X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fjournal%2Fjournalctl.c;h=8543adfb8a1d2d52ac65e72545fe505d552fce4d;hp=4c288f3334d66ffeae262a528a67477f9fe3144f;hb=478c82693c386e7a6e8e4b37cc99fb19b12e7186;hpb=737732a41e5702540f51c760bebd3b8152c04727 diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c index 4c288f333..8543adfb8 100644 --- a/src/journal/journalctl.c +++ b/src/journal/journalctl.c @@ -37,6 +37,7 @@ #ifdef HAVE_ACL #include +#include "acl-util.h" #endif #include @@ -895,62 +896,18 @@ static int access_check(void) { if (!arg_quiet && geteuid() != 0) { _cleanup_strv_free_ char **g = NULL; bool have_access; - acl_t acl; int r; have_access = in_group("systemd-journal") > 0; - if (!have_access) { + if (!have_access) { /* Let's enumerate all groups from the default * ACL of the directory, which generally * should allow access to most journal * files too */ - - acl = acl_get_file("/var/log/journal/", ACL_TYPE_DEFAULT); - if (acl) { - acl_entry_t entry; - - r = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry); - while (r > 0) { - acl_tag_t tag; - gid_t *gid; - char *name; - - r = acl_get_tag_type(entry, &tag); - if (r < 0) - break; - - if (tag != ACL_GROUP) - goto next; - - gid = acl_get_qualifier(entry); - if (!gid) - break; - - if (in_gid(*gid) > 0) { - have_access = true; - break; - } - - name = gid_to_name(*gid); - if (!name) { - acl_free(acl); - return log_oom(); - } - - r = strv_push(&g, name); - if (r < 0) { - free(name); - acl_free(acl); - return log_oom(); - } - - next: - r = acl_get_entry(acl, ACL_NEXT_ENTRY, &entry); - } - - acl_free(acl); - } + r = search_acl_groups(&g, "/var/log/journal/", &have_access); + if (r < 0) + return r; } if (!have_access) {