X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fjournal%2Fjournalctl.c;h=c96d68dd4cbf1feeca0fbfcd15b152d3ac10d5aa;hp=8543adfb8a1d2d52ac65e72545fe505d552fce4d;hb=0db809489fd88a320ae1023ffe36a9965e9a91b2;hpb=478c82693c386e7a6e8e4b37cc99fb19b12e7186 diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c index 8543adfb8..c96d68dd4 100644 --- a/src/journal/journalctl.c +++ b/src/journal/journalctl.c @@ -86,6 +86,7 @@ static bool arg_unit_system; static const char *arg_field = NULL; static bool arg_catalog = false; static bool arg_reverse = false; +static const char *arg_root = NULL; static enum { ACTION_SHOW, @@ -125,6 +126,7 @@ static int help(void) { " --no-pager Do not pipe output into a pager\n" " -m --merge Show entries from all available journals\n" " -D --directory=PATH Show journal files from directory\n" + " --root=ROOT Operate on catalog files underneath the root ROOT\n" #ifdef HAVE_GCRYPT " --interval=TIME Time interval for changing the FSS sealing key\n" " --verify-key=KEY Specify FSS verification key\n" @@ -155,6 +157,7 @@ static int parse_argv(int argc, char *argv[]) { ARG_NO_PAGER, ARG_NO_TAIL, ARG_NEW_ID128, + ARG_ROOT, ARG_HEADER, ARG_FULL, ARG_SETUP_KEYS, @@ -186,6 +189,7 @@ static int parse_argv(int argc, char *argv[]) { { "merge", no_argument, NULL, 'm' }, { "this-boot", no_argument, NULL, 'b' }, { "directory", required_argument, NULL, 'D' }, + { "root", required_argument, NULL, ARG_ROOT }, { "header", no_argument, NULL, ARG_HEADER }, { "priority", required_argument, NULL, 'p' }, { "setup-keys", no_argument, NULL, ARG_SETUP_KEYS }, @@ -318,6 +322,10 @@ static int parse_argv(int argc, char *argv[]) { arg_directory = optarg; break; + case ARG_ROOT: + arg_root = optarg; + break; + case 'c': arg_cursor = optarg; break; @@ -883,63 +891,113 @@ static int verify(sd_journal *j) { return r; } -static int access_check(void) { - #ifdef HAVE_ACL - /* If /var/log/journal doesn't even exist, unprivileged users have no access at all */ - if (access("/var/log/journal", F_OK) < 0 && geteuid() != 0 && in_group("systemd-journal") <= 0) { - log_error("Unprivileged users can't see messages unless persistent log storage is enabled. Users in the group 'systemd-journal' can always see messages."); - return -EACCES; +static int access_check_var_log_journal(sd_journal *j) { + _cleanup_strv_free_ char **g = NULL; + bool have_access; + int r; + + assert(j); + + have_access = in_group("systemd-journal") > 0; + + if (!have_access) { + /* Let's enumerate all groups from the default ACL of + * the directory, which generally should allow access + * to most journal files too */ + r = search_acl_groups(&g, "/var/log/journal/", &have_access); + if (r < 0) + return r; } - /* If /var/log/journal exists, try to pring a nice notice if the user lacks access to it */ - if (!arg_quiet && geteuid() != 0) { - _cleanup_strv_free_ char **g = NULL; - bool have_access; - int r; + if (!have_access) { - have_access = in_group("systemd-journal") > 0; + if (strv_isempty(g)) + log_notice("Hint: You are currently not seeing messages from other users and the system.\n" + " Users in the 'systemd-journal' group can see all messages. Pass -q to\n" + " turn off this notice."); + else { + _cleanup_free_ char *s = NULL; - if (!have_access) { - /* Let's enumerate all groups from the default - * ACL of the directory, which generally - * should allow access to most journal - * files too */ - r = search_acl_groups(&g, "/var/log/journal/", &have_access); + r = strv_extend(&g, "systemd-journal"); if (r < 0) - return r; + return log_oom(); + + strv_sort(g); + strv_uniq(g); + + s = strv_join(g, "', '"); + if (!s) + return log_oom(); + + log_notice("Hint: You are currently not seeing messages from other users and the system.\n" + " Users in the groups '%s' can see all messages.\n" + " Pass -q to turn off this notice.", s); } + } - if (!have_access) { + return 0; +} +#endif - if (strv_isempty(g)) - log_notice("Hint: You are currently not seeing messages from other users and the system. Users in the group 'systemd-journal' can see all messages. Pass -q to turn this notice off."); - else { - _cleanup_free_ char *s = NULL; +static int access_check(sd_journal *j) { + Iterator it; + void *code; + int r = 0; - r = strv_extend(&g, "systemd-journal"); - if (r < 0) - return log_oom(); + assert(j); - strv_sort(g); - strv_uniq(g); + if (set_isempty(j->errors)) { + if (hashmap_isempty(j->files)) + log_notice("No journal files were found."); + return 0; + } - s = strv_join(g, "', '"); - if (!s) - return log_oom(); + if (set_contains(j->errors, INT_TO_PTR(-EACCES))) { +#ifdef HAVE_ACL + /* If /var/log/journal doesn't even exist, + * unprivileged users have no access at all */ + if (access("/var/log/journal", F_OK) < 0 && + geteuid() != 0 && + in_group("systemd-journal") <= 0) { + log_error("Unprivileged users cannot access messages, unless persistent log storage is\n" + "enabled. Users in the 'systemd-journal' group may always access messages."); + return -EACCES; + } - log_notice("Hint: You are currently not seeing messages from other users and the system. Users in the groups '%s' can see all messages. Pass -q to turn this notice off.", s); - } + /* If /var/log/journal exists, try to pring a nice + notice if the user lacks access to it */ + if (!arg_quiet && geteuid() != 0) { + r = access_check_var_log_journal(j); + if (r < 0) + return r; } - } #else - if (geteuid() != 0 && in_group("systemd-journal") <= 0) { - log_error("No access to messages. Only users in the group 'systemd-journal' can see messages."); - return -EACCES; - } + if (geteuid() != 0 && in_group("systemd-journal") <= 0) { + log_error("Unprivileged users cannot access messages. Users in the 'systemd-journal' group\n" + "group may access messages."); + return -EACCES; + } #endif - return 0; + if (hashmap_isempty(j->files)) { + log_error("No journal files were opened due to insufficient permissions."); + r = -EACCES; + } + } + + SET_FOREACH(code, j->errors, it) { + int err; + + err = -PTR_TO_INT(code); + assert(err > 0); + + if (err != EACCES) + log_warning("Error was encountered while opening journal files: %s", + strerror(err)); + } + + return r; } int main(int argc, char *argv[]) { @@ -970,27 +1028,41 @@ int main(int argc, char *argv[]) { goto finish; } - if (arg_action == ACTION_LIST_CATALOG || - arg_action == ACTION_DUMP_CATALOG) { - bool oneline = arg_action == ACTION_LIST_CATALOG; - if (optind < argc) - r = catalog_list_items(stdout, oneline, argv + optind); - else - r = catalog_list(stdout, oneline); - if (r < 0) - log_error("Failed to list catalog: %s", strerror(-r)); - goto finish; - } + if (arg_action == ACTION_UPDATE_CATALOG || + arg_action == ACTION_LIST_CATALOG || + arg_action == ACTION_DUMP_CATALOG) { + + const char* database = CATALOG_DATABASE; + char _cleanup_free_ *copy = NULL; + if (arg_root) { + copy = strjoin(arg_root, "/", CATALOG_DATABASE, NULL); + if (!database) { + r = log_oom(); + goto finish; + } + path_kill_slashes(copy); + database = copy; + } + + if (arg_action == ACTION_UPDATE_CATALOG) { + r = catalog_update(database, arg_root, catalog_file_dirs); + if (r < 0) + log_error("Failed to list catalog: %s", strerror(-r)); + } else { + bool oneline = arg_action == ACTION_LIST_CATALOG; + + if (optind < argc) + r = catalog_list_items(stdout, database, + oneline, argv + optind); + else + r = catalog_list(stdout, database, oneline); + if (r < 0) + log_error("Failed to list catalog: %s", strerror(-r)); + } - if (arg_action == ACTION_UPDATE_CATALOG) { - r = catalog_update(); goto finish; } - r = access_check(); - if (r < 0) - return EXIT_FAILURE; - if (arg_directory) r = sd_journal_open_directory(&j, arg_directory, 0); else @@ -1000,6 +1072,10 @@ int main(int argc, char *argv[]) { return EXIT_FAILURE; } + r = access_check(j); + if (r < 0) + return EXIT_FAILURE; + if (arg_action == ACTION_VERIFY) { r = verify(j); goto finish;