(RHEL-31070) Make journalctl --user -u some.unit work for system users too

man/journalctl.xml

@@ -110,8 +110,12 @@
         <option>--user</option>).  If neither is specified, show all messages that the user can see.
         </para>
 
-        <para>The <option>--user</option> option affects how <option>--unit</option> arguments are
-        treated. See <option>--unit</option>.</para></listitem>
+        <para>The <option>--user</option> option affects how <option>--unit=</option> arguments are
+        treated. See <option>--unit=</option>.</para>
+
+        <para>Note that <option>--user</option> only works if persistent logging is enabled, via the
+        <varname>Storage=</varname> setting in
+        <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>
       </varlistentry>
 
       <varlistentry>
@@ -285,8 +289,8 @@
         <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>
         unit, all logs of children of the slice will be shown.</para>
 
-        <para>With <option>--user</option>, all <option>--unit</option> arguments will be converted to match
-        user messages as if specified with <option>--user-unit</option>.</para>
+        <para>With <option>--user</option>, all <option>--unit=</option> arguments will be converted to match
+        user messages as if specified with <option>--user-unit=</option>.</para>
 
         <para>This parameter can be specified multiple times.</para></listitem>
       </varlistentry>

man/journald.conf.xml

@@ -95,6 +95,9 @@
         <filename>/var/log/journal/</filename>, as the <filename>systemd-journald@.service</filename> service
         file by default carries <varname>LogsDirectory=</varname>. To turn that off, add a unit file drop-in
         file that sets <varname>LogsDirectory=</varname> to an empty string.</para>
+
+        <para>Note that per-user journal files are not supported unless persistent storage is enabled, thus
+        making <command>journalctl --user</command> unavailable.</para>
         </listitem>
       </varlistentry>
 

src/basic/meson.build

@@ -240,6 +240,8 @@ basic_sources = files(
         'time-util.h',
         'tmpfile-util.c',
         'tmpfile-util.h',
+        'uid-alloc-range.c',
+        'uid-alloc-range.h',
         'uid-range.c',
         'uid-range.h',
         'umask-util.h',

src/shared/uid-alloc-range.c → src/basic/uid-alloc-range.c

@@ -121,3 +121,10 @@ bool gid_is_system(gid_t gid) {
 
         return gid <= defs->system_gid_max;
 }
+
+bool uid_for_system_journal(uid_t uid) {
+
+        /* Returns true if the specified UID shall get its data stored in the system journal. */
+
+        return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY || uid_is_container(uid);
+}

src/shared/uid-alloc-range.h → src/basic/uid-alloc-range.h

@@ -32,3 +32,5 @@ typedef struct UGIDAllocationRange {
 
 int read_login_defs(UGIDAllocationRange *ret_defs, const char *path, const char *root);
 const UGIDAllocationRange *acquire_ugid_allocation_range(void);
+
+bool uid_for_system_journal(uid_t uid);

src/journal/journald-server.c

@@ -234,13 +234,6 @@ void server_space_usage_message(Server *s, JournalStorage *storage) {
                               NULL);
 }
 
-static bool uid_for_system_journal(uid_t uid) {
-
-        /* Returns true if the specified UID shall get its data stored in the system journal. */
-
-        return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY;
-}
-
 static void server_add_acls(ManagedJournalFile *f, uid_t uid) {
         assert(f);
 

src/libsystemd/sd-journal/sd-journal.c

@@ -41,6 +41,7 @@
 #include "string-util.h"
 #include "strv.h"
 #include "syslog-util.h"
+#include "uid-alloc-range.h"
 
 #define JOURNAL_FILES_MAX 7168
 
@@ -1217,25 +1218,32 @@ static bool file_has_type_prefix(const char *prefix, const char *filename) {
 static bool file_type_wanted(int flags, const char *filename) {
         assert(filename);
 
-        if (!endswith(filename, ".journal") && !endswith(filename, ".journal~"))
+        if (!ENDSWITH_SET(filename, ".journal", ".journal~"))
                 return false;
 
         /* no flags set → every type is OK */
         if (!(flags & (SD_JOURNAL_SYSTEM | SD_JOURNAL_CURRENT_USER)))
                 return true;
 
-        if (flags & SD_JOURNAL_SYSTEM && file_has_type_prefix("system", filename))
-                return true;
-
-        if (flags & SD_JOURNAL_CURRENT_USER) {
+        if (FLAGS_SET(flags, SD_JOURNAL_CURRENT_USER)) {
                 char prefix[5 + DECIMAL_STR_MAX(uid_t) + 1];
 
-                xsprintf(prefix, "user-"UID_FMT, getuid());
+                xsprintf(prefix, "user-" UID_FMT, getuid());
 
                 if (file_has_type_prefix(prefix, filename))
                         return true;
+
+                /* If SD_JOURNAL_CURRENT_USER is specified and we are invoked under a system UID, then
+                 * automatically enable SD_JOURNAL_SYSTEM too, because journald will actually put system user
+                 * data into the system journal. */
+
+                if (uid_for_system_journal(getuid()))
+                        flags |= SD_JOURNAL_SYSTEM;
         }
 
+        if (FLAGS_SET(flags, SD_JOURNAL_SYSTEM) && file_has_type_prefix("system", filename))
+                return true;
+
         return false;
 }
 

src/shared/meson.build

@@ -311,8 +311,6 @@ shared_sources = files(
         'tpm2-util.h',
         'udev-util.c',
         'udev-util.h',
-        'uid-alloc-range.c',
-        'uid-alloc-range.h',
         'user-record-nss.c',
         'user-record-nss.h',
         'user-record-show.c',