X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fjournal%2Fjournalctl.c;h=2b0e00ee8f4f4ab400f7286c52941bc8f210a5b7;hp=386e3505c044ed385f4049e54e126ff16321b86b;hb=05c1853093d8c4e4aa16876b5129b65dac5abd01;hpb=553d2243e2a42783b8bb94addfb752b802c23311 diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c index 386e3505c..2b0e00ee8 100644 --- a/src/journal/journalctl.c +++ b/src/journal/journalctl.c @@ -28,26 +28,20 @@ #include #include #include -#include #include #include #include #include -#include #include #include -#ifdef HAVE_ACL -#include -#include "acl-util.h" -#endif - #include "sd-journal.h" #include "sd-bus.h" #include "log.h" #include "logs-show.h" #include "util.h" +#include "acl-util.h" #include "path-util.h" #include "fileio.h" #include "build.h" @@ -58,7 +52,6 @@ #include "journal-internal.h" #include "journal-def.h" #include "journal-verify.h" -#include "journal-authenticate.h" #include "journal-qrcode.h" #include "journal-vacuum.h" #include "fsprg.h" @@ -198,19 +191,19 @@ static void help(void) { " --system Show the system journal\n" " --user Show the user journal for the current user\n" " -M --machine=CONTAINER Operate on local container\n" - " --since=DATE Start showing entries on or newer than the specified date\n" - " --until=DATE Stop showing entries on or newer than the specified date\n" - " -c --cursor=CURSOR Start showing entries from the specified cursor\n" - " --after-cursor=CURSOR Start showing entries from after the specified cursor\n" + " --since=DATE Show entries not older than the specified date\n" + " --until=DATE Show entries not newer than the specified date\n" + " -c --cursor=CURSOR Show entries starting at the specified cursor\n" + " --after-cursor=CURSOR Show entries after the specified cursor\n" " --show-cursor Print the cursor after all the entries\n" - " -b --boot[=ID] Show data only from ID or, if unspecified, the current boot\n" + " -b --boot[=ID] Show current boot or the specified boot\n" " --list-boots Show terse information about recorded boots\n" " -k --dmesg Show kernel message log from the current boot\n" - " -u --unit=UNIT Show data only from the specified unit\n" - " --user-unit=UNIT Show data only from the specified user session unit\n" - " -t --identifier=STRING Show only messages with the specified syslog identifier\n" - " -p --priority=RANGE Show only messages within the specified priority range\n" - " -e --pager-end Immediately jump to end of the journal in the pager\n" + " -u --unit=UNIT Show logs from the specified unit\n" + " --user-unit=UNIT Show logs from the specified user unit\n" + " -t --identifier=STRING Show entries with the specified syslog identifier\n" + " -p --priority=RANGE Show entries with the specified priority\n" + " -e --pager-end Immediately jump to the end in the pager\n" " -f --follow Follow the journal\n" " -n --lines[=INTEGER] Number of journal entries to show\n" " --no-tail Show all lines, even in follow mode\n" @@ -231,7 +224,7 @@ static void help(void) { #ifdef HAVE_GCRYPT " --interval=TIME Time interval for changing the FSS sealing key\n" " --verify-key=KEY Specify FSS verification key\n" - " --force Force overriding of the FSS key pair with --setup-keys\n" + " --force Override of the FSS key pair with --setup-keys\n" #endif "\nCommands:\n" " -h --help Show this help text\n" @@ -239,11 +232,11 @@ static void help(void) { " -F --field=FIELD List all values that a specified field takes\n" " --new-id128 Generate a new 128-bit ID\n" " --disk-usage Show total disk usage of all journal files\n" - " --vacuum-size=BYTES Remove old journals until disk space drops below size\n" - " --vacuum-time=TIME Remove old journals until none left older than\n" + " --vacuum-size=BYTES Reduce disk usage below specified size\n" + " --vacuum-time=TIME Remove journal files older than specified date\n" " --flush Flush all journal data from /run into /var\n" " --header Show journal header information\n" - " --list-catalog Show message IDs of all entries in the message catalog\n" + " --list-catalog Show all message IDs in the catalog\n" " --dump-catalog Show entries in the message catalog\n" " --update-catalog Update the message catalog database\n" #ifdef HAVE_GCRYPT @@ -1273,7 +1266,7 @@ static int add_syslog_identifier(sd_journal *j) { STRV_FOREACH(i, arg_syslog_identifier) { char *u; - u = strappenda("SYSLOG_IDENTIFIER=", *i); + u = strjoina("SYSLOG_IDENTIFIER=", *i); r = sd_journal_add_match(j, u, 0); if (r < 0) return r; @@ -1294,7 +1287,7 @@ static int setup_keys(void) { size_t mpk_size, seed_size, state_size, i; uint8_t *mpk, *seed, *state; ssize_t l; - int fd = -1, r, attr = 0; + int fd = -1, r; sd_id128_t machine, boot; char *p = NULL, *k = NULL; struct FSSHeader h; @@ -1389,13 +1382,9 @@ static int setup_keys(void) { /* Enable secure remove, exclusion from dump, synchronous * writing and in-place updating */ - if (ioctl(fd, FS_IOC_GETFLAGS, &attr) < 0) - log_warning_errno(errno, "FS_IOC_GETFLAGS failed: %m"); - - attr |= FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL; - - if (ioctl(fd, FS_IOC_SETFLAGS, &attr) < 0) - log_warning_errno(errno, "FS_IOC_SETFLAGS failed: %m"); + r = chattr_fd(fd, true, FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL); + if (r < 0) + log_warning_errno(errno, "Failed to set file attributes: %m"); zero(h); memcpy(h.signature, "KSHHRHLP", 8); @@ -1550,10 +1539,17 @@ static int access_check_var_log_journal(sd_journal *j) { have_access = in_group("systemd-journal") > 0; if (!have_access) { + const char* dir; + + if (access("/run/log/journal", F_OK) >= 0) + dir = "/run/log/journal"; + else + dir = "/var/log/journal"; + /* Let's enumerate all groups from the default ACL of * the directory, which generally should allow access * to most journal files too */ - r = search_acl_groups(&g, "/var/log/journal/", &have_access); + r = search_acl_groups(&g, dir, &have_access); if (r < 0) return r; } @@ -1579,7 +1575,7 @@ static int access_check_var_log_journal(sd_journal *j) { return log_oom(); log_notice("Hint: You are currently not seeing messages from other users and the system.\n" - " Users in the groups '%s' can see all messages.\n" + " Users in groups '%s' can see all messages.\n" " Pass -q to turn off this notice.", s); } } @@ -1603,18 +1599,8 @@ static int access_check(sd_journal *j) { if (set_contains(j->errors, INT_TO_PTR(-EACCES))) { #ifdef HAVE_ACL - /* If /var/log/journal doesn't even exist, - * unprivileged users have no access at all */ - if (access("/var/log/journal", F_OK) < 0 && - geteuid() != 0 && - in_group("systemd-journal") <= 0) { - log_error("Unprivileged users cannot access messages, unless persistent log storage is\n" - "enabled. Users in the 'systemd-journal' group may always access messages."); - return -EACCES; - } - - /* If /var/log/journal exists, try to pring a nice - notice if the user lacks access to it */ + /* If /run/log/journal or /var/log/journal exist, try + to pring a nice notice if the user lacks access to it. */ if (!arg_quiet && geteuid() != 0) { r = access_check_var_log_journal(j); if (r < 0) @@ -1726,6 +1712,11 @@ int main(int argc, char *argv[]) { signal(SIGWINCH, columns_lines_cache_reset); sigbus_install(); + /* Increase max number of open files to 16K if we can, we + * might needs this when browsing journal files, which might + * be split up into many files. */ + setrlimit_closest(RLIMIT_NOFILE, &RLIMIT_MAKE_CONST(16384)); + if (arg_action == ACTION_NEW_ID128) { r = generate_new_id128(); goto finish;