[systemd-devel] Journalctl and sshd disconnects

[Lennart Poettering]

On Wed, 21.11.12 00:12, Jake Rooney (tehekaj at gmail.com) wrote:

> 
> Hi Lennart,
> 
> Thanks for the reply.
> 
> I can't understand the user-generated sshd log being put into it's own
> journal out of distrust, isn't that just paranoia?

Well there two sides to the medal here. We don't want that user data
spills into the system logs, but more importantly we want to allow users
to access their own logs without necessarily getting access to the
system logs. Hence we give every user his own log files whith
appropriate file system ACLs. 

> As for the _EXE and _COMM 'race' issue you mentioned; are you really
> sure that's a kernel problem..? I'm not clear enough (or qualified
> enough) on the internals to speculate, but it sounds more like a
> mishandling on systemd's behalf...

It needs to be fixed in the kernel. It's a race, we cannot work-around
in userspace sanely, hence we should fix it in the kernel.

> Also: I'd really like to see regular expression capability built into
> journalctl :)

That's really hard to index for, hence we kinda assume that if people
want to do that they just use grep as a Unix filter on top.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.