[systemd-commits] 2 commits - src/journal
Zbigniew Jędrzejewski-Szmek
zbyszek at kemper.freedesktop.org
Sun Mar 8 08:15:53 PDT 2015
src/journal/journalctl.c | 25 +++++++++++--------------
src/journal/sd-journal.c | 2 +-
2 files changed, 12 insertions(+), 15 deletions(-)
New commits:
commit 7b300be75e6d5755778dd7da63e7147866f21351
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Sun Mar 8 11:11:50 2015 -0400
sd-journal: return error when we cannot open a file
Lack of this caused journalctl not to display a hint about missing groups
properly when the user lacks permissions.
diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c
index 9b57e59..9b9e8ac 100644
--- a/src/journal/sd-journal.c
+++ b/src/journal/sd-journal.c
@@ -1248,7 +1248,7 @@ static int add_file(sd_journal *j, const char *prefix, const char *filename) {
r = add_any_file(j, path);
if (r == -ENOENT)
return 0;
- return 0;
+ return r;
}
static int remove_file(sd_journal *j, const char *prefix, const char *filename) {
commit 05c1853093d8c4e4aa16876b5129b65dac5abd01
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Sun Mar 8 11:04:59 2015 -0400
journalctl: update hint now that we set ACL everywhere
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
index 56435ff..2b0e00e 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -1539,10 +1539,17 @@ static int access_check_var_log_journal(sd_journal *j) {
have_access = in_group("systemd-journal") > 0;
if (!have_access) {
+ const char* dir;
+
+ if (access("/run/log/journal", F_OK) >= 0)
+ dir = "/run/log/journal";
+ else
+ dir = "/var/log/journal";
+
/* Let's enumerate all groups from the default ACL of
* the directory, which generally should allow access
* to most journal files too */
- r = search_acl_groups(&g, "/var/log/journal/", &have_access);
+ r = search_acl_groups(&g, dir, &have_access);
if (r < 0)
return r;
}
@@ -1568,7 +1575,7 @@ static int access_check_var_log_journal(sd_journal *j) {
return log_oom();
log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
- " Users in the groups '%s' can see all messages.\n"
+ " Users in groups '%s' can see all messages.\n"
" Pass -q to turn off this notice.", s);
}
}
@@ -1592,18 +1599,8 @@ static int access_check(sd_journal *j) {
if (set_contains(j->errors, INT_TO_PTR(-EACCES))) {
#ifdef HAVE_ACL
- /* If /var/log/journal doesn't even exist,
- * unprivileged users have no access at all */
- if (access("/var/log/journal", F_OK) < 0 &&
- geteuid() != 0 &&
- in_group("systemd-journal") <= 0) {
- log_error("Unprivileged users cannot access messages, unless persistent log storage is\n"
- "enabled. Users in the 'systemd-journal' group may always access messages.");
- return -EACCES;
- }
-
- /* If /var/log/journal exists, try to pring a nice
- notice if the user lacks access to it */
+ /* If /run/log/journal or /var/log/journal exist, try
+ to pring a nice notice if the user lacks access to it. */
if (!arg_quiet && geteuid() != 0) {
r = access_check_var_log_journal(j);
if (r < 0)
More information about the systemd-commits
mailing list