X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fjournal%2Fjournald-server.c;h=ac565c7ece96ce1b1bbf57962c9fe04467ddea1e;hp=b46a2f63b35a0d9529295ece8d2bd1497d6b4293;hb=a24c64f03f9c5c0304451d8542fee853187a5168;hpb=40adcda869bda55f44b57fd3a2bd71d006dfb51b diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c index b46a2f63b..ac565c7ec 100644 --- a/src/journal/journald-server.c +++ b/src/journal/journald-server.c @@ -174,7 +174,7 @@ static uint64_t available_space(Server *s) { } static void server_read_file_gid(Server *s) { - const char *adm = "adm"; + const char *g = "systemd-journal"; int r; assert(s); @@ -182,9 +182,9 @@ static void server_read_file_gid(Server *s) { if (s->file_gid_valid) return; - r = get_group_creds(&adm, &s->file_gid); + r = get_group_creds(&g, &s->file_gid); if (r < 0) - log_warning("Failed to resolve 'adm' group: %s", strerror(-r)); + log_warning("Failed to resolve '%s' group: %s", g, strerror(-r)); /* if we couldn't read the gid, then it will be 0, but that's * fine and we shouldn't try to resolve the group again, so @@ -515,8 +515,8 @@ static void dispatch_message_real( sd_id128_t id; int r; char *t; - uid_t loginuid = 0, realuid = 0, owner = 0, journal_uid; - bool loginuid_valid = false, owner_valid = false; + uid_t realuid = 0, owner = 0, journal_uid; + bool owner_valid = false; assert(s); assert(iovec); @@ -525,6 +525,7 @@ static void dispatch_message_real( if (ucred) { uint32_t audit; + uid_t loginuid; realuid = ucred->uid; @@ -570,11 +571,9 @@ static void dispatch_message_real( IOVEC_SET_STRING(iovec[n++], audit_session); r = audit_loginuid_from_pid(ucred->pid, &loginuid); - if (r >= 0) { - loginuid_valid = true; + if (r >= 0) if (asprintf(&audit_loginuid, "_AUDIT_LOGINUID=%lu", (unsigned long) loginuid) >= 0) IOVEC_SET_STRING(iovec[n++], audit_loginuid); - } t = shortened_cgroup_path(ucred->pid); if (t) { @@ -621,9 +620,7 @@ static void dispatch_message_real( if (label) { selinux_context = malloc(sizeof("_SELINUX_CONTEXT=") + label_len); if (selinux_context) { - memcpy(selinux_context, "_SELINUX_CONTEXT=", sizeof("_SELINUX_CONTEXT=")-1); - memcpy(selinux_context+sizeof("_SELINUX_CONTEXT=")-1, label, label_len); - selinux_context[sizeof("_SELINUX_CONTEXT=")-1+label_len] = 0; + *((char*) mempcpy(stpcpy(selinux_context, "_SELINUX_CONTEXT="), label, label_len)) = 0; IOVEC_SET_STRING(iovec[n++], selinux_context); } } else { @@ -633,7 +630,6 @@ static void dispatch_message_real( selinux_context = strappend("_SELINUX_CONTEXT=", con); if (selinux_context) IOVEC_SET_STRING(iovec[n++], selinux_context); - freecon(con); } } @@ -672,18 +668,14 @@ static void dispatch_message_real( if (s->split_mode == SPLIT_UID && realuid > 0) /* Split up strictly by any UID */ journal_uid = realuid; - else if (s->split_mode == SPLIT_LOGIN && owner_valid && owner > 0 && realuid > 0) + else if (s->split_mode == SPLIT_LOGIN && realuid > 0 && owner_valid && owner > 0) /* Split up by login UIDs, this avoids creation of * individual journals for system UIDs. We do this * only if the realuid is not root, in order not to - * accidentally leak privileged information logged by - * a privileged process that is part of an - * unprivileged session to the user. */ + * accidentally leak privileged information to the + * user that is logged by a privileged process that is + * part of an unprivileged session.*/ journal_uid = owner; - else if (s->split_mode == SPLIT_LOGIN && loginuid_valid && loginuid > 0 && realuid > 0) - /* Hmm, let's try via the audit uids, as fallback, - * just in case */ - journal_uid = loginuid; else journal_uid = 0;