From: Lennart Poettering Date: Mon, 20 Aug 2012 20:13:22 +0000 (+0200) Subject: journald: add new Seal= configuration option X-Git-Tag: v189~33 X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=eb53b74f7e2f83d936b35107806a157fdffdbf5a;hp=197c0da22536121acc1377525458844a5ccabb7d;p=elogind.git journald: add new Seal= configuration option --- diff --git a/man/journald.conf.xml b/man/journald.conf.xml index 2ebbf30a6..2fa475c94 100644 --- a/man/journald.conf.xml +++ b/man/journald.conf.xml @@ -68,6 +68,46 @@ + + Storage= + + Controls where to + store journal data. One of + volatile, + persistent, + auto and + none. If + volatile journal + log data will be stored only in + memory, i.e. below the + /run/log/journal + hierarchy (which is created if + needed). If + persistent data will + be stored preferably on disk, + i.e. below the + /var/log/journal + hierarchy (which is created if + needed), with a fallback to + /run/log/journal + (which is created if needed), during + early boot and if the disk is not + writable. auto is + similar to + persistent but the + directory + /var/log/journal + is not created if needed, so that its + existence controls where log data + goes. none turns + off all storage, all log data received + will be dropped. Forwarding to other + targets, such as the console, the + kernel log buffer or a syslog daemon + will still work however. Defaults to + auto. + + Compress= @@ -81,6 +121,20 @@ system. + + Seal= + + Takes a boolean + value. If enabled (the default) and a + sealing key is available (as created + by + journalctl1's + + command), forward secure sealing (FSS) for + all persistent journal files is + enabled. + + RateLimitInterval= RateLimitBurst= @@ -265,45 +319,6 @@ /dev/console. - - Storage= - - Controls where to - store journal data. One of - volatile, - persistent, - auto and - none. If - volatile journal - log data will be stored only in - memory, i.e. below the - /run/log/journal - hierarchy (which is created if - needed). If - persistent data will - be stored preferably on disk, - i.e. below the - /var/log/journal - hierarchy (which is created if - needed), with a fallback to - /run/log/journal - (which is created if needed), during - early boot and if the disk is not - writable. auto is - similar to - persistent but the - directory - /var/log/journal - is not created if needed, so that its - existence controls where log data - goes. none turns - off all storage, all log data received - will be dropped. Forwarding to other - targets, such as the console, the - kernel log buffer or a syslog daemon - will still work however. Defaults to - auto. - diff --git a/src/journal/journald-gperf.gperf b/src/journal/journald-gperf.gperf index d4019dd66..2f83cbde7 100644 --- a/src/journal/journald-gperf.gperf +++ b/src/journal/journald-gperf.gperf @@ -14,9 +14,11 @@ struct ConfigPerfItem; %struct-type %includes %% +Journal.Storage, config_parse_storage, 0, offsetof(Server, storage) +Journal.Compress, config_parse_bool, 0, offsetof(Server, compress) +Journal.Seal, config_parse_bool, 0, offsetof(Server, seal) Journal.RateLimitInterval, config_parse_usec, 0, offsetof(Server, rate_limit_interval) Journal.RateLimitBurst, config_parse_unsigned, 0, offsetof(Server, rate_limit_burst) -Journal.Compress, config_parse_bool, 0, offsetof(Server, compress) Journal.SystemMaxUse, config_parse_bytes_off, 0, offsetof(Server, system_metrics.max_use) Journal.SystemMaxFileSize, config_parse_bytes_off, 0, offsetof(Server, system_metrics.max_size) Journal.SystemMinFileSize, config_parse_bytes_off, 0, offsetof(Server, system_metrics.min_size) @@ -33,4 +35,3 @@ Journal.MaxLevelStore, config_parse_level, 0, offsetof(Server, max_leve Journal.MaxLevelSyslog, config_parse_level, 0, offsetof(Server, max_level_syslog) Journal.MaxLevelKMsg, config_parse_level, 0, offsetof(Server, max_level_kmsg) Journal.MaxLevelConsole, config_parse_level, 0, offsetof(Server, max_level_console) -Journal.Storage, config_parse_storage, 0, offsetof(Server, storage) diff --git a/src/journal/journald.c b/src/journal/journald.c index f74c46158..7b3b6471d 100644 --- a/src/journal/journald.c +++ b/src/journal/journald.c @@ -316,7 +316,7 @@ static JournalFile* find_journal(Server *s, uid_t uid) { journal_file_close(f); } - r = journal_file_open_reliably(p, O_RDWR|O_CREAT, 0640, s->compress, false, &s->system_metrics, s->mmap, s->system_journal, &f); + r = journal_file_open_reliably(p, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, s->system_journal, &f); free(p); if (r < 0) @@ -353,7 +353,7 @@ static void server_rotate(Server *s) { } if (s->system_journal) { - r = journal_file_rotate(&s->system_journal, s->compress, true); + r = journal_file_rotate(&s->system_journal, s->compress, s->seal); if (r < 0) if (s->system_journal) log_error("Failed to rotate %s: %s", s->system_journal->path, strerror(-r)); @@ -365,7 +365,7 @@ static void server_rotate(Server *s) { } HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) { - r = journal_file_rotate(&f, s->compress, false); + r = journal_file_rotate(&f, s->compress, s->seal); if (r < 0) if (f->path) log_error("Failed to rotate %s: %s", f->path, strerror(-r)); @@ -2007,7 +2007,7 @@ static int system_journal_open(Server *s) { if (!fn) return -ENOMEM; - r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, true, &s->system_metrics, s->mmap, NULL, &s->system_journal); + r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &s->system_journal); free(fn); if (r >= 0) @@ -2771,6 +2771,7 @@ static int server_init(Server *s) { zero(*s); s->syslog_fd = s->native_fd = s->stdout_fd = s->signal_fd = s->epoll_fd = s->dev_kmsg_fd = -1; s->compress = true; + s->seal = true; s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL; s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST; diff --git a/src/journal/journald.conf b/src/journal/journald.conf index ab7b4abec..677f48b7e 100644 --- a/src/journal/journald.conf +++ b/src/journal/journald.conf @@ -8,7 +8,9 @@ # See journald.conf(5) for details [Journal] +#Storage=auto #Compress=yes +#Seal=yes #RateLimitInterval=10s #RateLimitBurst=200 #SystemMaxUse= @@ -27,4 +29,3 @@ #MaxLevelSyslog=debug #MaxLevelKMsg=notice #MaxLevelConsole=info -#Storage=auto diff --git a/src/journal/journald.h b/src/journal/journald.h index 0202893d8..13f2f1f5d 100644 --- a/src/journal/journald.h +++ b/src/journal/journald.h @@ -68,6 +68,7 @@ typedef struct Server { JournalMetrics system_metrics; bool compress; + bool seal; bool forward_to_kmsg; bool forward_to_syslog;