[systemd-commits] 2 commits - src/journal
Lennart Poettering
lennart at kemper.freedesktop.org
Tue Mar 5 06:02:44 PST 2013
src/journal/journald-server.c | 26 +++++++++-----------------
1 file changed, 9 insertions(+), 17 deletions(-)
New commits:
commit fc7b7e2e74ed0c4ce2bda91d693240c9dcd0d526
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Mar 5 15:02:38 2013 +0100
journald: stpcpy() + mempcpy() are awesome
diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
index c1ec0fa..654f7ac 100644
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@@ -620,9 +620,7 @@ static void dispatch_message_real(
if (label) {
selinux_context = malloc(sizeof("_SELINUX_CONTEXT=") + label_len);
if (selinux_context) {
- memcpy(selinux_context, "_SELINUX_CONTEXT=", sizeof("_SELINUX_CONTEXT=")-1);
- memcpy(selinux_context+sizeof("_SELINUX_CONTEXT=")-1, label, label_len);
- selinux_context[sizeof("_SELINUX_CONTEXT=")-1+label_len] = 0;
+ *((char*) mempcpy(stpcpy(selinux_context, "_SELINUX_CONTEXT="), label, label_len)) = 0;
IOVEC_SET_STRING(iovec[n++], selinux_context);
}
} else {
@@ -632,7 +630,6 @@ static void dispatch_message_real(
selinux_context = strappend("_SELINUX_CONTEXT=", con);
if (selinux_context)
IOVEC_SET_STRING(iovec[n++], selinux_context);
-
freecon(con);
}
}
commit 82499507b369fea3033a74c22813bf423301aef4
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Mar 5 14:36:57 2013 +0100
journald: drop splitting-by-audit entirely
Thinking about it we should probably not hide bugs by falling back to
audit when we have our own session information anyway.
diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
index b46a2f6..c1ec0fa 100644
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@@ -515,8 +515,8 @@ static void dispatch_message_real(
sd_id128_t id;
int r;
char *t;
- uid_t loginuid = 0, realuid = 0, owner = 0, journal_uid;
- bool loginuid_valid = false, owner_valid = false;
+ uid_t realuid = 0, owner = 0, journal_uid;
+ bool owner_valid = false;
assert(s);
assert(iovec);
@@ -525,6 +525,7 @@ static void dispatch_message_real(
if (ucred) {
uint32_t audit;
+ uid_t loginuid;
realuid = ucred->uid;
@@ -570,11 +571,9 @@ static void dispatch_message_real(
IOVEC_SET_STRING(iovec[n++], audit_session);
r = audit_loginuid_from_pid(ucred->pid, &loginuid);
- if (r >= 0) {
- loginuid_valid = true;
+ if (r >= 0)
if (asprintf(&audit_loginuid, "_AUDIT_LOGINUID=%lu", (unsigned long) loginuid) >= 0)
IOVEC_SET_STRING(iovec[n++], audit_loginuid);
- }
t = shortened_cgroup_path(ucred->pid);
if (t) {
@@ -672,18 +671,14 @@ static void dispatch_message_real(
if (s->split_mode == SPLIT_UID && realuid > 0)
/* Split up strictly by any UID */
journal_uid = realuid;
- else if (s->split_mode == SPLIT_LOGIN && owner_valid && owner > 0 && realuid > 0)
+ else if (s->split_mode == SPLIT_LOGIN && realuid > 0 && owner_valid && owner > 0)
/* Split up by login UIDs, this avoids creation of
* individual journals for system UIDs. We do this
* only if the realuid is not root, in order not to
- * accidentally leak privileged information logged by
- * a privileged process that is part of an
- * unprivileged session to the user. */
+ * accidentally leak privileged information to the
+ * user that is logged by a privileged process that is
+ * part of an unprivileged session.*/
journal_uid = owner;
- else if (s->split_mode == SPLIT_LOGIN && loginuid_valid && loginuid > 0 && realuid > 0)
- /* Hmm, let's try via the audit uids, as fallback,
- * just in case */
- journal_uid = loginuid;
else
journal_uid = 0;
More information about the systemd-commits
mailing list