[systemd-devel] setroubleshoot integration.
Lennart Poettering
lennart at poettering.net
Fri Jan 11 12:03:52 PST 2013
On Wed, 09.01.13 22:52, Zbigniew Jędrzejewski-Szmek (zbyszek at in.waw.pl) wrote:
> > > We'd define a new special field OBJECT_PID. If this is included in a
> > > message, and that message comes from a privileged service, then journald
> > > will automatically add in OBJECT_EXE, OBJECT_UID, OBJECT_COMM, OBJECT_UNIT
> > > ... from /proc.
> OK, that would work too. How is "a privileged service" defined?
As "not from a session cgroup" maybe? That would allow system services
that run under their own UID to make use of this functionality but
disallows this for user code. The same check is also used for splitting
off user journals: instead of simply splitting things up by UID we only
split up if the process has a session assigned, so that avahi and
friends (which run as avahi user) end up storing their stuff in the
system journal.
Lennart
--
Lennart Poettering - Red Hat, Inc.
More information about the systemd-devel
mailing list