X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fjournal%2Fjournald-server.c;h=b46a2f63b35a0d9529295ece8d2bd1497d6b4293;hb=40adcda869bda55f44b57fd3a2bd71d006dfb51b;hp=ec9be65575c6ca25482dd4aa0ce99fa1b3357237;hpb=9bdbc2e2ec523dbefe1c1c7e164b5544aff0b185;p=elogind.git diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c index ec9be6557..b46a2f63b 100644 --- a/src/journal/journald-server.c +++ b/src/journal/journald-server.c @@ -34,6 +34,7 @@ #include #endif +#include "fileio.h" #include "mkdir.h" #include "hashmap.h" #include "journal-file.h" @@ -514,7 +515,8 @@ static void dispatch_message_real( sd_id128_t id; int r; char *t; - uid_t loginuid = 0, realuid = 0; + uid_t loginuid = 0, realuid = 0, owner = 0, journal_uid; + bool loginuid_valid = false, owner_valid = false; assert(s); assert(iovec); @@ -523,9 +525,6 @@ static void dispatch_message_real( if (ucred) { uint32_t audit; -#ifdef HAVE_LOGIND - uid_t owner; -#endif realuid = ucred->uid; @@ -571,9 +570,11 @@ static void dispatch_message_real( IOVEC_SET_STRING(iovec[n++], audit_session); r = audit_loginuid_from_pid(ucred->pid, &loginuid); - if (r >= 0) + if (r >= 0) { + loginuid_valid = true; if (asprintf(&audit_loginuid, "_AUDIT_LOGINUID=%lu", (unsigned long) loginuid) >= 0) IOVEC_SET_STRING(iovec[n++], audit_loginuid); + } t = shortened_cgroup_path(ucred->pid); if (t) { @@ -593,16 +594,25 @@ static void dispatch_message_real( IOVEC_SET_STRING(iovec[n++], session); } - if (sd_pid_get_owner_uid(ucred->uid, &owner) >= 0) + if (sd_pid_get_owner_uid(ucred->uid, &owner) >= 0) { + owner_valid = true; if (asprintf(&owner_uid, "_SYSTEMD_OWNER_UID=%lu", (unsigned long) owner) >= 0) IOVEC_SET_STRING(iovec[n++], owner_uid); + } #endif if (cg_pid_get_unit(ucred->pid, &t) >= 0) { unit = strappend("_SYSTEMD_UNIT=", t); free(t); - } else if (unit_id) - unit = strappend("_SYSTEMD_UNIT=", unit_id); + } else if (cg_pid_get_user_unit(ucred->pid, &t) >= 0) { + unit = strappend("_SYSTEMD_USER_UNIT=", t); + free(t); + } else if (unit_id) { + if (session) + unit = strappend("_SYSTEMD_USER_UNIT=", unit_id); + else + unit = strappend("_SYSTEMD_UNIT=", unit_id); + } if (unit) IOVEC_SET_STRING(iovec[n++], unit); @@ -659,10 +669,25 @@ static void dispatch_message_real( assert(n <= m); - write_to_journal(s, - s->split_mode == SPLIT_NONE ? 0 : - (s->split_mode == SPLIT_UID ? realuid : - (realuid == 0 ? 0 : loginuid)), iovec, n); + if (s->split_mode == SPLIT_UID && realuid > 0) + /* Split up strictly by any UID */ + journal_uid = realuid; + else if (s->split_mode == SPLIT_LOGIN && owner_valid && owner > 0 && realuid > 0) + /* Split up by login UIDs, this avoids creation of + * individual journals for system UIDs. We do this + * only if the realuid is not root, in order not to + * accidentally leak privileged information logged by + * a privileged process that is part of an + * unprivileged session to the user. */ + journal_uid = owner; + else if (s->split_mode == SPLIT_LOGIN && loginuid_valid && loginuid > 0 && realuid > 0) + /* Hmm, let's try via the audit uids, as fallback, + * just in case */ + journal_uid = loginuid; + else + journal_uid = 0; + + write_to_journal(s, journal_uid, iovec, n); } void server_driver_message(Server *s, sd_id128_t message_id, const char *format, ...) { @@ -1294,6 +1319,12 @@ int server_init(Server *s) { server_parse_config_file(s); server_parse_proc_cmdline(s); + if (!!s->rate_limit_interval ^ !!s->rate_limit_burst) { + log_debug("Setting both rate limit interval and burst from %llu,%u to 0,0", + (long long unsigned) s->rate_limit_interval, + s->rate_limit_burst); + s->rate_limit_interval = s->rate_limit_burst = 0; + } mkdir_p("/run/systemd/journal", 0755); @@ -1380,7 +1411,8 @@ int server_init(Server *s) { if (!s->udev) return -ENOMEM; - s->rate_limit = journal_rate_limit_new(s->rate_limit_interval, s->rate_limit_burst); + s->rate_limit = journal_rate_limit_new(s->rate_limit_interval, + s->rate_limit_burst); if (!s->rate_limit) return -ENOMEM;