid_for_system_journal(uid_t uid) { + + /* Returns true if the specified UID shall get its data stored in the system journal. */ + + return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY || uid_is_container(uid); +} diff --git a/src/basic/uid-alloc-range.h b/src/basic/uid-alloc-range.h index d3bf077045f..5badde148a5 100644 --- a/src/basic/uid-alloc-range.h +++ b/src/basic/uid-alloc-range.h @@ -32,3 +32,5 @@ typedef struct UGIDAllocationRange { int read_login_defs(UGIDAllocationRange *ret_defs, const char *path, const char *root); const UGIDAllocationRange *acquire_ugid_allocation_range(void); + +bool uid_for_system_journal(uid_t uid); diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c index cbcf1e9d9e3..c0476f88333 100644 --- a/src/journal/journald-server.c +++ b/src/journal/journald-server.c @@ -234,13 +234,6 @@ void server_space_usage_message(Server *s, JournalStorage *storage) { NULL); } -static bool uid_for_system_journal(uid_t uid) { - - /* Returns true if the specified UID shall get its data stored in the system journal. */ - - return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY; -} - static void server_add_acls(ManagedJournalFile *f, uid_t uid) { assert(f); From be70144ed027eaa8f4117c805e88765772f865ca Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 7 Jun 2023 15:19:25 +0200 Subject: [PATCH 4/5] sd-journal: when SD_JOURNAL_CURRENT_USER is set, and called from system UID, imply SD_JOURNAL_SYSTEM Fixes: #26742 #23679 (cherry picked from commit 97c621b72d8c5b5eb4bf7f177cd885bfc01518c9) Resolves: RHEL-31070 --- src/libsystemd/sd-journal/sd-journal.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c index 9ab31fbbc87..723beec0e85 100644 --- a/src/libsystemd/sd-journal/sd-journal.c +++ b/src/libsystemd/sd-journal/sd-journal.c @@ -41,6 +41,7 @@ #include "string-util.h" #include "strv.h" #include "syslog-util.h" +#include "uid-alloc-range.h" #define JOURNAL_FILES_MAX 7168 @@ -1217,25 +1218,32 @@ static bool file_has_type_prefix(const char *prefix, const char *filename) { static bool file_type_wanted(int flags, const char *filename) { assert(filename); - if (!endswith(filename, ".journal") && !endswith(filename, ".journal~")) + if (!ENDSWITH_SET(filename, ".journal", ".journal~")) return false; /* no flags set → every type is OK */ if (!(flags & (SD_JOURNAL_SYSTEM | SD_JOURNAL_CURRENT_USER))) return true; - if (flags & SD_JOURNAL_SYSTEM && file_has_type_prefix("system", filename)) - return true; - - if (flags & SD_JOURNAL_CURRENT_USER) { + if (FLAGS_SET(flags, SD_JOURNAL_CURRENT_USER)) { char prefix[5 + DECIMAL_STR_MAX(uid_t) + 1]; - xsprintf(prefix, "user-"UID_FMT, getuid()); + xsprintf(prefix, "user-" UID_FMT, getuid()); if (file_has_type_prefix(prefix, filename)) return true; + + /* If SD_JOURNAL_CURRENT_USER is specified and we are invoked under a system UID, then + * automatically enable SD_JOURNAL_SYSTEM too, because journald will actually put system user + * data into the system journal. */ + + if (uid_for_system_journal(getuid())) + flags |= SD_JOURNAL_SYSTEM; } + if (FLAGS_SET(flags, SD_JOURNAL_SYSTEM) && file_has_type_prefix("system", filename)) + return true; + return false; } From e98d44b3910d4a91cae7e97ba7f9a7fab49ebca6 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 7 Jun 2023 16:23:45 +0200 Subject: [PATCH 5/5] man: document that journalctl --user requires Storage=persistent Fixes: #25061 (cherry picked from commit cad8fa471b9133f38fbd6ddb6ee143f361525e5d) Related: RHEL-31070 --- man/journalctl.xml | 6 +++++- man/journald.conf.xml | 3 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/man/journalctl.xml b/man/journalctl.xml index 29d06aaef83..6be628caf85 100644 --- a/man/journalctl.xml +++ b/man/journalctl.xml @@ -111,7 +111,11 @@ The option affects how arguments are - treated. See . + treated. See . + + Note that only works if persistent logging is enabled, via the + Storage= setting in + journald.conf5. diff --git a/man/journald.conf.xml b/man/journald.conf.xml index 24cee4c8b2f..a7c3da66532 100644 --- a/man/journald.conf.xml +++ b/man/journald.conf.xml @@ -95,6 +95,9 @@ /var/log/journal/, as the systemd-journald@.service service file by default carries LogsDirectory=. To turn that off, add a unit file drop-in file that sets LogsDirectory= to an empty string. + + Note that per-user journal files are not supported unless persistent storage is enabled, thus + making journalctl --user unavailable.