#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
-#include <time.h>
#include <getopt.h>
#include <signal.h>
#include <poll.h>
#include <sys/stat.h>
-#include <sys/ioctl.h>
#include <sys/inotify.h>
#include <linux/fs.h>
-#ifdef HAVE_ACL
-#include <sys/acl.h>
-#include "acl-util.h"
-#endif
-
#include "sd-journal.h"
#include "sd-bus.h"
#include "log.h"
#include "logs-show.h"
#include "util.h"
+#include "acl-util.h"
#include "path-util.h"
#include "fileio.h"
#include "build.h"
#include "pager.h"
#include "strv.h"
#include "set.h"
+#include "sigbus.h"
#include "journal-internal.h"
#include "journal-def.h"
#include "journal-verify.h"
-#include "journal-authenticate.h"
#include "journal-qrcode.h"
#include "journal-vacuum.h"
#include "fsprg.h"
" --system Show the system journal\n"
" --user Show the user journal for the current user\n"
" -M --machine=CONTAINER Operate on local container\n"
- " --since=DATE Start showing entries on or newer than the specified date\n"
- " --until=DATE Stop showing entries on or newer than the specified date\n"
- " -c --cursor=CURSOR Start showing entries from the specified cursor\n"
- " --after-cursor=CURSOR Start showing entries from after the specified cursor\n"
+ " --since=DATE Show entries not older than the specified date\n"
+ " --until=DATE Show entries not newer than the specified date\n"
+ " -c --cursor=CURSOR Show entries starting at the specified cursor\n"
+ " --after-cursor=CURSOR Show entries after the specified cursor\n"
" --show-cursor Print the cursor after all the entries\n"
- " -b --boot[=ID] Show data only from ID or, if unspecified, the current boot\n"
+ " -b --boot[=ID] Show current boot or the specified boot\n"
" --list-boots Show terse information about recorded boots\n"
" -k --dmesg Show kernel message log from the current boot\n"
- " -u --unit=UNIT Show data only from the specified unit\n"
- " --user-unit=UNIT Show data only from the specified user session unit\n"
- " -t --identifier=STRING Show only messages with the specified syslog identifier\n"
- " -p --priority=RANGE Show only messages within the specified priority range\n"
- " -e --pager-end Immediately jump to end of the journal in the pager\n"
+ " -u --unit=UNIT Show logs from the specified unit\n"
+ " --user-unit=UNIT Show logs from the specified user unit\n"
+ " -t --identifier=STRING Show entries with the specified syslog identifier\n"
+ " -p --priority=RANGE Show entries with the specified priority\n"
+ " -e --pager-end Immediately jump to the end in the pager\n"
" -f --follow Follow the journal\n"
" -n --lines[=INTEGER] Number of journal entries to show\n"
" --no-tail Show all lines, even in follow mode\n"
#ifdef HAVE_GCRYPT
" --interval=TIME Time interval for changing the FSS sealing key\n"
" --verify-key=KEY Specify FSS verification key\n"
- " --force Force overriding of the FSS key pair with --setup-keys\n"
+ " --force Override of the FSS key pair with --setup-keys\n"
#endif
"\nCommands:\n"
" -h --help Show this help text\n"
" -F --field=FIELD List all values that a specified field takes\n"
" --new-id128 Generate a new 128-bit ID\n"
" --disk-usage Show total disk usage of all journal files\n"
- " --vacuum-size=BYTES Remove old journals until disk space drops below size\n"
- " --vacuum-time=TIME Remove old journals until none left older than\n"
+ " --vacuum-size=BYTES Reduce disk usage below specified size\n"
+ " --vacuum-time=TIME Remove journal files older than specified date\n"
" --flush Flush all journal data from /run into /var\n"
" --header Show journal header information\n"
- " --list-catalog Show message IDs of all entries in the message catalog\n"
+ " --list-catalog Show all message IDs in the catalog\n"
" --dump-catalog Show entries in the message catalog\n"
" --update-catalog Update the message catalog database\n"
#ifdef HAVE_GCRYPT
STRV_FOREACH(i, arg_syslog_identifier) {
char *u;
- u = strappenda("SYSLOG_IDENTIFIER=", *i);
+ u = strjoina("SYSLOG_IDENTIFIER=", *i);
r = sd_journal_add_match(j, u, 0);
if (r < 0)
return r;
size_t mpk_size, seed_size, state_size, i;
uint8_t *mpk, *seed, *state;
ssize_t l;
- int fd = -1, r, attr = 0;
+ int fd = -1, r;
sd_id128_t machine, boot;
char *p = NULL, *k = NULL;
struct FSSHeader h;
/* Enable secure remove, exclusion from dump, synchronous
* writing and in-place updating */
- if (ioctl(fd, FS_IOC_GETFLAGS, &attr) < 0)
- log_warning_errno(errno, "FS_IOC_GETFLAGS failed: %m");
-
- attr |= FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL;
-
- if (ioctl(fd, FS_IOC_SETFLAGS, &attr) < 0)
- log_warning_errno(errno, "FS_IOC_SETFLAGS failed: %m");
+ r = chattr_fd(fd, true, FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL);
+ if (r < 0)
+ log_warning_errno(errno, "Failed to set file attributes: %m");
zero(h);
memcpy(h.signature, "KSHHRHLP", 8);
have_access = in_group("systemd-journal") > 0;
if (!have_access) {
+ const char* dir;
+
+ if (access("/run/log/journal", F_OK) >= 0)
+ dir = "/run/log/journal";
+ else
+ dir = "/var/log/journal";
+
/* Let's enumerate all groups from the default ACL of
* the directory, which generally should allow access
* to most journal files too */
- r = search_acl_groups(&g, "/var/log/journal/", &have_access);
+ r = search_acl_groups(&g, dir, &have_access);
if (r < 0)
return r;
}
return log_oom();
log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
- " Users in the groups '%s' can see all messages.\n"
+ " Users in groups '%s' can see all messages.\n"
" Pass -q to turn off this notice.", s);
}
}
if (set_contains(j->errors, INT_TO_PTR(-EACCES))) {
#ifdef HAVE_ACL
- /* If /var/log/journal doesn't even exist,
- * unprivileged users have no access at all */
- if (access("/var/log/journal", F_OK) < 0 &&
- geteuid() != 0 &&
- in_group("systemd-journal") <= 0) {
- log_error("Unprivileged users cannot access messages, unless persistent log storage is\n"
- "enabled. Users in the 'systemd-journal' group may always access messages.");
- return -EACCES;
- }
-
- /* If /var/log/journal exists, try to pring a nice
- notice if the user lacks access to it */
+ /* If /run/log/journal or /var/log/journal exist, try
+ to pring a nice notice if the user lacks access to it. */
if (!arg_quiet && geteuid() != 0) {
r = access_check_var_log_journal(j);
if (r < 0)
break;
if (errno != ENOENT)
- return log_error_errno(errno, "Failed to check for existance of /run/systemd/journal/flushed: %m");
+ return log_error_errno(errno, "Failed to check for existence of /run/systemd/journal/flushed: %m");
r = fd_wait_for_event(watch_fd, POLLIN, USEC_INFINITY);
if (r < 0)
goto finish;
signal(SIGWINCH, columns_lines_cache_reset);
+ sigbus_install();
+
+ /* Increase max number of open files to 16K if we can, we
+ * might needs this when browsing journal files, which might
+ * be split up into many files. */
+ setrlimit_closest(RLIMIT_NOFILE, &RLIMIT_MAKE_CONST(16384));
if (arg_action == ACTION_NEW_ID128) {
r = generate_new_id128();
return EXIT_FAILURE;
}
- if (_unlikely_(log_get_max_level() >= LOG_PRI(LOG_DEBUG))) {
+ if (_unlikely_(log_get_max_level() >= LOG_DEBUG)) {
_cleanup_free_ char *filter;
filter = journal_make_match_string(j);