X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fjournal%2Fjournalctl.c;h=2b0e00ee8f4f4ab400f7286c52941bc8f210a5b7;hb=05c1853093d8c4e4aa16876b5129b65dac5abd01;hp=317b662ca626de4febfd382cd225d1a3d5f4f1db;hpb=56f64d95763a799ba4475daf44d8e9f72a1bd474;p=elogind.git diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c index 317b662ca..2b0e00ee8 100644 --- a/src/journal/journalctl.c +++ b/src/journal/journalctl.c @@ -28,36 +28,30 @@ #include #include #include -#include #include #include #include #include -#include #include #include -#ifdef HAVE_ACL -#include -#include "acl-util.h" -#endif - #include "sd-journal.h" #include "sd-bus.h" #include "log.h" #include "logs-show.h" #include "util.h" +#include "acl-util.h" #include "path-util.h" #include "fileio.h" #include "build.h" #include "pager.h" #include "strv.h" #include "set.h" +#include "sigbus.h" #include "journal-internal.h" #include "journal-def.h" #include "journal-verify.h" -#include "journal-authenticate.h" #include "journal-qrcode.h" #include "journal-vacuum.h" #include "fsprg.h" @@ -197,19 +191,19 @@ static void help(void) { " --system Show the system journal\n" " --user Show the user journal for the current user\n" " -M --machine=CONTAINER Operate on local container\n" - " --since=DATE Start showing entries on or newer than the specified date\n" - " --until=DATE Stop showing entries on or newer than the specified date\n" - " -c --cursor=CURSOR Start showing entries from the specified cursor\n" - " --after-cursor=CURSOR Start showing entries from after the specified cursor\n" + " --since=DATE Show entries not older than the specified date\n" + " --until=DATE Show entries not newer than the specified date\n" + " -c --cursor=CURSOR Show entries starting at the specified cursor\n" + " --after-cursor=CURSOR Show entries after the specified cursor\n" " --show-cursor Print the cursor after all the entries\n" - " -b --boot[=ID] Show data only from ID or, if unspecified, the current boot\n" + " -b --boot[=ID] Show current boot or the specified boot\n" " --list-boots Show terse information about recorded boots\n" " -k --dmesg Show kernel message log from the current boot\n" - " -u --unit=UNIT Show data only from the specified unit\n" - " --user-unit=UNIT Show data only from the specified user session unit\n" - " -t --identifier=STRING Show only messages with the specified syslog identifier\n" - " -p --priority=RANGE Show only messages within the specified priority range\n" - " -e --pager-end Immediately jump to end of the journal in the pager\n" + " -u --unit=UNIT Show logs from the specified unit\n" + " --user-unit=UNIT Show logs from the specified user unit\n" + " -t --identifier=STRING Show entries with the specified syslog identifier\n" + " -p --priority=RANGE Show entries with the specified priority\n" + " -e --pager-end Immediately jump to the end in the pager\n" " -f --follow Follow the journal\n" " -n --lines[=INTEGER] Number of journal entries to show\n" " --no-tail Show all lines, even in follow mode\n" @@ -230,7 +224,7 @@ static void help(void) { #ifdef HAVE_GCRYPT " --interval=TIME Time interval for changing the FSS sealing key\n" " --verify-key=KEY Specify FSS verification key\n" - " --force Force overriding of the FSS key pair with --setup-keys\n" + " --force Override of the FSS key pair with --setup-keys\n" #endif "\nCommands:\n" " -h --help Show this help text\n" @@ -238,11 +232,11 @@ static void help(void) { " -F --field=FIELD List all values that a specified field takes\n" " --new-id128 Generate a new 128-bit ID\n" " --disk-usage Show total disk usage of all journal files\n" - " --vacuum-size=BYTES Remove old journals until disk space drops below size\n" - " --vacuum-time=TIME Remove old journals until none left older than\n" + " --vacuum-size=BYTES Reduce disk usage below specified size\n" + " --vacuum-time=TIME Remove journal files older than specified date\n" " --flush Flush all journal data from /run into /var\n" " --header Show journal header information\n" - " --list-catalog Show message IDs of all entries in the message catalog\n" + " --list-catalog Show all message IDs in the catalog\n" " --dump-catalog Show entries in the message catalog\n" " --update-catalog Update the message catalog database\n" #ifdef HAVE_GCRYPT @@ -794,10 +788,8 @@ static int add_matches(sd_journal *j, char **args) { p = canonicalize_file_name(*i); path = p ? p : *i; - if (stat(path, &st) < 0) { - log_error_errno(errno, "Couldn't stat file: %m"); - return -errno; - } + if (stat(path, &st) < 0) + return log_error_errno(errno, "Couldn't stat file: %m"); if (S_ISREG(st.st_mode) && (0111 & st.st_mode)) { if (executable_is_script(path, &interpreter) > 0) { @@ -1274,7 +1266,7 @@ static int add_syslog_identifier(sd_journal *j) { STRV_FOREACH(i, arg_syslog_identifier) { char *u; - u = strappenda("SYSLOG_IDENTIFIER=", *i); + u = strjoina("SYSLOG_IDENTIFIER=", *i); r = sd_journal_add_match(j, u, 0); if (r < 0) return r; @@ -1295,7 +1287,7 @@ static int setup_keys(void) { size_t mpk_size, seed_size, state_size, i; uint8_t *mpk, *seed, *state; ssize_t l; - int fd = -1, r, attr = 0; + int fd = -1, r; sd_id128_t machine, boot; char *p = NULL, *k = NULL; struct FSSHeader h; @@ -1303,10 +1295,8 @@ static int setup_keys(void) { struct stat st; r = stat("/var/log/journal", &st); - if (r < 0 && errno != ENOENT && errno != ENOTDIR) { - log_error_errno(errno, "stat(\"%s\") failed: %m", "/var/log/journal"); - return -errno; - } + if (r < 0 && errno != ENOENT && errno != ENOTDIR) + return log_error_errno(errno, "stat(\"%s\") failed: %m", "/var/log/journal"); if (r < 0 || !S_ISDIR(st.st_mode)) { log_error("%s is not a directory, must be using persistent logging for FSS.", @@ -1392,13 +1382,9 @@ static int setup_keys(void) { /* Enable secure remove, exclusion from dump, synchronous * writing and in-place updating */ - if (ioctl(fd, FS_IOC_GETFLAGS, &attr) < 0) - log_warning_errno(errno, "FS_IOC_GETFLAGS failed: %m"); - - attr |= FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL; - - if (ioctl(fd, FS_IOC_SETFLAGS, &attr) < 0) - log_warning_errno(errno, "FS_IOC_SETFLAGS failed: %m"); + r = chattr_fd(fd, true, FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL); + if (r < 0) + log_warning_errno(errno, "Failed to set file attributes: %m"); zero(h); memcpy(h.signature, "KSHHRHLP", 8); @@ -1410,17 +1396,15 @@ static int setup_keys(void) { h.fsprg_secpar = htole16(FSPRG_RECOMMENDED_SECPAR); h.fsprg_state_size = htole64(state_size); - l = loop_write(fd, &h, sizeof(h), false); - if (l < 0 || (size_t) l != sizeof(h)) { - log_error_errno(EIO, "Failed to write header: %m"); - r = -EIO; + r = loop_write(fd, &h, sizeof(h), false); + if (r < 0) { + log_error_errno(r, "Failed to write header: %m"); goto finish; } - l = loop_write(fd, state, state_size, false); - if (l < 0 || (size_t) l != state_size) { - log_error_errno(EIO, "Failed to write state: %m"); - r = -EIO; + r = loop_write(fd, state, state_size, false); + if (r < 0) { + log_error_errno(r, "Failed to write state: %m"); goto finish; } @@ -1555,10 +1539,17 @@ static int access_check_var_log_journal(sd_journal *j) { have_access = in_group("systemd-journal") > 0; if (!have_access) { + const char* dir; + + if (access("/run/log/journal", F_OK) >= 0) + dir = "/run/log/journal"; + else + dir = "/var/log/journal"; + /* Let's enumerate all groups from the default ACL of * the directory, which generally should allow access * to most journal files too */ - r = search_acl_groups(&g, "/var/log/journal/", &have_access); + r = search_acl_groups(&g, dir, &have_access); if (r < 0) return r; } @@ -1584,7 +1575,7 @@ static int access_check_var_log_journal(sd_journal *j) { return log_oom(); log_notice("Hint: You are currently not seeing messages from other users and the system.\n" - " Users in the groups '%s' can see all messages.\n" + " Users in groups '%s' can see all messages.\n" " Pass -q to turn off this notice.", s); } } @@ -1608,18 +1599,8 @@ static int access_check(sd_journal *j) { if (set_contains(j->errors, INT_TO_PTR(-EACCES))) { #ifdef HAVE_ACL - /* If /var/log/journal doesn't even exist, - * unprivileged users have no access at all */ - if (access("/var/log/journal", F_OK) < 0 && - geteuid() != 0 && - in_group("systemd-journal") <= 0) { - log_error("Unprivileged users cannot access messages, unless persistent log storage is\n" - "enabled. Users in the 'systemd-journal' group may always access messages."); - return -EACCES; - } - - /* If /var/log/journal exists, try to pring a nice - notice if the user lacks access to it */ + /* If /run/log/journal or /var/log/journal exist, try + to pring a nice notice if the user lacks access to it. */ if (!arg_quiet && geteuid() != 0) { r = access_check_var_log_journal(j); if (r < 0) @@ -1685,25 +1666,19 @@ static int flush_to_var(void) { mkdir_p("/run/systemd/journal", 0755); watch_fd = inotify_init1(IN_NONBLOCK|IN_CLOEXEC); - if (watch_fd < 0) { - log_error_errno(errno, "Failed to create inotify watch: %m"); - return -errno; - } + if (watch_fd < 0) + return log_error_errno(errno, "Failed to create inotify watch: %m"); r = inotify_add_watch(watch_fd, "/run/systemd/journal", IN_CREATE|IN_DONT_FOLLOW|IN_ONLYDIR); - if (r < 0) { - log_error_errno(errno, "Failed to watch journal directory: %m"); - return -errno; - } + if (r < 0) + return log_error_errno(errno, "Failed to watch journal directory: %m"); for (;;) { if (access("/run/systemd/journal/flushed", F_OK) >= 0) break; - if (errno != ENOENT) { - log_error_errno(errno, "Failed to check for existance of /run/systemd/journal/flushed: %m"); - return -errno; - } + if (errno != ENOENT) + return log_error_errno(errno, "Failed to check for existence of /run/systemd/journal/flushed: %m"); r = fd_wait_for_event(watch_fd, POLLIN, USEC_INFINITY); if (r < 0) @@ -1735,6 +1710,12 @@ int main(int argc, char *argv[]) { goto finish; signal(SIGWINCH, columns_lines_cache_reset); + sigbus_install(); + + /* Increase max number of open files to 16K if we can, we + * might needs this when browsing journal files, which might + * be split up into many files. */ + setrlimit_closest(RLIMIT_NOFILE, &RLIMIT_MAKE_CONST(16384)); if (arg_action == ACTION_NEW_ID128) { r = generate_new_id128(); @@ -1885,7 +1866,7 @@ int main(int argc, char *argv[]) { return EXIT_FAILURE; } - if (_unlikely_(log_get_max_level() >= LOG_PRI(LOG_DEBUG))) { + if (_unlikely_(log_get_max_level() >= LOG_DEBUG)) { _cleanup_free_ char *filter; filter = journal_make_match_string(j); @@ -1944,9 +1925,13 @@ int main(int argc, char *argv[]) { else r = sd_journal_previous_skip(j, 1 + !!arg_after_cursor); - if (arg_after_cursor && r < 2 && !arg_follow) + if (arg_after_cursor && r < 2) { /* We couldn't find the next entry after the cursor. */ - arg_lines = 0; + if (arg_follow) + need_seek = true; + else + arg_lines = 0; + } } else if (arg_since_set && !arg_reverse) { r = sd_journal_seek_realtime_usec(j, arg_since);